From f67427831d1f8c49ce6c474691b880d90a42b584 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 09:17:57 +0100 Subject: refactor the GUI generation for user interaction --- .../data/SSOTransferAuthenticationData.java | 6 +- .../data/SSOTransferOnlineApplication.java | 19 +-- .../ssotransfer/servlet/SSOTransferServlet.java | 61 +++++---- .../servlet/SSOTransferSignalServlet.java | 4 +- .../task/InitializeRestoreSSOSessionTask.java | 13 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 8 +- .../auth/modules/ssotransfer/utils/GUIUtils.java | 136 ++++++--------------- .../ssotransfer/utils/SSOContainerUtils.java | 10 +- 8 files changed, 99 insertions(+), 158 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 103a03063..f9cb4c636 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,11 +28,11 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index 4ba2e1a01..af180ff10 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -27,11 +27,11 @@ import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; /** * @author tlenz @@ -261,15 +261,6 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() - */ - @Override - public Map getFormCustomizaten() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 48ef5b526..2bb31f700 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -56,7 +56,6 @@ import javax.security.cert.X509Certificate; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Extension; @@ -80,17 +79,18 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -124,6 +124,7 @@ public class SSOTransferServlet{ @Autowired ITransactionStorage transactionStorage; @Autowired IDPCredentialProvider idpCredentials; @Autowired AuthConfiguration authConfig; + @Autowired IGUIFormBuilder guiBuilder; public SSOTransferServlet() { super(); @@ -145,8 +146,6 @@ public class SSOTransferServlet{ method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { - VelocityContext context = new VelocityContext(); - //create first step of SSO Transfer GUI String authURL = HTTPUtils.extractAuthURLFromRequest(req); if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { @@ -155,8 +154,13 @@ public class SSOTransferServlet{ } + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + internalCreateQRCodeForTransfer(resp, authURL, - "123456", "/TestTransmitSSOSession", context); + "123456", "/TestTransmitSSOSession", config); } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); @@ -388,28 +392,32 @@ public class SSOTransferServlet{ //search SSO session String ssoid = ssomanager.getSSOSessionID(req); - VelocityContext context = new VelocityContext(); - try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + if (ssomanager.isValidSSOSession(ssoid, null)) { //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); //create first step of SSO Transfer GUI - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). - contains(authURL)) { - Logger.warn("Requested URL is not allowed.");; - resp.sendError(500, "Requested URL is not allowed."); - - } - + String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid); if (MiscUtil.isNotEmpty(moaSessionID)) { AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID); if(authSession != null) { internalCreateQRCodeForTransfer(resp, authURL, authSession.getSessionID(), - SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, context); + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; } @@ -417,9 +425,10 @@ public class SSOTransferServlet{ } - context.put("errorMsg", + config.putCustomParameter("errorMsg", "No active Single Sign-On session found! SSO Session transfer is not possible."); - GUIUtils.printSSOTransferGUI(context, resp); + + guiBuilder.build(resp, config, "SSO-Transfer-Module"); } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); @@ -505,7 +514,7 @@ public class SSOTransferServlet{ } private void internalCreateQRCodeForTransfer(HttpServletResponse resp, String authURL, - String moaSessionID, String servletEndPoint, VelocityContext context) throws Exception { + String moaSessionID, String servletEndPoint, DefaultGUIFormBuilderConfiguration config) throws Exception { SSOTransferContainer container = new SSOTransferContainer(); String token = Random.nextRandom(); @@ -558,12 +567,12 @@ public class SSOTransferServlet{ ByteArrayOutputStream qrStream = QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream(); String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - context.put("QRImage", base64EncodedImage); + config.putCustomParameter("QRImage", base64EncodedImage); - context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); + config.putCustomParameter("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); - GUIUtils.printSSOTransferGUI(context, resp); - + + guiBuilder.build(resp, config, "SSO-Session Transfer-Module"); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index 0b3bd892a..cd18afb71 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -33,9 +33,9 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index e84c60ec5..e3c8efb50 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -45,6 +45,8 @@ import at.gv.egovernment.moa.logging.Logger; @Component("InitializeRestoreSSOSessionTask") public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { + @Autowired IGUIFormBuilder guiBuilder; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -63,11 +65,10 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { } - VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); - GUIUtils.printSSOTransferGUI(context, response); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, pendingReq.getRequestID()); - } catch (WrongParametersException | AuthenticationException e) { + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index d52e03c09..526f45be3 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -38,12 +38,13 @@ import org.springframework.stereotype.Component; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -60,6 +61,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; + @Autowired IGUIFormBuilder guiBuilder; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -180,8 +182,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); - GUIUtils.printSSOTransferGUI(context, response); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, + authURL, pendingReq.getRequestID()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index ee7a397aa..b1446c4d2 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -22,29 +22,19 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; -import java.io.BufferedReader; import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileInputStream; import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.StringWriter; -import java.net.URI; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import net.glxn.qrgen.QRCode; @@ -54,95 +44,43 @@ import net.glxn.qrgen.image.ImageType; * @author tlenz * */ -public class GUIUtils { - private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; - private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html"; - +public class GUIUtils { public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec - public static VelocityContext buildSSOTransferGUI(String authURL, String pendingReqID) throws ConfigurationException, IOException { - String containerURL = authURL - + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; + public static void buildSSOTransferGUI( + IGUIFormBuilder guiBuilder, HttpServletResponse httpResp, + String authURL, String pendingReqID) throws ConfigurationException, IOException { + try { + String containerURL = authURL + + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE + + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; - JsonObject qrResult = new JsonObject(); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, - SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); - ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); - String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - VelocityContext context = new VelocityContext(); - context.put("QRImage", base64EncodedImage); - - context.put("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); - - context.put("timeoutURL", containerURL); - context.put("timeout", REFESH_TIMEOUT); - - return context; - - } - - public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException { - try { - Logger.trace("Initialize VelocityEngine..."); - - InputStream is = null; - String pathLocation = null; - try { - String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE; - File file = new File(new URI(pathLocation)); - is = new FileInputStream(file); - evaluateTemplate(context, httpResp, is); - - } catch (Exception e) { - Logger.warn("SLO Template is not found in configuration directory (" + - pathLocation + "). Load template from project library ... "); - - try { - pathLocation = GUI_HTML_TEMPLATE; - is = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - evaluateTemplate(context, httpResp, is); + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - } catch (Exception e1) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - - } finally { - if (is != null) - is.close(); + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + + config.putCustomParameter("QRImage", base64EncodedImage); + config.putCustomParameter("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); + config.putCustomParameter("timeoutURL", containerURL); + config.putCustomParameter("timeout", REFESH_TIMEOUT); - } + guiBuilder.build(httpResp, config, "SSO-Transfer-Module"); - } catch (Exception e) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - } - - private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception { - - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - - BufferedReader reader = new BufferedReader(new InputStreamReader(is )); - - //set default elements to velocity context - context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); - - StringWriter writer = new StringWriter(); - //velocityEngine.evaluate(context, writer, "SLO_Template", reader); - engine.evaluate(context, writer, "SSO Transfer Template", reader); - - - httpResp.setContentType("text/html;charset=UTF-8"); - httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } - + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e); + throw new ConfigurationException("builder.09", new Object[]{e.getMessage()}, e); + + } + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index b2ab8b119..5f2642cf8 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -81,19 +81,19 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -- cgit v1.2.3 From e03689468de9aaa0bd2b3234b8e6842988a29684 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 15 Mar 2016 10:43:39 +0100 Subject: change PVP EntityID to metadata-URL (SAML2 