From 1b7401488933f031a68dfe929b25db86279b52d2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 15 Feb 2016 18:12:06 +0100 Subject: First untested part: Refactor authentication modules and process management to Spring --- .../auth/modules/internal/BKUSelection.process.xml | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml (limited to 'id/server/idserverlib/src/main/resources/at') diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml new file mode 100644 index 000000000..b61ee5f2d --- /dev/null +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From c9370266c7553db65e9d18f7fe2a0230ab94d912 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Feb 2016 11:02:55 +0100 Subject: refactor authentication process to use service-provider configuration from pending-request --- .../conf/moa-id/htmlTemplates/loginFormFull.html | 8 +- .../moa/id/auth/MOAIDAuthConstants.java | 6 + .../id/auth/builder/AuthenticationDataBuilder.java | 4 +- .../builder/CreateXMLSignatureRequestBuilder.java | 16 +- .../moa/id/auth/data/AuthenticationSession.java | 352 +-------------------- .../id/auth/modules/AbstractAuthServletTask.java | 51 +++ .../tasks/CreateInterfedeartionRequestTask.java | 3 +- .../internal/tasks/EvaluateBKUSelectionTask.java | 5 +- .../tasks/GenerateBKUSelectionFrameTask.java | 2 +- .../StartAuthentificationParameterParser.java | 239 ++++++-------- .../id/auth/servlet/IDPSingleLogOutServlet.java | 4 +- .../moa/id/config/auth/IOAAuthParameters.java | 7 + .../moa/id/moduls/AuthenticationManager.java | 3 +- .../egovernment/moa/id/moduls/IRequestStorage.java | 3 +- .../egovernment/moa/id/moduls/RequestStorage.java | 14 +- .../id/protocols/pvp2x/AttributQueryAction.java | 2 +- .../id/protocols/pvp2x/PVPTargetConfiguration.java | 11 +- .../builder/assertion/PVP2AssertionBuilder.java | 27 +- .../pvp2x/requestHandler/AuthnRequestHandler.java | 2 +- .../moa/id/storage/DBTransactionStorage.java | 88 ++++-- .../moa/id/storage/ITransactionStorage.java | 15 +- .../auth/modules/internal/BKUSelection.process.xml | 6 +- .../main/resources/moaid.authentication.beans.xml | 3 + .../resources/templates/loginFormFull.html | 8 +- .../moa/id/auth/AuthenticationServer.java | 231 ++++---------- .../AuthenticationBlockAssertionBuilder.java | 47 +-- .../internal/tasks/CertificateReadRequestTask.java | 3 + .../internal/tasks/CreateIdentityLinkFormTask.java | 45 +-- .../modules/internal/tasks/GetForeignIDTask.java | 53 +--- .../internal/tasks/GetMISSessionIDTask.java | 58 +--- .../tasks/InitializeBKUAuthenticationTask.java | 30 +- .../tasks/PrepareAuthBlockSignatureTask.java | 59 +--- .../internal/tasks/PrepareGetMISMandateTask.java | 64 +--- .../tasks/VerifyAuthenticationBlockTask.java | 107 ++----- .../internal/tasks/VerifyCertificateTask.java | 79 +---- .../internal/tasks/VerifyIdentityLinkTask.java | 53 +--- .../CreateXMLSignatureResponseValidator.java | 35 +- .../attributes/OAuth20AttributeBuilder.java | 29 +- .../oauth20/attributes/OpenIdNonceAttribute.java | 5 +- .../oauth20/protocol/OAuth20AuthAction.java | 5 +- .../oauth20/protocol/OAuth20AuthRequest.java | 52 ++- .../oauth20/protocol/OAuth20Protocol.java | 15 +- .../moa/id/protocols/saml1/GetArtifactAction.java | 6 +- .../protocols/saml1/SAML1AuthenticationServer.java | 51 +-- .../moa/id/protocols/saml1/SAML1Protocol.java | 146 +++++---- .../moa/id/protocols/saml1/SAML1RequestImpl.java | 32 +- 46 files changed, 667 insertions(+), 1417 deletions(-) (limited to 'id/server/idserverlib/src/main/resources/at') diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index 2b0115d4a..af133525e 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -674,7 +674,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function bkuHandyClicked() { @@ -691,7 +691,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function storkClicked() { @@ -714,7 +714,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function generateIFrame(iFrameURL) { @@ -876,7 +876,7 @@ type="hidden" name="ccc" id="ccc"> + name="pendingid" value="#SESSIONID#"> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 082ebcdcd..d76021bbd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -177,4 +177,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String PROCESSCONTEXT_INTERFEDERATION_ENTITYID = "interfederationIDPEntityID"; public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication"; + //General protocol-request data-store keys + public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target"; + public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName"; + public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate"; + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 5bde82899..2f882f41e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -198,7 +198,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { IOAAuthParameters oaParam = null; if (reqAttributes == null) { //get OnlineApplication from MOA-ID-Auth configuration - oaParam = authConfig.getOnlineApplicationParameter(oaID); + oaParam = protocolRequest.getOnlineApplicationConfiguration(); //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway if (oaParam.isSTORKPVPGateway()) @@ -879,7 +879,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - authData.setIssuer(session.getAuthURL()); + authData.setIssuer(protocolRequest.getAuthURL()); //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index bbbfacbd1..e763c5355 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -50,9 +50,10 @@ import java.text.MessageFormat; import java.util.Calendar; import java.util.List; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; @@ -156,7 +157,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param session current session * @return String representation of <CreateXMLSignatureRequest> */ - public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + public String buildForeignID(String subject, IRequest pendingReq) { String request = ""; request += ""; @@ -165,7 +166,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; - request += buildForeignIDTextToBeSigned(subject, oaParam, session); + request += buildForeignIDTextToBeSigned(subject,pendingReq); request += ""; request += ""; @@ -180,9 +181,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants { return request; } - public static String buildForeignIDTextToBeSigned(String subject, OAAuthParameter oaParam, AuthenticationSession session) { - - String target = session.getTarget(); + public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) { + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + String target = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); Calendar cal = Calendar.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 3849eb8a2..196415ddc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -75,53 +75,12 @@ public class AuthenticationSession implements Serializable { private String sessionID; private Date sessionCreated = null; - - /** - * "Geschäftsbereich" the online application belongs to; maybe null if the - * online application is a business application - */ - private String target; - /** - * Friendly name for the target, if target is configured via MOA-ID configuration - */ - private String targetFriendlyName; - - /** - * SourceID - */ - private String sourceID; - - /** - * public online application URL requested - */ - private String oaURLRequested; - /** - * public online application URL prefix - */ - private String oaPublicURLPrefix; - /** - * URL of MOA ID authentication component - */ - private String authURL; - /** - * HTML template URL - */ - private String templateURL; - + /** * URL of the BKU */ private String bkuURL; - /** - * Indicates whether the corresponding online application is a business service or not - */ - private boolean businessService; - - /** - * Indicates whether the corresponding online application is a stork service or not - */ - private boolean storkService; // Store Mandate /** @@ -131,11 +90,6 @@ public class AuthenticationSession implements Serializable { private boolean isOW = false; - /** - * STORK - */ - private String ccc; - /** * * Mandate element @@ -158,12 +112,6 @@ public class AuthenticationSession implements Serializable { */ private IdentityLink identityLink; - // /** - // * timestamp logging when identity link has been received - // */ - // private Date timestampIdentityLink; - - // store Authblock /** * authentication block to be signed by the user */ @@ -176,11 +124,9 @@ public class AuthenticationSession implements Serializable { */ private String issueInstant; - // Signer certificate /** * Signer certificate of the foreign citizen or for mandate mode */ - // private X509Certificate signerCertificate; private byte[] signerCertificate; /** @@ -200,26 +146,8 @@ public class AuthenticationSession implements Serializable { * the AUTHBlock. */ private List extendedSAMLAttributesAUTH; - -// /** -// * If infobox validators are needed after signing, they can be stored in this list. -// */ -// private List infoboxValidators; - - /** - * The register and number in the register parameter in case of a business service application. - */ - private String domainIdentifier; - - /** - * This string contains all identifiers of infoboxes, the online application is configured to - * accept. The infobox identifiers are comma separated. - */ - private String pushInfobox; - + private boolean authenticated; - - private boolean ssoRequested = false; private String QAALevel = null; @@ -228,15 +156,8 @@ public class AuthenticationSession implements Serializable { private boolean isForeigner; private Map genericSessionDataStorate = new HashedMap(); - - public boolean isAuthenticated() { - return authenticated; - } - - public void setAuthenticated(boolean authenticated) { - this.authenticated = authenticated; - } - + + /** * Constructor for AuthenticationSession. * @@ -249,6 +170,14 @@ public class AuthenticationSession implements Serializable { } + public boolean isAuthenticated() { + return authenticated; + } + + public void setAuthenticated(boolean authenticated) { + this.authenticated = authenticated; + } + public X509Certificate getSignerCertificate() { try { return new X509Certificate(signerCertificate); @@ -310,24 +239,6 @@ public class AuthenticationSession implements Serializable { this.sessionID = sessionId; } - /** - * Returns the oaURLRequested. - * - * @return String - */ - public String getOAURLRequested() { - return oaURLRequested; - } - - /** - * Returns the oaURLRequested. - * - * @return String - */ - public String getPublicOAURLPrefix() { - return oaPublicURLPrefix; - } - /** * Returns the BKU URL. * @@ -336,54 +247,7 @@ public class AuthenticationSession implements Serializable { public String getBkuURL() { return bkuURL; } - - /** - * Returns the target. - * - * @return String - */ - public String getTarget() { - return target; - } - - /** - * Returns the sourceID. - * - * @return String - */ - public String getSourceID() { - return sourceID; - } - - /** - * Returns the target friendly name. - * - * @return String - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the oaURLRequested. - * - * @param oaURLRequested - * The oaURLRequested to set - */ - public void setOAURLRequested(String oaURLRequested) { - this.oaURLRequested = oaURLRequested; - } - - /** - * Sets the oaPublicURLPrefix - * - * @param oaPublicURLPrefix - * The oaPublicURLPrefix to set - */ - public void setPublicOAURLPrefix(String oaPublicURLPrefix) { - this.oaPublicURLPrefix = oaPublicURLPrefix; - } - + /** * Sets the bkuURL * @@ -393,63 +257,7 @@ public class AuthenticationSession implements Serializable { public void setBkuURL(String bkuURL) { this.bkuURL = bkuURL; } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * - * @param target - * The target to set - */ - public void setTarget(String target) { - if (target != null && target.startsWith(TARGET_PREFIX_)) { - // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove - // prefix - this.target = target.substring(TARGET_PREFIX_.length()); - Logger.debug("Target prefix stripped off; resulting target: " + this.target); - } else { - this.target = target; - } - } - - /** - * Sets the sourceID - * - * @param sourceID - * The sourceID to set - */ - public void setSourceID(String sourceID) { - this.sourceID = sourceID; - } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * - * @param target - * The target to set - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - /** - * Returns the authURL. - * - * @return String - */ - public String getAuthURL() { - return authURL; - } - - /** - * Sets the authURL. - * - * @param authURL - * The authURL to set - */ - public void setAuthURL(String authURL) { - this.authURL = authURL; - } - + /** * Returns the authBlock. * @@ -469,61 +277,6 @@ public class AuthenticationSession implements Serializable { this.authBlock = authBlock; } - /** - * Returns the businessService. - * - * @return true if the corresponding online application is a business application, - * otherwise false - */ - public boolean getBusinessService() { - return businessService; - } - - /** - * Sets the businessService variable. - * - * @param businessService - * the value for setting the businessService variable. - */ - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - - /** - * Returns the storkService. - * - * @return true if the corresponding online application is a stork application, - * otherwise false - */ - public boolean getStorkService() { - return storkService; - } - - /** - * Sets the storkService variable. - * - * @param storkService - * the value for setting the storkService variable. - */ - public void setStorkService(boolean storkService) { - this.storkService = storkService; - } - - /** - * @return template URL - */ - public String getTemplateURL() { - return templateURL; - } - - /** - * @param string - * the template URL - */ - public void setTemplateURL(String string) { - templateURL = string; - } /** * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. @@ -610,54 +363,6 @@ public class AuthenticationSession implements Serializable { public void setIssueInstant(String issueInstant) { this.issueInstant = issueInstant; } - - /** - * Returns domain identifier (the register and number in the register parameter). - * null in the case of not a business service. - * - * @return the domainIdentifier - */ - public String getDomainIdentifier() { - return domainIdentifier; - } - - /** - * Sets the register and number in the register parameter if the application is a business - * service. If the domain identifier includes the registerAndOrdNr prefix, the prefix will be - * stripped off. - * - * @param domainIdentifier - * the domain identifier to set - */ - public void setDomainIdentifier(String domainIdentifier) { - if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); - } else { - this.domainIdentifier = domainIdentifier; - } - } - - /** - * Gets all identifiers of infoboxes, the online application is configured to accept. The - * infobox identifiers are comma separated. - * - * @return the string containing infobox identifiers - */ - public String getPushInfobox() { - if (pushInfobox == null) return ""; - return pushInfobox; - } - - /** - * @param pushInfobox - * the infobox identifiers to set (comma separated) - */ - public void setPushInfobox(String pushInfobox) { - this.pushInfobox = pushInfobox; - } /** * @@ -713,15 +418,7 @@ public class AuthenticationSession implements Serializable { public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } - - public String getCcc() { - return ccc; - } - - public void setCcc(String ccc) { - this.ccc = ccc; - } - + public boolean isForeigner() { return isForeigner; } @@ -745,24 +442,7 @@ public class AuthenticationSession implements Serializable { public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } - - /** - * @return the ssoRequested - */ - - // TODO: SSO only allowed without mandates, actually!!!!!! - public boolean isSsoRequested() { - return ssoRequested && !useMandate; - } - - /** - * @param ssoRequested - * the ssoRequested to set - */ - public void setSsoRequested(boolean ssoRequested) { - this.ssoRequested = ssoRequested; - } - + /** * @return the isOW */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index a73fd6858..66f91266f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -7,6 +7,7 @@ import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACH import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -29,19 +30,24 @@ import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.IRequestStorage; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.springweb.MoaIdTask; import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; @@ -66,6 +72,51 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { protected static final String ERROR_CODE_PARAM = "errorid"; + protected IRequest pendingReq = null; + protected AuthenticationSession moasession = null; + + protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException { + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID), + req.getParameter(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } + protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index f1ab58ee0..053f5d7ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; @@ -103,7 +104,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { try { OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID); - OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL()); + IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration(); String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index fe3e8680c..9db5baeab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -56,7 +56,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { throws TaskExecutionException { try { //load pending request - String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); + String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID); IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); @@ -86,7 +86,8 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { Enumeration reqParamNames = request.getParameterNames(); while(reqParamNames.hasMoreElements()) { String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName)) + if (MiscUtil.isNotEmpty(paramName) && + !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) executionContext.put(paramName, request.getParameter(paramName)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 1bdc132d9..cb0b63276 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -80,7 +80,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { if (publicURLPreFix.endsWith("/")) publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(), - pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID); + pendingReq.requestedAction(), oaParam, publicURLPreFix, pendingReq.getRequestID()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 8af8ed238..3699633bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -27,6 +27,8 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -34,8 +36,8 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -44,9 +46,12 @@ import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +@Service("StartAuthentificationParameterParser") public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ - public static void parse(AuthenticationSession moasession, + @Autowired AuthConfiguration authConfig; + + public void parse(AuthenticationSession moasession, String target, String oaURL, String bkuURL, @@ -57,30 +62,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ IRequest protocolReq) throws WrongParametersException, MOAIDException { String targetFriendlyName = null; - -// String sso = req.getParameter(PARAM_SSO); - + // escape parameter strings target = StringEscapeUtils.escapeHtml(target); - //oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); useMandate = StringEscapeUtils.escapeHtml(useMandate); ccc = StringEscapeUtils.escapeHtml(ccc); - // sso = StringEscapeUtils.escapeHtml(sso); - - // check parameter - - //pvp2.x can use general identifier (equals oaURL in SAML1) -// if (!ParamValidatorUtils.isValidOA(oaURL)) -// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + //validate parameters if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); -// if (!ParamValidatorUtils.isValidUseMandate(sso)) -// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12"); + //check UseMandate flag String useMandateString = null; @@ -100,161 +95,98 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //load OnlineApplication configuration - OAAuthParameter oaParam; - if (moasession.getPublicOAURLPrefix() != null) { - Logger.debug("Loading OA parameters for PublicURLPrefix: " + moasession.getPublicOAURLPrefix()); - oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter( - moasession.getPublicOAURLPrefix()); - - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { moasession.getPublicOAURLPrefix() }); - - } else { - oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); - - if (oaParam == null) + IOAAuthParameters oaParam = protocolReq.getOnlineApplicationConfiguration(); + if (oaParam == null) throw new AuthenticationException("auth.00", - new Object[] { oaURL }); + new Object[] { protocolReq.getOAURL() }); - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(targetConfig) - || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && - !StringUtils.isEmpty(target)) - ) { - //INFO: ONLY SAML1 legacy mode - // if SAML1 is used and target attribute is given in request - // use requested target - // check target parameter - if (!ParamValidatorUtils.isValidTarget(target)) { - Logger.error("Selected target is invalid. Using target: " + target); - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } - if (MiscUtil.isNotEmpty(targetConfig)) - targetFriendlyName = targetFriendlyNameConfig; + if (!oaParam.getBusinessService()) { + if (StringUtils.isEmpty(targetConfig) + || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && + !StringUtils.isEmpty(target)) + ) { + //INFO: ONLY SAML1 legacy mode + // if SAML1 is used and target attribute is given in request + // use requested target + // check target parameter + if (!ParamValidatorUtils.isValidTarget(target)) { + Logger.error("Selected target is invalid. Using target: " + target); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + } + if (MiscUtil.isNotEmpty(targetConfig)) + targetFriendlyName = targetFriendlyNameConfig; + + else { + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + if (MiscUtil.isNotEmpty(sectorName)) + targetFriendlyName = sectorName; else { - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); - if (MiscUtil.isNotEmpty(sectorName)) - targetFriendlyName = sectorName; - - else { - //check target contains subSector - int delimiter = target.indexOf("-"); - if (delimiter > 0) { - targetFriendlyName = - TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter)); - - } - } - } - - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; + //check target contains subSector + int delimiter = target.indexOf("-"); + if (delimiter > 0) { + targetFriendlyName = + TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter)); + + } + } } - moasession.setTarget(target); - moasession.setTargetFriendlyName(targetFriendlyName); - + } else { - Logger.debug("Business: " + moasession.getBusinessService() + " stork: " + moasession.getStorkService()); - moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; } + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); -// //check useSSO flag -// String useSSOString = null; -// boolean useSSOBoolean = false; -// if ((sso != null) && (sso.compareTo("") != 0)) { -// useSSOString = sso; -// } else { -// useSSOString = "false"; -// } - // -// if (useSSOString.compareToIgnoreCase("true") == 0) -// useSSOBoolean = true; -// else -// useSSOBoolean = false; - - //moasession.setSsoRequested(useSSOBoolean); - moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!! + protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, target); + protocolReq.setGenericDataToSession( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, targetFriendlyName); + Logger.debug("Service-Provider is of type 'PublicService' with DomainIdentifier:" + target); + + } else { + Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier()); - //Validate BKU URI - List allowedbkus = oaParam.getBKUURL(); - allowedbkus.addAll(AuthConfigurationProviderFactory.getInstance().getDefaultBKUURLs()); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - - moasession.setBkuURL(bkuURL); - - if ((!oaParam.getBusinessService())) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - - } else { - if (useMandateBoolean) { - Logger.error("Online-Mandate Mode for business application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for business application not supported."); + throw new AuthenticationException("auth.17", null); } - moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moasession.setBusinessService(oaParam.getBusinessService()); - - //moasession.setStorkService(oaParam.getStorkService()); - } - - //check OnlineApplicationURL - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); - moasession.setOAURLRequested(oaURL); - - //check AuthURL - String authURL = protocolReq.getAuthURL(); - if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed()) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - - //set Auth URL from configuration - moasession.setAuthURL(authURL); - - //check and set SourceID - if (oaParam.getSAML1Parameter() != null) { - String sourceID = oaParam.getSAML1Parameter().getSourceID(); - if (MiscUtil.isNotEmpty(sourceID)) - moasession.setSourceID(sourceID); } - + + //Validate BKU URI + List allowedbkus = oaParam.getBKUURL(); + allowedbkus.addAll(authConfig.getDefaultBKUURLs()); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + moasession.setBkuURL(bkuURL); + + //validate securityLayer-template if (MiscUtil.isEmpty(templateURL)) { List templateURLList = oaParam.getTemplateURL(); List defaulTemplateURLList = - AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(); + authConfig.getSLRequestTemplates(); if ( templateURLList != null && templateURLList.size() > 0 && MiscUtil.isNotEmpty(templateURLList.get(0)) ) { templateURL = FileUtils.makeAbsoluteURL( oaParam.getTemplateURL().get(0), - AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); + authConfig.getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")"); } else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) { templateURL = FileUtils.makeAbsoluteURL( defaulTemplateURLList.get(0), - AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); + authConfig.getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + templateURL + ")"); } else { @@ -267,13 +199,22 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - moasession.setTemplateURL(templateURL); - - moasession.setCcc(ccc); - + protocolReq.setGenericDataToSession( + MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, + templateURL); + + + //validate SSO functionality + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) { + //do not use SSO if no Target is set + Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + protocolReq.setNeedSingleSignOnFunctionality(false); + + } } - public static void parse(ExecutionContext ec, HttpServletRequest req, + public void parse(ExecutionContext ec, HttpServletRequest req, AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { //get Parameters from request @@ -294,7 +235,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ oaURL = request.getOAURL(); //only needed for SAML1 - String target = request.getGenericData("target", String.class); + String target = request.getGenericData("saml1_target", String.class); parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request); @@ -307,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ * parameter * @return true if the parameter is null or empty */ - private static boolean isEmpty(String param) { + private boolean isEmpty(String param) { return param == null || param.length() == 0; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 48292cee1..87d41dbf1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -110,10 +110,10 @@ public class IDPSingleLogOutServlet extends AbstractController { ssoManager.printSingleLogOutInfo(context, resp); } catch (MOAIDException e) { - handleErrorNoRedirect(e, req, resp); + handleErrorNoRedirect(e, req, resp, false); } catch (MOADatabaseException e) { - handleErrorNoRedirect(e, req, resp); + handleErrorNoRedirect(e, req, resp, false); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 7f0a1c157..58034cc7b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -66,6 +66,11 @@ public interface IOAAuthParameters { public boolean getBusinessService(); + /** + * Get target of a public service-provider + * + * @return target identifier without prefix + */ public String getTarget(); public String getTargetFriendlyName(); @@ -77,6 +82,8 @@ public interface IOAAuthParameters { public boolean isRemovePBKFromAuthBlock(); /** + * Return the private-service domain-identifier with PreFix + * * @return the identityLinkDomainIdentifier */ public String getIdentityLinkDomainIdentifier(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index b6df5e5c6..4131e49fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -496,6 +496,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { AuthenticationSession moasession; try { moasession = authenticatedSessionStore.createSession(pendingReq); + pendingReq.setMOASessionIdentifier(moasession.getSessionID()); } catch (MOADatabaseException e1) { Logger.error("Database Error! MOASession can not be created!"); @@ -514,7 +515,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { boolean leagacyMode = (legacyallowed && legacyparamavail); executionContext.put("isLegacyRequest", leagacyMode); - executionContext.put("performBKUSelection", leagacyMode + executionContext.put("performBKUSelection", !leagacyMode && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); //add leagcy parameters to context diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java index 6f46edce3..d26af89a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.moduls; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; /** * @author tlenz @@ -36,6 +37,6 @@ public interface IRequestStorage { public void removePendingRequest(String requestID); - public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException; + public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index 66ca42398..c49df43fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -44,14 +44,19 @@ public class RequestStorage implements IRequestStorage{ try { IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class); - + if (pendingRequest == null) { + Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID); + return null; + + } + //set transactionID and sessionID to Logger TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier()); return pendingRequest; - } catch (MOADatabaseException e) { + } catch (MOADatabaseException | NullPointerException e) { Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID); return null; @@ -106,16 +111,17 @@ public class RequestStorage implements IRequestStorage{ * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest) */ @Override - public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException { + public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException { if (pendingRequest instanceof RequestImpl) { String newRequestID = Random.nextRandom(); + String oldRequestID = pendingRequest.getRequestID(); Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID() + " to " + newRequestID); ((RequestImpl)pendingRequest).setRequestID(newRequestID); - storePendingRequest(pendingRequest); + transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest); return newRequestID; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index c9a34496a..36145375b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -107,7 +107,7 @@ public class AttributQueryAction implements IAction { List attrList = addDefaultAttributes(attrQuery, authData); //build PVP 2.1 assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(req.getAuthURL(), attrQuery, attrList, authData, date, authData.getSessionIndex()); + Assertion assertion = PVP2AssertionBuilder.buildAssertion(req, attrQuery, attrList, authData, date, authData.getSessionIndex()); //build PVP 2.1 response Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 07367e1d0..181e89806 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -36,8 +36,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; @@ -98,9 +96,7 @@ public class PVPTargetConfiguration extends RequestImpl { for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) reqAttr.put(el, ""); - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - + try { SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS); if (spSSODescriptor.getAttributeConsumingServices() != null && spSSODescriptor.getAttributeConsumingServices().size() > 0) { @@ -136,15 +132,12 @@ public class PVPTargetConfiguration extends RequestImpl { reqAttr.put(attr.getName(), ""); } - return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); + return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); } catch (NoMetadataInformationException e) { Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); return null; - } catch (ConfigurationException e) { - Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); - return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 065118e2b..208cd67f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -55,7 +55,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.w3c.dom.Element; - import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; @@ -64,21 +63,18 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.id.util.QAALevelVerifier; @@ -90,7 +86,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class PVP2AssertionBuilder implements PVPConstants { - public static Assertion buildAssertion(String authURL, AttributeQuery attrQuery, + public static Assertion buildAssertion(IRequest pendingReq, AttributeQuery attrQuery, List reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException { @@ -136,12 +132,12 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = null; - return buildGenericAssertion(authURL, attrQuery.getIssuer().getValue(), date, + return buildGenericAssertion(pendingReq, attrQuery.getIssuer().getValue(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, new DateTime(authData.getSsoSessionValidTo().getTime())); } - public static Assertion buildAssertion(String authURL, AuthnRequest authnRequest, + public static Assertion buildAssertion(PVPTargetConfiguration pendingReq, AuthnRequest authnRequest, IAuthData authData, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) throws MOAIDException { @@ -153,9 +149,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter( - peerEntity.getEntityID()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (reqAuthnContext == null) { authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); @@ -416,12 +410,12 @@ public class PVP2AssertionBuilder implements PVPConstants { sloInformation.setNameIDFormat(subjectNameID.getFormat()); sloInformation.setSessionIndex(sessionIndex); - return buildGenericAssertion(authURL, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); + return buildGenericAssertion(pendingReq, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); } /** * - * @param authURL IDP PublicURL PreFix + * @param pendingReq IDP PublicURL PreFix * @param entityID Service Provider EntityID * @param date * @param authnContextClassRef @@ -434,7 +428,7 @@ public class PVP2AssertionBuilder implements PVPConstants { * @throws ConfigurationException */ - private static Assertion buildGenericAssertion(String authURL, String entityID, DateTime date, + private static Assertion buildGenericAssertion(IRequest pendingReq, String entityID, DateTime date, AuthnContextClassRef authnContextClassRef, List attrList, NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, String sessionIndex, DateTime isValidTo) throws ConfigurationException { @@ -486,6 +480,7 @@ public class PVP2AssertionBuilder implements PVPConstants { Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + String authURL = pendingReq.getAuthURL(); if (authURL.endsWith("/")) authURL = authURL.substring(0, authURL.length()-1); issuer.setValue(authURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 974d90e11..4fbca5b13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -81,7 +81,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { SLOInformationImpl sloInformation = new SLOInformationImpl(); //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj.getAuthURL(), authnRequest, authData, + Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj, authnRequest, authData, peerEntity, date, consumerService, sloInformation); Response authResponse = AuthResponseBuilder.buildResponse(obj.getAuthURL(), authnRequest, date, assertion); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java index f33a7549c..ff631a720 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java @@ -53,28 +53,38 @@ public class DBTransactionStorage implements ITransactionStorage { } - public void put(String key, Object value) throws MOADatabaseException { - //setup AssertionStore element - AssertionStore element = new AssertionStore(); - element.setArtifact(key); - element.setType(value.getClass().getName()); - element.setDatatime(new Date()); - - //serialize the Assertion for Database storage - byte[] data = SerializationUtils.serialize((Serializable) value); - element.setAssertion(data); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.ITransactionStorage#changeKey(java.lang.String, java.lang.String, java.lang.Object) + */ + @Override + public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException { + //search if key already exists + AssertionStore element = searchInDatabase(oldKey); + if (element == null) { + Logger.info("No transaction-data with oldKey:" + oldKey + + " found. Process gets stopped."); + throw new MOADatabaseException("No transaction-data with oldKey:" + oldKey + + " found. Process gets stopped."); + + } - //store AssertionStore element to Database - try { - MOASessionDBUtils.saveOrUpdate(element); - Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database"); - } catch (MOADatabaseException e) { - Logger.warn("Sessioninformation could not be stored."); - throw new MOADatabaseException(e); + put(element, newKey, value); + + } + + public void put(String key, Object value) throws MOADatabaseException { + //search if key already exists + AssertionStore element = searchInDatabase(key); + + //create a new entry if key does not exists already + if (element == null) { + element = new AssertionStore(); + } + put(element, key, value); } - + public T get(String key, final Class clazz) throws MOADatabaseException { @@ -93,6 +103,9 @@ public class DBTransactionStorage implements ITransactionStorage { AssertionStore element = searchInDatabase(key); + if (element == null) + return null; + if (dataTimeOut > -1) { //check timeout long now = new Date().getTime(); @@ -155,13 +168,18 @@ public class DBTransactionStorage implements ITransactionStorage { try { AssertionStore element = searchInDatabase(key); + if (element == null) { + Logger.debug("Sessioninformation not removed! (Sessioninformation with ID=" + key + + "not found)"); + return; + } + cleanDelete(element); - Logger.info("Remove stored information with ID: " + key); + Logger.debug("Remove stored information with ID: " + key); } catch (MOADatabaseException e) { - Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key - + "not found)"); + Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")"); } catch (HibernateException e) { Logger.warn("Sessioninformation not removed! (Error during Database communication)", e); @@ -206,10 +224,34 @@ public class DBTransactionStorage implements ITransactionStorage { //Assertion requires an unique artifact if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No sessioninformation found with this ID"); + Logger.debug("No transaction information with ID:" + artifact + " found."); + return null; + } return (AssertionStore) result.get(0); } + + private void put(AssertionStore element, String key, Object value) throws MOADatabaseException { + element.setArtifact(key); + element.setType(value.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) value); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(element); + Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("Sessioninformation could not be stored."); + throw new MOADatabaseException(e); + + } + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java index d05689e68..48283d2b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java @@ -55,7 +55,7 @@ public interface ITransactionStorage { * * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key - * @return The transaction-data object from type class + * @return The transaction-data object from type class, or null * @throws MOADatabaseException In case of load operation failed */ public T get(String key, final Class clazz) throws MOADatabaseException; @@ -66,12 +66,23 @@ public interface ITransactionStorage { * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key * @param Data-object timeout in [ms] - * @return The transaction-data object from type class + * @return The transaction-data object from type class, or null * @throws MOADatabaseException In case of load operation failed * @throws AuthenticationException In case of data-object timeout occurs */ public T get(String key, final Class clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException; + + /** + * Change the key of a data object and store it under the new key + * + * @param oldKey Old key of the data object + * @param newKey New key, which should be used to store the data object + * @param value Data object which should be stored + * @throws MOADatabaseException In case of store operation failed + */ + public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException; + /** * Remove a data object from transaction storage * diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml index b61ee5f2d..307ba836a 100644 --- a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml @@ -5,9 +5,9 @@ - National authentication with Austrian Citizen Card and mobile signature with our without mandate. - Legacy authentication for foreign citizens using MOCCA supported signature cards. --> - - - + + + diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 05ceb65f4..82579977c 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -15,6 +15,9 @@ + + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 2b0115d4a..af133525e 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -674,7 +674,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function bkuHandyClicked() { @@ -691,7 +691,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function storkClicked() { @@ -714,7 +714,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function generateIFrame(iFrameURL) { @@ -876,7 +876,7 @@ type="hidden" name="ccc" id="ccc"> + name="pendingid" value="#SESSIONID#"> diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 065f3866b..21e7f2027 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -59,9 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -90,6 +88,7 @@ import iaik.x509.X509ExtensionInitException; public class AuthenticationServer extends BaseAuthenticationServer { @Autowired private MOAReversionLogger revisionsLogger; + @Autowired private AuthConfiguration authConfig; /** * Constructor for AuthenticationServer. @@ -142,40 +141,37 @@ public class AuthenticationServer extends BaseAuthenticationServer { } //load OnlineApplication configuration - OAAuthParameter oaParam = - authConfig.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); + throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()}); //load Template + String templateURL = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class); String template = null; - if (session.getTemplateURL() != null) { + if (MiscUtil.isNotEmpty(templateURL)) { try { - - template = new String(FileUtils.readURL(session.getTemplateURL())); + template = new String(FileUtils.readURL(templateURL)); + } catch (IOException ex) { throw new AuthenticationException("auth.03", new Object[]{ - session.getTemplateURL(), ex.toString()}, ex); + templateURL, ex.toString()}, ex); + } + + } else { + throw new AuthenticationException("auth.04", new Object[]{ + "SecurityLayerTemplate", "No template definde"}); + } String infoboxReadRequest = ""; - - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); - if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { - //do not use SSO if no Target is set - Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); - session.setSsoRequested(false); - - } - - if (session.isSsoRequested()) { + if (pendingReq.needSingleSignOnFunctionality()) { Logger.info("SSO Login requested"); //load identityLink with SSO Target boolean isbuisness = false; - + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); if (domainIdentifier.startsWith(PREFIX_WPBK)) { - isbuisness = true; } else { @@ -196,9 +192,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { } - + //build DataURL for BKU request String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); //removed in MOAID 2.0 String pushInfobox = ""; @@ -263,9 +259,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - // check if an identity link was found // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform // (SL1.2)) @@ -295,7 +288,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { IdentityLinkValidator.getInstance().validate(identityLink); // builds a for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(identityLink, authConf + .build(identityLink, authConfig .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); // invokes the call @@ -305,13 +298,12 @@ public class AuthenticationServer extends BaseAuthenticationServer { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + // validates the VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), + authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, oaParam); @@ -351,15 +343,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <CreateXMLSignatureRequest> */ - public String verifyCertificate(AuthenticationSession session, + public void verifyCertificate(AuthenticationSession session, X509Certificate certificate, IRequest pendingReq) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - // check if person is a Organwalter // if true - don't show bPK in AUTH Block try { @@ -375,16 +363,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setOW(false); } - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam, pendingReq); - - return returnvalue; } /** @@ -398,6 +376,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * layer implementation * * @param pendingReq + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -405,7 +384,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <CreateXMLSignatureRequest> */ - public void verifyMandate(AuthenticationSession session, MISMandate mandate) + public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { @@ -413,9 +392,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); try { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam @@ -442,8 +419,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { /** * @param session - * @param authConf - * @param oaParam * @param pendingReq * @return * @throws ConfigurationException @@ -451,26 +426,16 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws ValidateException */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfiguration authConf, - IOAAuthParameters oaParam, IRequest pendingReq) throws ConfigurationException, + AuthenticationSession session, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { - // // check for intermediate processing of the infoboxes - // if (session.isValidatorInputPending()) - // return "Redirect to Input Processor"; - - if (authConf == null) - authConf = authConfig; - if (oaParam == null) - oaParam = authConfig - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); // builds the - List transformsInfos = authConf.getTransformsInfos(); + List transformsInfos = authConfig.getTransformsInfos(); String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -483,112 +448,26 @@ public class AuthenticationServer extends BaseAuthenticationServer { *
