From 9a377f533a992d19fe264fbd9fd0b096504aba37 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 12 May 2014 16:16:36 +0200
Subject: fix some interfederation problems

---
 .../moa/id/auth/AuthenticationServer.java          | 29 +++++++++--
 .../id/config/auth/AuthConfigurationProvider.java  |  1 -
 .../moa/id/entrypoints/DispatcherServlet.java      | 17 +++----
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  3 +-
 .../id/storage/AuthenticationSessionStoreage.java  | 58 +++++++++++++++-------
 5 files changed, 74 insertions(+), 34 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e83718949..010aead55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,6 +2,7 @@
 package at.gv.egovernment.moa.id.auth;
 
 import iaik.asn1.ObjectID;
+import iaik.pki.PKIRuntimeException;
 import iaik.util.logging.Log;
 import iaik.x509.X509Certificate;
 import iaik.x509.X509ExtensionInitException;
@@ -1164,11 +1165,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
                 vtids, tpid);
         // debug output
 
-        // invokes the call
-        Element domVsresp = new SignatureVerificationInvoker()
-                .verifyXMLSignature(domVsreq);
-        // debug output
+        Element domVsresp = null;
+        
+        try {
+        	// invokes the call
+        	domVsresp = new SignatureVerificationInvoker()
+        		.verifyXMLSignature(domVsreq);
+        	// debug output
+        	
+        } catch ( ServiceException e) {
+        	Logger.error("Signature verification error. ", e);
+        	Logger.error("Signed Data: " + session.getAuthBlock());
+        	try {        		
+				Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+			} catch (TransformerException e1) {
+				e1.printStackTrace();
+				
+			} catch (IOException e1) {
+				e1.printStackTrace();
+				
+			}
+        	
+        	throw e; 
+        }
 
+        
         // parses the <VerifyXMLSignatureResponse>
         VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
                 domVsresp).parseData();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 143a04dad..dca0958f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -63,7 +63,6 @@ import javax.xml.bind.JAXBContext;
 import javax.xml.bind.Unmarshaller;
 
 import org.hibernate.cfg.Configuration;
-import org.opensaml.DefaultBootstrap;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index a37026ab4..4eba83ad5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -222,8 +222,10 @@ public class DispatcherServlet extends AuthServlet{
 				}
 			}
 
-			//HttpSession httpSession = req.getSession();
-			//Map<String, IRequest> protocolRequests = null;
+			//get SSO Cookie for Request
+			SSOManager ssomanager = SSOManager.getInstance();
+			String ssoId = ssomanager.getSSOSessionID(req);
+			
 			IRequest protocolRequest = null;
 			
 			try {
@@ -258,7 +260,8 @@ public class DispatcherServlet extends AuthServlet{
 							moduleAction = info.getAction(protocolRequest.requestedAction());
 
 							//create interfederated mOASession
-							String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true);
+							String sessionID = 
+									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
 							req.getParameterMap().put(PARAM_SESSIONID, sessionID);
 														
 							Logger.info("PreProcessing of SSO interfederation response complete. ");
@@ -318,16 +321,12 @@ public class DispatcherServlet extends AuthServlet{
 				}
 								
 				AuthenticationManager authmanager = AuthenticationManager.getInstance();									
-				SSOManager ssomanager = SSOManager.getInstance();
 				
 				String moasessionID = null;
 				String newSSOSessionId = null;
 				AuthenticationSession moasession = null;	
 				IAuthData authData = null;
-				
-				//get SSO Cookie for Request
-				String ssoId = ssomanager.getSSOSessionID(req);
-					
+									
 				boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);				
 				
 				if (needAuthentication) {
@@ -358,7 +357,7 @@ public class DispatcherServlet extends AuthServlet{
 
 					
 					isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
-					useSSOOA = oaParam.useSSO();
+					useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
 					
 					
 					//if a legacy request is used SSO should not be allowed, actually
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 094cfa31f..f4f89a4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -130,7 +130,8 @@ public class SSOManager {
 		else {
 			if (protocolRequest != null && 
 					protocolRequest instanceof RequestImpl &&
-					storedSession.isInterfederatedSSOSession()) {
+					storedSession.isInterfederatedSSOSession() &&
+					!storedSession.isAuthenticated()) {
 
 				if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
 					InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 74a5e01ad..26922a13b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -215,7 +215,7 @@ public class AuthenticationSessionStoreage {
 	}
 	
 	public static String getMOASessionSSOID(String SSOSessionID) {
-		  MiscUtil.assertNotNull(SSOSessionID, "moasessionID");	  
+		  MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");	  
 		  Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
 		  Session session = MOASessionDBUtils.getCurrentSession();
 		  
@@ -643,22 +643,44 @@ public class AuthenticationSessionStoreage {
 		  return result.get(0).getInderfederation().get(0);
 	}
 	
-	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated) throws MOADatabaseException, AssertionAttributeExtractorExeption {
-		String id = Random.nextRandom();
-		AuthenticationSession session = new AuthenticationSession(id);
-		session.setAuthenticated(true);
-		session.setAuthenticatedUsed(false);
-		
-		AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
-		dbsession.setSessionid(id);
-		dbsession.setAuthenticated(isAuthenticated);
-		dbsession.setInterfederatedSSOSession(true);
+	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption {		
+		AuthenticatedSessionStore dbsession = null;
+		
+		//search for active SSO session
+		if (MiscUtil.isNotEmpty(ssoID)) {
+			String moaSession = getMOASessionSSOID(ssoID);		
+			if (MiscUtil.isNotEmpty(moaSession)) {
+				try {
+					dbsession = searchInDatabase(moaSession);
+				
+				}catch (MOADatabaseException e) {
+				
+				}			
+			} 	
+		}
 		
-		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+		String id = null;
 		Date now = new Date();
-		dbsession.setCreated(now);
+		
+		//create new MOASession if any exists
+		if (dbsession == null) {
+			id = Random.nextRandom();
+			dbsession = new AuthenticatedSessionStore();
+			dbsession.setSessionid(id);
+			dbsession.setCreated(now);
+			
+		} else {
+			id = dbsession.getSessionid();
+			
+		}
+				
+		dbsession.setInterfederatedSSOSession(true);
+		dbsession.setAuthenticated(isAuthenticated);
 		dbsession.setUpdated(now);
 		
+		AuthenticationSession session = new AuthenticationSession(id);
+		session.setAuthenticated(true);
+		session.setAuthenticatedUsed(false);
 		dbsession.setSession(SerializationUtils.serialize(session));
 		
 		//add interfederation information
@@ -682,18 +704,16 @@ public class AuthenticationSessionStoreage {
 			idp = new InterfederationSessionStore();
 			idp.setCreated(now);
 			idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
-			
+			idp.setMoasession(dbsession);
+			idpList.add(idp);
+						
 		}
-		
 		AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());		
 		idp.setSessionIndex(extract.getSessionIndex());
 		idp.setUserNameID(extract.getNameID());
 		idp.setAttributesRequested(false);
 		idp.setQAALevel(extract.getQAALevel());
-		idp.setMoasession(dbsession);
-		idpList.add(idp);
-		
-		
+
 		//store AssertionStore element to Database
 		try {
 			MOASessionDBUtils.saveOrUpdate(dbsession);
-- 
cgit v1.2.3