'well-known-location' method) --- .../moa/id/protocols/pvp2x/AttributQueryAction.java | 8 ++++---- .../moa/id/protocols/pvp2x/AuthenticationAction.java | 12 ++++++++---- .../protocols/pvp2x/config/IDPPVPMetadataConfiguration.java | 9 ++++++++- .../id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 6 +++--- 4 files changed, 23 insertions(+), 12 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index f992737b6..2168316ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -61,6 +61,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; @@ -128,10 +129,9 @@ public class AttributQueryAction implements IAction { + " validTo:" + responseInfo.getSecond().toString()); //build PVP 2.1 assertion - - String issuerEntityID = pendingReq.getAuthURL(); - if (issuerEntityID.endsWith("/")) - issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); + + String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService( + pendingReq.getAuthURL()); Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 2d13609d8..8de44a2e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; @@ -81,10 +82,13 @@ public class AuthenticationAction implements IAction { SLOInformationImpl sloInformation = new SLOInformationImpl(); //change to entity value from entity name to IDP EntityID (URL) - String issuerEntityID = pvpRequest.getAuthURL(); - if (issuerEntityID.endsWith("/")) - issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); - +// String issuerEntityID = pvpRequest.getAuthURL(); +// if (issuerEntityID.endsWith("/")) +// issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); + + String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService( + pvpRequest.getAuthURL()); + //build Assertion Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, peerEntity, date, consumerService, sloInformation); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java index 91f43b10b..5bb1131a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java @@ -97,7 +97,14 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura */ @Override public String getEntityID() { - return authURL; + try { + return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + + } catch (ConfigurationException e) { + Logger.error("Can not load Metadata entry: EntityID", e); + return null; + + } } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 5f2642cf8..9683d5cb7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; @@ -320,14 +321,13 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, AuthenticationSession authSession, Date date) { try { - String entityID = authURL; + String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - String random = Random.nextRandom(); - String nameID = subjectNameID.getValue(); + String random = Random.nextLongRandom(); try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest((random).getBytes("ISO-8859-1")); -- cgit v1.2.3 From 99e249a0f292bda3def5e5fbb4cc641c6dbbe26f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 22 Mar 2016 14:42:33 +0100 Subject: update SSO transfer module --- .../resources/templates/sso_transfer_template.html | 18 ++- .../modules/ssotransfer/SSOTransferConstants.java | 4 + .../ssotransfer/servlet/SSOTransferServlet.java | 61 ++-------- .../task/InitializeRestoreSSOSessionTask.java | 36 +++++- .../ssotransfer/task/RestoreSSOSessionTask.java | 125 +++++++++++++++------ .../auth/modules/ssotransfer/utils/GUIUtils.java | 42 ++++++- .../ssotransfer/utils/SSOContainerUtils.java | 75 +++++++++++-- 7 files changed, 258 insertions(+), 103 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html index e9c2fae76..c76e75d64 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html @@ -3,17 +3,33 @@ - + + + #if($timeoutURL) + + #end Single Sign-On Session Transfer +#if($timeoutURL) + +#else +#end
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java index ce3a7856b..1ee715afa 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -58,8 +58,12 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_USERID = "userID"; public static final String SSOCONTAINER_KEY_SESSION = "session"; public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint"; + public static final String SSOCONTAINER_KEY_NONCE = "nonce"; public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag"; public static final long CERT_VALIDITY = 700; //2 years + + public static final String PENDINGREQ_DH = "dhparams"; + public static final String PENDINGREQ_NONCE = "nonce"; } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 2bb31f700..7cf7c914a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -30,13 +30,9 @@ import java.io.PrintWriter; import java.math.BigInteger; import java.net.URL; import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.PublicKey; import java.security.SecureRandom; import java.security.Security; import java.security.spec.InvalidKeySpecException; @@ -46,11 +42,9 @@ import java.util.Date; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; -import javax.crypto.KeyAgreement; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHPublicKeySpec; -import javax.crypto.spec.SecretKeySpec; import javax.security.cert.CertificateException; import javax.security.cert.X509Certificate; import javax.servlet.http.HttpServletRequest; @@ -467,7 +461,7 @@ public class SSOTransferServlet{ DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, container.getDhParams().getF().getP(), container.getDhParams().getF().getG()); - byte[] sharedSecret = getSecret(mobilePubKeySpec, container.getDhParams().getS()); + byte[] sharedSecret = ssoTransferUtils.getSecret(mobilePubKeySpec, container.getDhParams().getS()); //build ASE256 key MessageDigest digest = MessageDigest.getInstance("SHA-256"); @@ -479,7 +473,7 @@ public class SSOTransferServlet{ byte[] encryptedCSR = Base64Utils.decode(mobileCSRBase64, true); Logger.debug("EncCSR:" + Base64Utils.encode(encryptedCSR) + " | Key:" + Base64Utils.encode(hashedSecret)); - byte[] decryptedCSR = enOrDeCryptCSR(encryptedCSR, hashedSecret, Cipher.DECRYPT_MODE); + byte[] decryptedCSR = ssoTransferUtils.enOrDeCryptCSR(encryptedCSR, hashedSecret, Cipher.DECRYPT_MODE); Logger.debug("DecCSR:" + Base64Utils.encode(decryptedCSR)); Logger.debug("CSR decryption finished. --> Starting CSR validation and signing ..."); @@ -496,18 +490,16 @@ public class SSOTransferServlet{ Date now = new Date(); String personInformationToTransfer = ssoTransferUtils.generateSignedAndEncryptedSSOContainer( - container.getAuthURL(), moaSession, now); + container.getAuthURL(), moaSession, now, hashedSecret); Logger.debug("PersonData:" + personInformationToTransfer); //encrypt personal information Logger.debug("PersonData generation finished. --> Starting personData encryption ... "); - byte[] encPersonData = enOrDeCryptCSR(personInformationToTransfer.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE); - String encAndEncodedPersonalData = Base64Utils.encode(encPersonData); Logger.debug("Encrypt personData finished. --> Send token to device."); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(encAndEncodedPersonalData); + out.print(personInformationToTransfer); out.flush(); return; @@ -539,7 +531,7 @@ public class SSOTransferServlet{ BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false)); DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024); - Pair dhKeyIDP = createSpecificKey(dhSpec.getP(), dhSpec.getG()); + Pair dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG()); container.setDhParams(dhKeyIDP); //store container @@ -575,17 +567,7 @@ public class SSOTransferServlet{ guiBuilder.build(resp, config, "SSO-Session Transfer-Module"); } - - public byte[] enOrDeCryptCSR(byte[] binBlob, byte[] binSecret, int mode) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException { - byte[] decrypted = null; - SecretKeySpec skeySpec = new SecretKeySpec(binSecret, "AES"); - Cipher cipher = Cipher.getInstance("AES"); - cipher.init(mode, skeySpec); - decrypted = cipher.doFinal(binBlob); - - return decrypted; - } - + private X509Certificate signCSRWithMOAKey(byte[] inputCSR) throws IOException, OperatorCreationException, PKCSException, CredentialsNotAvailableException, CertificateException { PKCS10CertificationRequest csr = new PKCS10CertificationRequest(inputCSR); @@ -613,20 +595,7 @@ public class SSOTransferServlet{ } - - private static byte[] getSecret(DHPublicKeySpec kspectrans, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { - KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman"); - aKeyAgree.init(privateKey); - - KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); - PublicKey pub = kfactory.generatePublic(kspectrans); - aKeyAgree.doPhase(pub, true); - - byte[] secretKey = aKeyAgree.generateSecret(); - return secretKey; - - } - + private JsonObject getJSONObjectFromPostMessage(HttpServletRequest req, boolean developmentMode) { //read POST request StringBuffer sb = new StringBuffer(); @@ -662,20 +631,4 @@ public class SSOTransferServlet{ } - private Pair createSpecificKey(BigInteger p, BigInteger g) throws Exception { - KeyPairGenerator kpg = KeyPairGenerator.getInstance("DiffieHellman"); - - DHParameterSpec param = new DHParameterSpec(p, g); - kpg.initialize(param); - KeyPair kp = kpg.generateKeyPair(); - - KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); - - Pair pair = new Pair( - (DHPublicKeySpec) kfactory.getKeySpec(kp.getPublic(), DHPublicKeySpec.class), kp.getPrivate()); - return pair; - - } - - } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index e3c8efb50..be27de9a1 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -22,6 +22,11 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; +import java.math.BigInteger; +import java.security.PrivateKey; + +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPublicKeySpec; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -31,12 +36,18 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; /** * @author tlenz @@ -46,6 +57,7 @@ import at.gv.egovernment.moa.logging.Logger; public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; + @Autowired SSOContainerUtils ssoTransferUtils; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -64,10 +76,30 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { response.sendError(500, "Requested URL is not allowed."); } - - GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, pendingReq.getRequestID()); + + //use predefined parameters + BigInteger prime = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_PRIME_BASE64, false)); + BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false)); + DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024); + + Pair dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG()); + String nonce = Random.nextLongRandom(); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, + pendingReq.getRequestID(), nonce, dhKeyIDP.getF()); + //store