    *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • *
+ * @param pendingReq * * @param sessionID ID of associated authentication session data * @param cert The certificate from the user * @return String representation of the * <CreateXMLSignatureRequest> */ - public String createXMLSignatureRequestForeignID(AuthenticationSession session, + public String createXMLSignatureRequestForeignID(IRequest pendingReq, X509Certificate cert) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, - cert); - } - - public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfiguration authConf, - OAAuthParameter oaParam, X509Certificate cert) - throws ConfigurationException { - - // // check for intermediate processing of the infoboxes - // if (session.isValidatorInputPending()) - // return "Redirect to Input Processor"; - - if (authConf == null) - authConf = authConfig; - if (oaParam == null) - oaParam = authConfig - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - Principal subject = cert.getSubjectDN(); String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .buildForeignID(subject.toString(), oaParam, session); + .buildForeignID(subject.toString(), pendingReq); return createXMLSignatureRequest; + } -// /** -// * Processes an <CreateXMLSignatureResponse> sent by the -// * security layer implementation.
-// *
    -// *
  • Validates given <CreateXMLSignatureResponse>
    • -// *
  • Parses response enclosed in -// * <CreateXMLSignatureResponse>
    • -// *
  • Verifies signature by calling the MOA SP component
    • -// *
  • Returns the signer certificate
    • -// *
-// * -// * @param sessionID ID of associated authentication session data -// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU -// * including the <CreateXMLSignatureResponse> -// * @throws BKUException -// */ -// public X509Certificate verifyXMLSignature(String sessionID, -// Map createXMLSignatureResponseParameters) -// throws AuthenticationException, BuildException, ParseException, -// ConfigurationException, ValidateException, ServiceException, BKUException { -// -// if (isEmpty(sessionID)) -// throw new AuthenticationException("auth.10", new Object[]{ -// REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); -// -// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters -// .get(PARAM_XMLRESPONSE); -// -// if (isEmpty(xmlCreateXMLSignatureResponse)) -// throw new AuthenticationException("auth.10", new Object[]{ -// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); -// -// AuthConfiguration authConf = AuthConfigurationProviderFactory -// .getInstance(); -// -// // parses the -// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( -// xmlCreateXMLSignatureResponse); -// CreateXMLSignatureResponse createXMLSignatureResponse = p -// .parseResponseDsig(); -// -// // builds a for a call of MOA-SP -// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() -// .buildDsig(createXMLSignatureResponse, authConf -// .getMoaSpAuthBlockTrustProfileID()); -// -// // invokes the call -// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() -// .verifyXMLSignature(domVerifyXMLSignatureRequest); -// -// // parses the -// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( -// domVerifyXMLSignatureResponse).parseData(); -// -// return verifyXMLSignatureResponse.getX509certificate(); -// -// } - /** * Processes an <CreateXMLSignatureResponse> sent by the * security layer implementation.
@@ -650,8 +529,16 @@ public class AuthenticationServer extends BaseAuthenticationServer { String identificationValue = null; String identificationType = null; + //get processing data from pending-request + String authURL = pendingReq.getAuthURL(); + String requestedTarget = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); + String targetFriendlyName = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); + + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested - if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + if (session.isOW() || pendingReq.needSingleSignOnFunctionality() || oaParam.isRemovePBKFromAuthBlock()) { identificationType = ""; identificationValue = ""; @@ -668,11 +555,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { else identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - } else { + } else { String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); + .getIdentificationValue(), requestedTarget); identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + identificationType = Constants.URN_PREFIX_CDID + "+" + requestedTarget; } @@ -682,12 +569,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { } + //set AuthBlock generation time to session String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar .getInstance()); session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) @@ -696,22 +581,22 @@ public class AuthenticationServer extends BaseAuthenticationServer { List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - if (session.isSsoRequested()) { + if (pendingReq.needSingleSignOnFunctionality()) { String oaURL = pendingReq.getAuthURL(); if (MiscUtil.isNotEmpty(oaURL)) oaURL = oaURL.replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); return authBlock; - } else { - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + } else { + String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, + .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); @@ -1034,8 +919,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); // parses CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( xmlCreateXMLSignatureReadResponse).parseResponse(); @@ -1052,14 +935,15 @@ public class AuthenticationServer extends BaseAuthenticationServer { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); } // validates - if (session.isSsoRequested()) + if (pendingReq.needSingleSignOnFunctionality()) new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); + else new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); // builds a for a MOA-SPSS call - List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); + List vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output @@ -1089,8 +973,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 79f407ca3..9ae1dc6a7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -52,7 +52,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -175,7 +174,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String gebDat, List extendedSAMLAttributes, AuthenticationSession session, - IOAAuthParameters oaParam2) + IOAAuthParameters oaParam) throws BuildException { @@ -193,7 +192,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //adding type of wbPK domain identifier ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = - new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam2.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); @@ -255,7 +254,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } //adding friendly name of OA - String oaFriendlyName = StringUtils.isEmpty(oaParam2.getFriendlyName()) ? "" : oaParam2.getFriendlyName(); + String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); ExtendedSAMLAttribute oaFriendlyNameAttribute = new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); @@ -264,15 +263,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String text = ""; - try { - OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { - Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); - text = oaparam.getAditionalAuthBlockText(); - } - - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { + Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); + text = oaParam.getAditionalAuthBlockText(); } String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, @@ -345,25 +338,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session) + AuthenticationSession session, + IOAAuthParameters oaParam) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; String wbpkNSDeclaration = ""; - - //BZ.., reading OA parameters - OAAuthParameter oaParam; - try { - oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } catch (ConfigurationException e) { - Logger.error("Error on building AUTH-Block: " + e.getMessage()); - throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); - } - //..BZ - - + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { @@ -419,14 +401,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //..BZ String text = ""; - try { - OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { - Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); - text = oaparam.getAditionalAuthBlockText(); - } - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { + Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); + text = oaParam.getAditionalAuthBlockText(); } String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 6ff0177ac..a2dc54a37 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -122,6 +122,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { } catch (IOException e) { throw new TaskExecutionException(e.getMessage(), e); + } catch (MOADatabaseException e1) { + throw new TaskExecutionException(e1.getMessage(), e1); + } finally { } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index ef17700d3..370236bf4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -13,14 +13,10 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -66,42 +62,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { try { - - IRequest pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - - - - - + //execute default task initialization + defaultTaskInitialization(req, executionContext); + //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); @@ -122,8 +85,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { } } catch (WrongParametersException ex) { -// handleWrongParameters(ex, req, resp); throw new TaskExecutionException(ex.getMessage(), ex); + } catch (MOAIDException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 5c88afc56..50b71a660 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; @@ -14,8 +13,6 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; @@ -23,8 +20,6 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -37,13 +32,11 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** @@ -93,54 +86,18 @@ public class GetForeignIDTask extends AbstractAuthServletTask { } try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - + //check if response exists String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + Logger.debug(xmlCreateXMLSignatureResponse); + //execute default task initialization + defaultTaskInitialization(req, executionContext); - Logger.debug(xmlCreateXMLSignatureResponse); - + CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) .parseResponseDsig(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 938b4ce77..8f7f5fd80 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.security.GeneralSecurityException; import java.util.List; @@ -11,8 +10,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; @@ -20,22 +17,17 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; import iaik.pki.PKIException; /** @@ -73,57 +65,22 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { Logger.debug("POST GetMISSessionIDServlet"); try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + //execute default task initialization + defaultTaskInitialization(req, executionContext); + //get MIS sessionID String misSessionID = moasession.getMISSessionID(); + //get mandates from MIS ConnectionParameter connectionParameters = authConfig .getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( authConfig, connectionParameters); - List list = MISSimpleClient.sendGetMandatesRequest( connectionParameters.getUrl(), misSessionID, sslFactory); + //check if mandates received if (list == null || list.size() == 0) { Logger.error("Keine Vollmacht gefunden."); throw new AuthenticationException("auth.15", null); @@ -136,8 +93,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); - // TODO[tlenz]: UTF-8 ? - String sMandate = new String(mandate.getMandate()); + String sMandate = new String(mandate.getMandate(), "UTF-8"); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); throw new AuthenticationException("auth.15", @@ -152,7 +108,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { null, null).getDocumentElement(); // extract RepresentationType - authServer.verifyMandate(moasession, mandate); + authServer.verifyMandate(pendingReq, moasession, mandate); moasession.setMISMandate(mandate); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 86d8de047..ba2c9d108 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -27,6 +27,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -52,6 +53,8 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("InitializeBKUAuthenticationTask") public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { + @Autowired StartAuthentificationParameterParser authInitialisationParser; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -88,7 +91,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { Logger.info("Start Authentication Module: " + pendingReq.requestedModule() + " Action: " + pendingReq.requestedAction()); - StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq); + authInitialisationParser.parse(executionContext, request, moasession, pendingReq); } else { String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); @@ -104,7 +107,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); else { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), @@ -147,23 +150,24 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { useMandate = "false"; //parse all OA parameters i - StartAuthentificationParameterParser.parse(moasession, - target, - moasession.getOAURLRequested(), - bkuURL, - templateURL, - useMandate, - ccc, - request, - pendingReq); + authInitialisationParser.parse( moasession, + target, + pendingReq.getOAURL(), + bkuURL, + templateURL, + useMandate, + ccc, + request, + pendingReq); } } executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate()); - // make sure moa session has been persisted before running the process + // make sure MOASession and Pending-Request has been persisted before running the process try { - authenticatedSessionStorage.storeSession(moasession); + authenticatedSessionStorage.storeSession(moasession); + requestStoreage.storePendingRequest(pendingReq); } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 1c5f3c202..bd8377373 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -1,29 +1,19 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Creates {@code CreateXMLSignatureRequest} for auth block signature.

@@ -58,54 +48,17 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { Logger.debug("Process CreateAuthBlock Task"); try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + //initialize task + defaultTaskInitialization(req, executionContext); - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - - - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - + //build authBlock String createXMLSignatureRequest = authServer - .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, authConfig, oaParam, pendingReq); + .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); + //store MOASession authenticatedSessionStorage.storeSession(moasession); + //write response CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 3d8b94239..6c0fe3774 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.util.List; @@ -31,13 +30,10 @@ import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.stereotype.Service; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -49,14 +45,12 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -75,46 +69,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - request.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } + //perform default task initialization + defaultTaskInitialization(request, executionContext); - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); @@ -131,14 +88,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { GET_MIS_SESSIONID, pendingReq.getRequestID()); - String oaURL = pendingReq.getOAURL(); IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - if (oaParam == null) { - oaParam = authConfig.getOnlineApplicationParameter(oaURL); - Logger.info("No Service info in PendingRequest --> load service info from configuration"); - - } - List profiles = oaParam.getMandateProfiles(); if (profiles == null) { @@ -153,15 +103,12 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //TODO: check in case of SSO!!! String targetType = null; - if(oaParam.getBusinessService()) { - String id = oaParam.getIdentityLinkDomainIdentifier(); - if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - targetType = id; - else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moasession.getDomainIdentifier(); + if(oaParam.getBusinessService()){ + targetType = oaParam.getIdentityLinkDomainIdentifier(); } else { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), @@ -182,6 +129,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } String redirectMISGUI = misSessionID.getRedirectURL(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 78be6c8c8..e8f68c514 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; import java.io.IOException; @@ -10,26 +9,19 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).

@@ -88,80 +80,39 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - String redirectURL = null; - try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - + try { + //check if authblock is received + if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - - authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); - - //store all changes in session DAO - authenticatedSessionStorage.storeSession(moasession); - - } - - catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); - + //execute default task initialization + defaultTaskInitialization(req, executionContext); - - } catch (Exception e) { - Logger.error("AuthBlockValidation has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); - - } - + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - finally { - - } - - + //verify authBlock + authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); + + //store all changes in session DAO + authenticatedSessionStorage.storeSession(moasession); + + } + + catch (MOAIDException ex) { + throw new TaskExecutionException(ex.getMessage(), ex); + + } catch (Exception e) { + Logger.error("AuthBlockValidation has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); + + } + + finally { + + } + } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 5c9a069ee..6c220fd79 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID; import java.io.IOException; @@ -10,28 +9,22 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; -import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; /** @@ -83,62 +76,27 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + //execute default task initialization + defaultTaskInitialization(req, executionContext); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - + //read certificate from response X509Certificate cert = authServer.getCertificate(pendingReq, parameters); if (cert == null) { Logger.error("Certificate could not be read."); throw new AuthenticationException("auth.14", null); } - - boolean useMandate = moasession.getUseMandate(); - - if (useMandate) { + + if (moasession.getUseMandate()) { - // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = authServer.verifyCertificate(moasession, cert, pendingReq); + // verify certificate for OrganWalter + authServer.verifyCertificate(moasession, cert, pendingReq); + + //create AuthBlock + String createXMLSignatureRequestOrRedirect = + authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); try { authenticatedSessionStorage.storeSession(moasession); @@ -149,8 +107,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); - } - else { + } else { String countrycode = CertificateUtils.getIssuerCountry(cert); if (countrycode != null) { @@ -164,21 +121,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); - String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(moasession, cert); + String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert); + // build dataurl (to the GetForeignIDSerlvet) String dataurl = new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, pendingReq.getRequestID()); - - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException e) { - throw new MOAIDException("session store error", null); - } - + CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); Logger.debug("Send CreateXMLSignatureRequest to BKU"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 2c23254e4..267d5ea0b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -1,31 +1,23 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; - import java.io.IOException; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the identity link.

@@ -72,52 +64,19 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { } try { - - String pendingRequestID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - + //execute default task initialization + defaultTaskInitialization(req, executionContext); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - + + //verify identityLink boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; + //store session authenticatedSessionStorage.storeSession(moasession); + //set 'identityLink exists' flag to context executionContext.put("identityLinkAvailable", identityLinkAvailable); } catch (ParseException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8a9c19c80..5e0a69fd4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -56,6 +56,7 @@ import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -66,7 +67,7 @@ import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -132,10 +133,14 @@ public class CreateXMLSignatureResponseValidator { throws ValidateException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - - String gbTarget = session.getTarget(); - String oaURL = session.getPublicOAURLPrefix(); - boolean businessService = session.getBusinessService(); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + String gbTarget = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); + String targetFriendlyName = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); + String oaURL = oaParam.getPublicURLPrefix(); + boolean businessService = oaParam.getBusinessService(); IdentityLink identityLink = session.getIdentityLink(); @@ -227,8 +232,7 @@ public class CreateXMLSignatureResponseValidator { } } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundGB = true; - String targetFriendlyName = session.getTargetFriendlyName(); + foundGB = true; String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget); if (StringUtils.isEmpty(sectorName)) { if (targetFriendlyName != null) @@ -293,23 +297,18 @@ public class CreateXMLSignatureResponseValidator { samlSpecialText = samlSpecialText.replaceAll("'", "'"); String text = ""; - try { - OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { - Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); - text = oaparam.getAditionalAuthBlockText(); - } - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { + Logger.info("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); + text = oaParam.getAditionalAuthBlockText(); } - - + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant); if (!samlSpecialText.equals(specialText)) { - throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); } } else { throw new ValidateException("validator.35", null); + } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index bb180d8e9..1f9d9e3a0 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -27,14 +27,12 @@ import java.util.List; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import com.google.gson.JsonObject; +import com.google.gson.JsonPrimitive; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.oauth20.Pair; -import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; @@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttri import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -59,13 +59,12 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescA import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.oauth20.Pair; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; -import com.google.gson.JsonObject; -import com.google.gson.JsonPrimitive; - public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { @@ -207,7 +206,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List builders, final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder { } public static void addScopeOpenId(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData, + final IOAAuthParameters oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index d2636c259..d08a3b4f0 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -23,11 +23,10 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; @@ -42,7 +41,7 @@ public class OpenIdNonceAttribute implements IAttributeBuilder { return g.buildStringAttribute(this.getName(), "", null); } - public ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + public ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, IAttributeGenerator g) throws AttributeException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index fcde874b4..17d0738e3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -36,8 +36,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -153,7 +152,7 @@ class OAuth20AuthAction implements IAction { private Pair buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); + IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index ecef9b0a3..416445fa6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -212,38 +212,30 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) reqAttr.put(el, ""); - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); + for (String s : scope.split(" ")) { + if (s.equalsIgnoreCase("profile")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) + reqAttr.put(el.getName(), ""); - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } + } else if (s.equalsIgnoreCase("eID")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("eID_gov")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("mandate")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("stork")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) + reqAttr.put(el.getName(), ""); + } - - return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); - - } catch (ConfigurationException e) { - Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); - return null; } + + return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 52204d7f6..22ceda4f1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.moduls.IAction; @@ -122,9 +123,17 @@ public class OAuth20Protocol extends AbstractProtocolModulController { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { // validation is done inside creation - OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); - Logger.debug("Created: " + res); - return res; + + try { + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); + Logger.debug("Created: " + res); + return res; + + } catch (OAuth20Exception e) { + Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); + throw new InvalidProtocolRequestException(e.getMessage(), null); + + } } /* diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index b4c8c37d4..61a73335c 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -35,8 +35,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -73,8 +72,7 @@ public class GetArtifactAction implements IAction { } try { - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration(); // add other stork attributes to MOA assertion if available IPersonalAttributeList storkAttributes = authData.getGenericData( diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 1d06bb48a..5eb39880e 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -100,20 +100,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer { samlArtifact, ex.toString() }); } Throwable error = null; - //synchronized (authenticationDataStore) { - try { - error = authenticationDataStore - .get(samlArtifact, Throwable.class); + try { + error = authenticationDataStore + .get(samlArtifact, Throwable.class); - authenticationDataStore.remove(samlArtifact); - - } catch (MOADatabaseException e) { + if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + authenticationDataStore.remove(samlArtifact); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } - //} - return error; } @@ -170,22 +173,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); } - String authData = null; - //synchronized (authenticationDataStore) { - // System.out.println("assertionHandle: " + assertionHandle); - - try { - authData = authenticationDataStore - .get(samlArtifact, String.class, authDataTimeOut); + String authData = null; + try { + authData = authenticationDataStore + .get(samlArtifact, String.class, authDataTimeOut); - } catch (MOADatabaseException e) { + if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); - } - //} + + } - authenticationDataStore.remove(samlArtifact); + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + authenticationDataStore.remove(samlArtifact); Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); return authData; @@ -203,7 +208,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return samlArtifact; } - public String BuildSAMLArtifact(OAAuthParameter oaParam, + public String BuildSAMLArtifact(IOAAuthParameters oaParam, SAML1AuthenticationData authData, String sourceID) throws ConfigurationException, BuildException, AuthenticationException { @@ -428,7 +433,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData + private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 417bf4dc9..3facdb50f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -58,8 +58,8 @@ public class SAML1Protocol extends AbstractProtocolModulController { @Autowired private SAML1AuthenticationServer saml1AuthServer; - public static final String REQ_DATA_SOURCEID = "sourceID"; - public static final String REQ_DATA_TARGET = "target"; + public static final String REQ_DATA_SOURCEID = "saml1_sourceID"; + public static final String REQ_DATA_TARGET = "saml1_target"; public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; @@ -111,71 +111,87 @@ public class SAML1Protocol extends AbstractProtocolModulController { public void preProcess(HttpServletRequest request, HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + try { + String oaURL = (String) request.getParameter(PARAM_OA); + //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String oaURL = (String) request.getParameter(PARAM_OA); - //oaURL = StringEscapeUtils.escapeHtml(oaURL); - - String target = (String) request.getParameter(PARAM_TARGET); - target = StringEscapeUtils.escapeHtml(target); - - String sourceID = request.getParameter(PARAM_SOURCEID); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - - //the target parameter is used to define the OA in SAML1 standard - if (target != null && target.startsWith("http")) { - oaURL = target; - target = null; - } - - if (MiscUtil.isEmpty(oaURL)) { - Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); + String target = (String) request.getParameter(PARAM_TARGET); + target = StringEscapeUtils.escapeHtml(target); - } - - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); - - pendingRequest.setOAURL(oaURL); - - Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); - - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - - - //load Target only from OA config - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); - - if (oaParam == null) - throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); + String sourceID = request.getParameter(PARAM_SOURCEID); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + + if (MiscUtil.isEmpty(oaURL)) { + Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + } + + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + pendingRequest.setOAURL(oaURL); + + Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); + + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + + + //load Target only from OA config + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new InvalidProtocolRequestException("auth.00", + new Object[] { null }); + + SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); + if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { + Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); + throw new InvalidProtocolRequestException("auth.00", + new Object[] { null }); + } + pendingRequest.setOnlineApplicationConfiguration(oaParam); + + + //check and set SourceID + if (oaParam.getSAML1Parameter() != null && + MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) { + pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID()); - SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); - if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { - Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); - throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); + } else + pendingRequest.setSourceID(sourceID); + + revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); + + if (MiscUtil.isNotEmpty(target)) + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); + + else + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget()); + + //AuthnRequest needs authentication + pendingRequest.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingRequest.setAction(AuthenticationAction.class.getName()); + + } catch (WrongParametersException e) { + throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters()); + + } catch (InvalidProtocolRequestException e) { + throw e; + } - pendingRequest.setOnlineApplicationConfiguration(oaParam); - pendingRequest.setSourceID(sourceID); - - revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); - - if (MiscUtil.isNotEmpty(target)) - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); - - else - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget()); - - //AuthnRequest needs authentication - pendingRequest.setNeedAuthentication(true); - - //set protocol action, which should be executed after authentication - pendingRequest.setAction(AuthenticationAction.class.getName()); } @@ -183,9 +199,7 @@ public class SAML1Protocol extends AbstractProtocolModulController { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); - if (!oa.getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) return false; else { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 3da7cab80..5867bbac6 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -30,13 +30,10 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz @@ -81,26 +78,19 @@ public class SAML1RequestImpl extends RequestImpl { List reqAttr = new ArrayList(); reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter(); - if (saml1 != null) { - if (saml1.isProvideAUTHBlock()) - reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - - if (saml1.isProvideCertificate()) - reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); - - if (saml1.isProvideFullMandatorData()) - reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); - } - - return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator()); + SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); + if (saml1 != null) { + if (saml1.isProvideAUTHBlock()) + reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - } catch (ConfigurationException e) { - Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); - return null; + if (saml1.isProvideCertificate()) + reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + + if (saml1.isProvideFullMandatorData()) + reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); } + + return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator()); } -- cgit v1.2.3 From 18f7c6609058ed5c3bfb59c625682f4f4a53d75d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Feb 2016 10:22:11 +0100 Subject: refactor Single Sign-On authentication consents evaluator to get executed by processEngine --- id/server/doc/handbook/protocol/protocol.html | 4 + .../id/auth/builder/SendAssertionFormBuilder.java | 78 ++- .../id/auth/modules/AbstractAuthServletTask.java | 20 + .../modules/SingleSignOnConsentsModuleImpl.java | 69 +++ .../tasks/EvaluateSSOConsentsTaskImpl.java | 115 +++++ .../internal/tasks/FinalizeAuthenticationTask.java | 16 +- .../GenerateSSOConsentEvaluatorFrameTask.java | 87 ++++ .../id/auth/servlet/SSOSendAssertionServlet.java | 177 ------- .../moa/id/moduls/AuthenticationManager.java | 550 ++++++++++----------- ...t.gv.egovernment.moa.id.auth.modules.AuthModule | 2 +- .../SingleSignOnConsentEvaluator.process.xml | 20 + .../main/resources/moaid.authentication.beans.xml | 6 + .../resources/properties/id_messages_de.properties | 3 +- .../protocol_response_statuscodes_de.properties | 1 + 14 files changed, 627 insertions(+), 521 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java create mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/SingleSignOnConsentEvaluator.process.xml (limited to 'id/server/idserverlib/src/main/resources/at') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 6214c393c..a3a06bc6d 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -606,6 +606,10 @@ Redirect Binding 1109 Fehler beim Validieren der SZR-Gateway Response + + 1110 + Ungültige Single Sign-On Session +

1.3.1.3 STORK (12xxx)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index d14910319..7121935b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -34,7 +34,8 @@ import java.net.URI; import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; @@ -46,8 +47,6 @@ public class SendAssertionFormBuilder { private static final String TEMPLATEBGCOLOR = "style=\"background-color: #COLOR#\""; private static String URL = "#URL#"; - private static String MODUL = "#MODUL#"; - private static String ACTION = "#ACTION#"; private static String ID = "#ID#"; private static String OANAME = "#OAName#"; private static String CONTEXTPATH = "#CONTEXTPATH#"; @@ -56,8 +55,7 @@ public class SendAssertionFormBuilder { private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; - private static String getTemplate() { - + private static String getTemplate() { String pathLocation; InputStream input = null; try { @@ -68,12 +66,9 @@ public class SendAssertionFormBuilder { File file = new File(new URI(pathLocation)); input = new FileInputStream(file); - } catch (FileNotFoundException e) { - - Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); - - pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; - + } catch (FileNotFoundException e) { + Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; input = Thread.currentThread() .getContextClassLoader() .getResourceAsStream(pathLocation); @@ -82,48 +77,43 @@ public class SendAssertionFormBuilder { return getTemplate(input); - } catch (Exception e) { + } catch (Exception e) { + return null; + + } finally { try { - input.close(); + if (input != null) + input.close(); - } catch (IOException e1) { + } catch (IOException e) { Logger.warn("SendAssertionTemplate inputstream can not be closed.", e); + } - - return null; - } - + } } private static String getTemplate(InputStream input) { + String template = null; + try { - String template = null; - - try { - - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - template = writer.toString(); - template = template.replace(URL, SERVLET); - - } catch (Exception e) { - Logger.error("Failed to read template", e); - - } finally { - try { - input.close(); - - } catch (IOException e) { - Logger.warn("SendAssertionTemplate inputstream can not be closed.", e); - } - } + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + template = template.replace(URL, SERVLET); + + } catch (Exception e) { + Logger.error("Failed to read template", e); + } return template; } - public static String buildForm(String modul, String action, String id, OAAuthParameter oaParam, String contextpath) { + public static String buildForm(IRequest pendingReq) { String value = null; + String contextpath = pendingReq.getAuthURL(); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + byte[] oatemplate = oaParam.getSendAssertionTemplate(); // OA specific template requires a size of 8 bits minimum if (oatemplate != null && oatemplate.length > 7) { @@ -137,15 +127,7 @@ public class SendAssertionFormBuilder { } if(value != null) { -// if(modul == null) { -// modul = SAML1Protocol.PATH; -// } -// if(action == null) { -// action = SAML1Protocol.GETARTIFACT; -// } - value = value.replace(MODUL, modul); - value = value.replace(ACTION, action); - value = value.replace(ID, id); + value = value.replace(ID, pendingReq.getRequestID()); value = value.replace(OANAME, oaParam.getFriendlyName()); if (contextpath.endsWith("/")) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 68d5ae299..559d4fd4f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -12,6 +12,7 @@ import java.util.Map; import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileItemFactory; @@ -25,6 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.springweb.MoaIdTask; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -95,6 +98,23 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { } + /** + * Redirect the authentication process to protocol specific finalization endpoint. + * + * @param pendingReq Actually processed protocol specific authentication request + * @param httpResp + */ + protected void performRedirectToProtocolFinialization(IRequest pendingReq, HttpServletResponse httpResp) { + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), + AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID()); + + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + httpResp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + /** * Parses the request input stream for parameters, assuming parameters are * encoded UTF-8 (no standard exists how browsers should encode them). diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java new file mode 100644 index 000000000..d64126de6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java @@ -0,0 +1,69 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules; + +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class SingleSignOnConsentsModuleImpl implements AuthModule { + + public static final String PARAM_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return 0; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Object evaluationObj = context.get(PARAM_SSO_CONSENTS_EVALUATION); + if (evaluationObj != null && evaluationObj instanceof Boolean) { + boolean evaluateSSOConsents = (boolean) evaluationObj; + if (evaluateSSOConsents) { + return "SSOConsentsEvluationProcess"; + + } + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/SingleSignOnConsentEvaluator.process.xml" }; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java new file mode 100644 index 000000000..8dcb63550 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -0,0 +1,115 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * Evaluate the Single Sign-On user consent + * + * @author tlenz + * + */ +public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { + + private static final String PARAM_SSO_CONSENTS = "value"; + + @Autowired private SSOManager ssoManager; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //evaluate SSO consents flag + String ssoConsentsString = request.getParameter(PARAM_SSO_CONSENTS); + ssoConsentsString = StringEscapeUtils.escapeHtml(ssoConsentsString); + if (!ParamValidatorUtils.isValidUseMandate(ssoConsentsString)) + throw new WrongParametersException("EvaluateSSOConsentsTaskImpl", PARAM_SSO_CONSENTS, null); + + boolean ssoConsents = false; + if (MiscUtil.isNotEmpty(ssoConsentsString)) + ssoConsents = Boolean.parseBoolean(ssoConsentsString); + + //perform default task initialization + defaultTaskInitialization(request, executionContext); + + //check SSO session cookie and MOASession object + String ssoId = ssoManager.getSSOSessionID(request); + boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); + if (!(isValidSSOSession && moasession.isAuthenticated() )) { + Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); + throw new AuthenticationException("auth.30", null); + + } + + //Log consents evaluator event to revisionslog + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents)); + + //user allow single sign-on authentication + if (ssoConsents) { + //authenticate pending-request + pendingReq.setAuthenticated(true); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //redirect to auth. protocol finalization + performRedirectToProtocolFinialization(pendingReq, response); + + } else { + //user deny single sign-on authentication + throw new AuthenticationException("auth.21", new Object[] {}); + + } + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("FinalizeAuthenticationTask has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 4fd43b6ba..d1d2cdca8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -28,14 +28,12 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -93,7 +91,6 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { } - //set MOASession to authenticated and store MOASession moasession.setAuthenticated(true); String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession); @@ -103,16 +100,9 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { pendingReq.setAuthenticated(true); requestStoreage.storePendingRequest(pendingReq); - Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher."); - - String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), - AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID()); - - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - + Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher."); + performRedirectToProtocolFinialization(pendingReq, response); + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java new file mode 100644 index 000000000..f9f121520 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -0,0 +1,87 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.io.PrintWriter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Build a Single Sign-On consents evaluator form + * + * @author tlenz + * + */ +public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //perform default task initialization + defaultTaskInitialization(request, executionContext); + + //set authenticated flag to false, because user consents is required + pendingReq.setAuthenticated(false); + + //build consents evaluator form + String form = SendAssertionFormBuilder.buildForm(pendingReq); + + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + //Log consents evaluator event to revisionslog + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + + //write form to response object + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(form); + out.flush(); + + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("FinalizeAuthenticationTask has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java deleted file mode 100644 index 4c895e387..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ /dev/null @@ -1,177 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// ******************************************************************************/ -//package at.gv.egovernment.moa.id.auth.servlet; -// -//import java.io.IOException; -// -//import javax.servlet.ServletException; -//import javax.servlet.http.HttpServletRequest; -//import javax.servlet.http.HttpServletResponse; -// -//import org.apache.commons.lang.StringEscapeUtils; -// -//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -//import at.gv.egovernment.moa.id.moduls.IRequest; -//import at.gv.egovernment.moa.id.moduls.RequestStorage; -//import at.gv.egovernment.moa.id.moduls.SSOManager; -//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -//import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -//import at.gv.egovernment.moa.logging.Logger; -//import at.gv.egovernment.moa.util.MiscUtil; -// -//public class SSOSendAssertionServlet extends AuthServlet{ -// -// private static final long serialVersionUID = 1L; -// -// private static final String PARAM = "value"; -// private static final String MODULE = "mod"; -// private static final String ACTION = "action"; -// private static final String ID = "identifier"; -// -// protected void doPost(HttpServletRequest req, HttpServletResponse resp) -// throws ServletException, IOException { -// -// String id = null; -// Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request"); -// try { -// -// Object idObject = req.getParameter(ID); -// -// if (idObject != null && (idObject instanceof String)) { -// id = (String) idObject; -// } -// -// String value = req.getParameter(PARAM); -// value = StringEscapeUtils.escapeHtml(value); -// if (!ParamValidatorUtils.isValidUseMandate(value)) -// throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); -// -// //get module and action -// Object moduleObject = req.getParameter(MODULE); -// String module = null; -// if (moduleObject != null && (moduleObject instanceof String)) { -// module = (String) moduleObject; -// } -// -// -// Object actionObject = req.getParameter(ACTION); -// String action = null; -// if (actionObject != null && (actionObject instanceof String)) { -// action = (String) actionObject; -// } -// -// if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { -// Logger.warn("No Moduel or Action parameter received!"); -// throw new WrongParametersException("Module or Action is empty", "", "auth.10"); -// } -// -// -// SSOManager ssomanager = SSOManager.getInstance(); -// //get SSO Cookie for Request -// String ssoId = ssomanager.getSSOSessionID(req); -// -// //check SSO session -// if (ssoId != null) { -// String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); -// -// if (correspondingMOASession != null) { -// Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + -// "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); -// -// -// AuthenticationSessionStoreage.destroySession(correspondingMOASession); -// -// ssomanager.deleteSSOSessionID(req, resp); -// } -// } -// -// boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null); -// -// String moaSessionID = null; -// -// if (isValidSSOSession) { -// -// -// //check UseMandate flag -// String valueString = null;; -// if ((value != null) && (value.compareTo("") != 0)) { -// valueString = value; -// } else { -// valueString = "false"; -// } -// -// if (valueString.compareToIgnoreCase("true") == 0) { -// moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); -// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); -// AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); -// -// //log event -// //String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); -// IRequest pendingReq = RequestStorage.getPendingRequest(id); -// MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED); -// -// //TODO: only for development!!!!!!! -//// String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), -//// ModulUtils.buildAuthURL(module, action, id), ""); -// -// String redirectURL = "Remove commants in Class:SSOSendAssertionServlet Line:141"; -// -// resp.setContentType("text/html"); -// resp.setStatus(302); -// -// -// resp.addHeader("Location", redirectURL); -// Logger.debug("REDIRECT TO: " + redirectURL); -// -// } -// -// else { -// throw new AuthenticationException("auth.21", new Object[] {}); -// } -// -// } else { -// handleError("SSO Session is not valid", null, req, resp, id); -// } -// -// -// } catch (MOADatabaseException e) { -// handleError("SSO Session is not found", e, req, resp, id); -// -// } catch (WrongParametersException e) { -// handleError("Parameter is not valid", e, req, resp, id); -// -// } catch (AuthenticationException e) { -// handleError(e.getMessage(), e, req, resp, id); -// -// } catch (Exception e) { -// Logger.error("SSOSendAssertion has an interal Error.", e); -// } -// -// } -// -//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 4131e49fc..7863c684e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; -import java.io.PrintWriter; import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; @@ -53,6 +52,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; @@ -101,52 +101,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { public AuthenticationManager() { } - - /** - * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated - * - * @param protocolRequest Authentication request which is actually in process - * @param moaSession MOASession with authentication information or null if no MOASession exists - * - * @return true if session is already authenticated, otherwise false - * @throws MOAIDException - */ - private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { - - //if no MOASession exist -> authentication is required - if (moaSession == null) { - return false; - } else { - //if MOASession is Found but not authenticated --> authentication is required - if (!moaSession.isAuthenticated()) { - return false; - } - - //if MOASession is already authenticated and protocol-request is authenticated - // --> no authentication is required any more - else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { - return true; - - // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest - } else if (!protocolRequest.isAuthenticated() - && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { - Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); - protocolRequest.setAuthenticated(true); - protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); - return true; - - } - - // force authentication as backup solution - else { - Logger.warn("Authentication-required check find an unsuspected state --> force authentication"); - return false; - - } - } - } - public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, pvpReq, null); @@ -159,163 +114,6 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - - private void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { - String pvpSLOIssuer = null; - String inboundRelayState = null; - - if (pvpReq != null) { - MOARequest samlReq = (MOARequest) pvpReq.getRequest(); - LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - pvpSLOIssuer = logOutReq.getIssuer().getValue(); - inboundRelayState = samlReq.getRelayState(); - - } - - //store active OAs to SLOContaine - List dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); - List dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); - SLOInformationContainer sloContainer = new SLOInformationContainer(); - sloContainer.setSloRequest(pvpReq); - sloContainer.parseActiveIDPs(dbIDPs, pvpSLOIssuer); - sloContainer.parseActiveOAs(dbOAs, pvpSLOIssuer); - - //terminate MOASession - try { - authenticatedSessionStore.destroySession(session.getSessionID()); - ssoManager.deleteSSOSessionID(httpReq, httpResp); - - } catch (MOADatabaseException e) { - Logger.warn("Delete MOASession FAILED."); - sloContainer.putFailedOA(pvpReq.getAuthURL()); - - } - - //start service provider back channel logout process - Iterator nextOAInterator = sloContainer.getNextBackChannelOA(); - while (nextOAInterator.hasNext()) { - SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); - LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr); - - try { - List soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); - - LogoutResponse sloResp = null; - for (XMLObject el : soapResp) { - if (el instanceof LogoutResponse) - sloResp = (LogoutResponse) el; - } - - if (sloResp == null) { - Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() - + " FAILED. NO LogOut response received."); - sloContainer.putFailedOA(sloReq.getIssuer().getValue()); - - } else { - SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifySLOResponse(sloResp, - TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - - } - - SingleLogOutBuilder.checkStatusCode(sloContainer, sloResp); - - } catch (SOAPException e) { - Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() - + " FAILED.", e); - sloContainer.putFailedOA(sloReq.getIssuer().getValue()); - - } catch (SecurityException | InvalidProtocolRequestException e) { - Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() - + " FAILED.", e); - sloContainer.putFailedOA(sloReq.getIssuer().getValue()); - - } - } - - //start service provider front channel logout process - try { - if (sloContainer.hasFrontChannelOA()) { - String relayState = Random.nextRandom(); - - Collection> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); - List sloReqList = new ArrayList(); - for (Entry el : sloDescr) { - LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(el.getValue()); - try { - sloReqList.add(SingleLogOutBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), - sloReq, httpReq, httpResp, relayState)); - - } catch (Exception e) { - Logger.warn("Failed to build SLO request for OA:" + el.getKey()); - sloContainer.putFailedOA(el.getKey()); - - } - } - - //put SLO process-information into transaction storage - transactionStorage.put(relayState, sloContainer); - - if (MiscUtil.isEmpty(authURL)) - authURL = pvpReq.getAuthURL(); - - String timeOutURL = authURL - + "/idpSingleLogout" - + "?restart=" + relayState; - - VelocityContext context = new VelocityContext(); - context.put("redirectURLs", sloReqList); - context.put("timeoutURL", timeOutURL); - context.put("timeout", SLOTIMEOUT); - ssoManager.printSingleLogOutInfo(context, httpResp); - - - } else { - if (pvpReq != null) { - //send SLO response to SLO request issuer - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); - SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); - - } else { - //print SLO information directly - VelocityContext context = new VelocityContext(); - if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) - context.put("successMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); - else - context.put("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssoManager.printSingleLogOutInfo(context, httpResp); - - } - - } - - } catch (MOADatabaseException e) { - Logger.error("MOA AssertionDatabase ERROR", e); - if (pvpReq != null) { - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); - - }else { - //print SLO information directly - VelocityContext context = new VelocityContext(); - context.put("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssoManager.printSingleLogOutInfo(context, httpResp); - - } - - } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - public void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, String moaSessionID) { Logger.info("Logout"); @@ -387,7 +185,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //check if interfederation IDP is requested ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq); - //check SSO session + //check if SSO session cookie is already used if (ssoId != null) { String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId); @@ -402,21 +200,22 @@ public class AuthenticationManager extends MOAIDAuthConstants { ssoManager.deleteSSOSessionID(httpReq, httpResp); } } - + + //check if SSO Session is valid + boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); + // check if Service-Provider allows SSO sessions IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); + boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); //if a legacy request is used SSO should not be allowed in case of mandate authentication boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); - - //check if SSO Session is valid - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - + //check if SSO is allowed for the actually executed request + //INFO: Actually, useMandate disables SSO functionality!!!!! boolean isSSOAllowed = (useSSOOA && !isUseMandateRequested); pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); @@ -428,6 +227,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (moaSession == null) Logger.info("No MOASession FOUND with provided SSO-Cookie."); + else { Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO); @@ -436,25 +236,22 @@ public class AuthenticationManager extends MOAIDAuthConstants { } //check if session is already authenticated - boolean tryperform = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); - - //perfom SSO-Consents question if it it required - if (tryperform && isSSOAllowed && oaParam.useSSOQuestion()) { - sendTransmitAssertionQuestion(httpReq, httpResp, pendingReq, oaParam); - return null; - - } - + boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); + //force new authentication authentication process if (pendingReq.forceAuth()) { startAuthenticationProcess(httpReq, httpResp, pendingReq); return null; - + + //perform SSO-Consents evaluation if it it required + } else if (isSessionAuthenticated && oaParam.useSSOQuestion()) { + sendSingleSignOnConsentsEvaluation(httpReq, httpResp, pendingReq); + return null; + } else if (pendingReq.isPassiv()) { - if (tryperform) { + if (isSessionAuthenticated) { // Passive authentication ok! - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); + revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); return moaSession; } else { @@ -462,7 +259,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } else { - if (tryperform) { + if (isSessionAuthenticated) { // Is authenticated .. proceed revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); @@ -476,6 +273,50 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } + /** + * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated + * + * @param protocolRequest Authentication request which is actually in process + * @param moaSession MOASession with authentication information or null if no active MOASession exists + * + * @return true if session is already authenticated, otherwise false + * @throws MOAIDException + */ + private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { + + //if no MOASession exist -> authentication is required + if (moaSession == null) { + return false; + + } else { + //if MOASession is Found but not authenticated --> authentication is required + if (!moaSession.isAuthenticated()) { + return false; + } + + //if MOASession is already authenticated and protocol-request is authenticated + // --> no authentication is required any more + else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { + return true; + + // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest + } else if (!protocolRequest.isAuthenticated() + && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { + Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); + protocolRequest.setAuthenticated(true); + protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); + return true; + + } + + // force authentication as backup solution + else { + Logger.warn("Authentication-required check find an unsuspected state --> force authentication"); + return false; + + } + } + } private void startAuthenticationProcess(HttpServletRequest httpReq, HttpServletResponse httpResp, RequestImpl pendingReq) @@ -505,37 +346,64 @@ public class AuthenticationManager extends MOAIDAuthConstants { } //create authentication process execution context - try { - // create execution context + ExecutionContext executionContext = new ExecutionContextImpl(); + + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID, + MiscUtil.isNotEmpty( + pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); + + boolean leagacyMode = (legacyallowed && legacyparamavail); + executionContext.put("isLegacyRequest", leagacyMode); + executionContext.put("performBKUSelection", !leagacyMode + && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); + + //add leagcy parameters to context + if (leagacyMode) { + Enumeration reqParamNames = httpReq.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName) && + MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName)) + executionContext.put(paramName, httpReq.getParameter(paramName)); + + } + } + + //start process engine + startProcessEngine(pendingReq, executionContext); + + } + + private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request, + HttpServletResponse response, RequestImpl pendingReq) + throws ServletException, IOException, MOAIDException { + + Logger.info("Start SSO user-consents evaluation ..."); + + //set authenticated flag to false, because user consents is required + pendingReq.setAuthenticated(false); + + //create execution context ExecutionContext executionContext = new ExecutionContextImpl(); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID, - MiscUtil.isNotEmpty( - pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); + executionContext.put(SingleSignOnConsentsModuleImpl.PARAM_SSO_CONSENTS_EVALUATION, true); - boolean leagacyMode = (legacyallowed && legacyparamavail); - executionContext.put("isLegacyRequest", leagacyMode); - executionContext.put("performBKUSelection", !leagacyMode - && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); - - //add leagcy parameters to context - if (leagacyMode) { - Enumeration reqParamNames = httpReq.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName) && - MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName)) - executionContext.put(paramName, httpReq.getParameter(paramName)); - - } - } + //start process engine + startProcessEngine(pendingReq, executionContext); + + } + + private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws MOAIDException { + try { + //put pending-request ID on execurtionContext + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); + // create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); if (processDefinitionId == null) { - Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() ); + Logger.warn("No suitable process found for SessionID " + pendingReq.getRequestID() ); throw new MOAIDException("process.02",new Object[] { - moasession.getSessionID()}); + pendingReq.getRequestID()}); } String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); @@ -545,18 +413,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //store pending-request requestStoreage.storePendingRequest(pendingReq); - - - // make sure moa session has been persisted before running the process - try { - authenticatedSessionStore.storeSession(moasession); - - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); - } - + // start process processEngine.start(processInstanceId); @@ -572,32 +429,163 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } - throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), moasession }, e); - } + throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getRequestID() }, e); + } } - - private void sendTransmitAssertionQuestion(HttpServletRequest request, - HttpServletResponse response, IRequest target, IOAAuthParameters oaParam) - throws ServletException, IOException, MOAIDException { - - //TODO: change to process management version!!!! + + private void performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { + String pvpSLOIssuer = null; + String inboundRelayState = null; - //set authenticated flag to false, because user consents is required - target.setAuthenticated(false); + if (pvpReq != null) { + MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); + pvpSLOIssuer = logOutReq.getIssuer().getValue(); + inboundRelayState = samlReq.getRelayState(); + + } + //store active OAs to SLOContaine + List dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); + List dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); + SLOInformationContainer sloContainer = new SLOInformationContainer(); + sloContainer.setSloRequest(pvpReq); + sloContainer.parseActiveIDPs(dbIDPs, pvpSLOIssuer); + sloContainer.parseActiveOAs(dbOAs, pvpSLOIssuer); + + //terminate MOASession + try { + authenticatedSessionStore.destroySession(session.getSessionID()); + ssoManager.deleteSSOSessionID(httpReq, httpResp); -// String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), -// target.requestedAction(), target.getRequestID(), oaParam, -// target.getAuthURL()); - - String form =null; + } catch (MOADatabaseException e) { + Logger.warn("Delete MOASession FAILED."); + sloContainer.putFailedOA(pvpReq.getAuthURL()); - revisionsLogger.logEvent(target.getOnlineApplicationConfiguration(), - target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + } + + //start service provider back channel logout process + Iterator nextOAInterator = sloContainer.getNextBackChannelOA(); + while (nextOAInterator.hasNext()) { + SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); + LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr); + + try { + List soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); + + LogoutResponse sloResp = null; + for (XMLObject el : soapResp) { + if (el instanceof LogoutResponse) + sloResp = (LogoutResponse) el; + } + + if (sloResp == null) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED. NO LogOut response received."); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } else { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifySLOResponse(sloResp, + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + } + + SingleLogOutBuilder.checkStatusCode(sloContainer, sloResp); + + } catch (SOAPException e) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED.", e); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } catch (SecurityException | InvalidProtocolRequestException e) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED.", e); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } + } + + //start service provider front channel logout process + try { + if (sloContainer.hasFrontChannelOA()) { + String relayState = Random.nextRandom(); + + Collection> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); + List sloReqList = new ArrayList(); + for (Entry el : sloDescr) { + LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(el.getValue()); + try { + sloReqList.add(SingleLogOutBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), + sloReq, httpReq, httpResp, relayState)); + + } catch (Exception e) { + Logger.warn("Failed to build SLO request for OA:" + el.getKey()); + sloContainer.putFailedOA(el.getKey()); + + } + } + + //put SLO process-information into transaction storage + transactionStorage.put(relayState, sloContainer); + + if (MiscUtil.isEmpty(authURL)) + authURL = pvpReq.getAuthURL(); + + String timeOutURL = authURL + + "/idpSingleLogout" + + "?restart=" + relayState; + + VelocityContext context = new VelocityContext(); + context.put("redirectURLs", sloReqList); + context.put("timeoutURL", timeOutURL); + context.put("timeout", SLOTIMEOUT); + ssoManager.printSingleLogOutInfo(context, httpResp); + + + } else { + if (pvpReq != null) { + //send SLO response to SLO request issuer + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); + SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + + } else { + //print SLO information directly + VelocityContext context = new VelocityContext(); + if (sloContainer.getSloFailedOAs() == null || + sloContainer.getSloFailedOAs().size() == 0) + context.put("successMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); + else + context.put("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + ssoManager.printSingleLogOutInfo(context, httpResp); + + } + + } + + } catch (MOADatabaseException e) { + Logger.error("MOA AssertionDatabase ERROR", e); + if (pvpReq != null) { + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); + SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + + }else { + //print SLO information directly + VelocityContext context = new VelocityContext(); + context.put("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + ssoManager.printSingleLogOutInfo(context, httpResp); + + } - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(form); - out.flush(); + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } } } diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule index 7e2315fd7..5116c2a08 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule @@ -1,2 +1,2 @@ -# The default moaid process at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl +at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/SingleSignOnConsentEvaluator.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/SingleSignOnConsentEvaluator.process.xml new file mode 100644 index 000000000..a58ad8ac4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/SingleSignOnConsentEvaluator.process.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 82579977c..dcaeb42c3 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -61,4 +61,10 @@ + + + + \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 8329db941..92f4c1fa2 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -37,7 +37,7 @@ auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" auth.17=Vollmachtenmodus f\u00FCr nicht-\u00F6ffentlichen Bereich wird nicht unterst\u00FCtzt. auth.18=Keine MOASessionID vorhanden auth.19=Die Authentifizierung kann nicht passiv durchgef\u00FChrt werden. -auth.20=No valid MOA session found. Authentification process is abourted. +auth.20=No valid MOA session found. Authentication process is aborted. auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen. auth.22=Das Protokoll {0} ist deaktiviert. auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID 2.x. @@ -47,6 +47,7 @@ auth.26=SessionID unbekannt. auth.27=Federated authentication FAILED! Assertion from {0} IDP is not valid. auth.28=Transaktion {0} kann nicht weitergef\u00FChrt werden. Wahrscheinlich wurde ein TimeOut erreicht. auth.29=Federated authentication FAILED! Can not build authentication request for IDP {0} +auth.30=No valid Single Sign-On session found. Authentication process is aborted. init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index a8583d945..0b00b2d29 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -27,6 +27,7 @@ auth.26=1100 auth.27=4401 auth.28=1100 auth.29=4401 +auth.30=1110 init.00=9199 init.01=9199 -- cgit v1.2.3