DH params and nonce to pending-request + SSOTransferContainer container = new SSOTransferContainer(); + container.setDhParams(dhKeyIDP); + pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container); + pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //set flag + executionContext.put("sessionRestoreFinished", false); + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 526f45be3..6d9b43e5b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -24,12 +24,15 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import java.io.BufferedReader; import java.io.IOException; +import java.math.BigInteger; +import java.security.MessageDigest; +import javax.crypto.Cipher; +import javax.crypto.spec.DHPublicKeySpec; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; -import org.apache.velocity.VelocityContext; import org.joda.time.DateTime; import org.opensaml.saml2.core.Response; import org.springframework.beans.factory.annotation.Autowired; @@ -42,16 +45,20 @@ import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * @author tlenz @@ -100,6 +107,14 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } + String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); + SSOTransferContainer container = pendingReq.getGenericData( + SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); + if (container == null) { + throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", null); + + } + if (MiscUtil.isNotEmpty(receivedPostMessage)) { Logger.debug("Receive POST-Message data. Start data-validation process ... "); @@ -109,40 +124,81 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject(); String validTo = reveivedSession.get("validTo").getAsString(); String entityID = reveivedSession.get("entityID").getAsString(); - String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); + //String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); + +// Logger.trace("Blob:" + sessionBlob + +// " | validTo:" + validTo + +// " | entityIS:" + entityID); + + + //TODO!!!! + String mobilePubKeyBase64 = reveivedSession.get( + SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString(); + String encSessionBlobBase64 = new String(); - Logger.trace("Blob:" + sessionBlob + - " | validTo:" + validTo + - " | entityIS:" + entityID); + Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + " | SessionBlob:" + encSessionBlobBase64); + + //finish DH key agreement + BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, true)); + DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, + container.getDhParams().getF().getP(), + container.getDhParams().getF().getG()); + byte[] sharedSecret = ssoTransferUtils.getSecret(mobilePubKeySpec, container.getDhParams().getS()); + + //build ASE256 key + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + digest.reset(); + byte[] hashedSecret = digest.digest(sharedSecret); + + //decrypt CSR + Logger.debug("Finished Diffie-Hellman key exchange. --> Starting SessionBlob decryption ..."); + byte[] encryptedSessionBlob = Base64Utils.decode(encSessionBlobBase64, true); + Logger.debug("EncSessionBlob:" + Base64Utils.encode(encryptedSessionBlob) + " | Key:" + Base64Utils.encode(hashedSecret)); + + byte[] sessionBlobArray = ssoTransferUtils.enOrDeCryptCSR(encryptedSessionBlob, hashedSecret, Cipher.DECRYPT_MODE); + String sessionBlob = new String(sessionBlobArray, "UTF-8"); + Logger.debug("DecSessionBlob:" + sessionBlob); - if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) { - // stored SSO session data is from this IDP - start local session reconstruction - Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob, entityID); - - //transfer SSO Assertion into MOA-Session - ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); - - // store MOASession into database - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); - } - - executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); - executionContext.put("sessionRestoreFinished", false); - - } else { - Logger.info("Received SSO session-data is from IDP: " + entityID - + ". Start inderfederation process to restore SSO session ... "); - //change to inderfederated session reconstruction - - Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!"); + //parse SAML2 assertion + Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob); + + //validate signature + AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); + String holderOfKeyCertBase64 = attributeExtractor.getSingleAttributeValue(PVPConstants.PVP_HOLDEROFKEY_NAME); + byte[] holderOfKeyCertEncoded = Base64Utils.decode(holderOfKeyCertBase64, false); + X509Certificate holderOfKeyCert = new X509Certificate(holderOfKeyCertEncoded); + Logger.debug("Found HolderOfKey Certificate:" + holderOfKeyCert.getSubjectDN().toString()); + + + //TODO: implement Signature validation + + Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); + + + //transfer SSO Assertion into MOA-Session + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor); + + // store MOASession into database + try { + authenticatedSessionStorage.storeSession(moasession); + + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); + executionContext.put("sessionRestoreFinished", false); + + +// Logger.info("Received SSO session-data is from IDP: " + entityID +// + ". Start inderfederation process to restore SSO session ... "); +// //change to inderfederated session reconstruction +// +// Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!"); - } + } catch (Exception e) { Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e); @@ -171,7 +227,6 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("No restored SSO session found --> Wait a few minutes and check again."); executionContext.put("sessionRestoreFinished", false); - VelocityContext context; try { //create first step of SSO Transfer GUI authURL = HTTPUtils.extractAuthURLFromRequest(request); @@ -183,7 +238,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } GUIUtils.buildSSOTransferGUI(guiBuilder, response, - authURL, pendingReq.getRequestID()); + authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index b1446c4d2..13a278d1d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; import java.io.ByteArrayOutputStream; import java.io.IOException; +import javax.crypto.spec.DHPublicKeySpec; import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; @@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; @@ -50,18 +52,50 @@ public class GUIUtils { public static void buildSSOTransferGUI( IGUIFormBuilder guiBuilder, HttpServletResponse httpResp, String authURL, String pendingReqID) throws ConfigurationException, IOException { + buildSSOTransferGUI(guiBuilder, httpResp, authURL, pendingReqID, null, null); + + } + + /** + * @param guiBuilder + * @param response + * @param authURL + * @param requestID + * @param nonce + * @param dhKeyIDP + * @throws ConfigurationException + * @throws IOException + */ + public static void buildSSOTransferGUI(IGUIFormBuilder guiBuilder, HttpServletResponse response, String authURL, + String requestID, String nonce, DHPublicKeySpec dhKeyIDP) throws ConfigurationException, IOException { try { String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; + + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID; + + + JsonObject qrResult = new JsonObject(); qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + + if (MiscUtil.isNotEmpty(nonce)) + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_NONCE, nonce); + if (dhKeyIDP != null) { + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY, + Base64Utils.encode(dhKeyIDP.getY().toByteArray())); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PRIME, + Base64Utils.encode(dhKeyIDP.getP().toByteArray())); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_GENERATOR, + Base64Utils.encode(dhKeyIDP.getG().toByteArray())); + + } + ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream(); String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( @@ -74,13 +108,13 @@ public class GUIUtils { config.putCustomParameter("timeoutURL", containerURL); config.putCustomParameter("timeout", REFESH_TIMEOUT); - guiBuilder.build(httpResp, config, "SSO-Transfer-Module"); + guiBuilder.build(response, config, "SSO-Transfer-Module"); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e); throw new ConfigurationException("builder.09", new Object[]{e.getMessage()}, e); } - + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 9683d5cb7..ab0aba6a7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -25,14 +25,31 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringWriter; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; import java.security.cert.CertificateException; +import java.security.spec.InvalidKeySpecException; import java.util.ArrayList; import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyAgreement; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPublicKeySpec; +import javax.crypto.spec.SecretKeySpec; import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -83,6 +100,7 @@ import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -149,8 +167,8 @@ public class SSOContainerUtils { @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired AuthConfiguration authConfig; - public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { - AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); + public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, AssertionAttributeExtractor attributeExtractor) throws AssertionAttributeExtractorExeption, ConfigurationException { +// AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); //TODO: maybe change to correct URL //set dummy BKU URLx @@ -251,7 +269,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer, String entityID) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false); final BasicParserPool ppMgr = new BasicParserPool(); @@ -298,7 +316,7 @@ public class SSOContainerUtils { //validate PVP 2.1 assertion samlVerificationEngine.validateAssertion(ssoContainer, false, credentials.getIDPAssertionEncryptionCredential(), - entityID, + ssoContainer.getIssuer().getValue(), "SSO-Session Transfer module" ); return ssoContainer; @@ -319,7 +337,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, - AuthenticationSession authSession, Date date) { + AuthenticationSession authSession, Date date, byte[] hashedSecret) { try { String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils @@ -363,25 +381,68 @@ public class SSOContainerUtils { String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + byte[] encPersonData = enOrDeCryptCSR(ssoDataBlob.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE); + String encAndEncodedPersonalData = Base64Utils.encode(encPersonData); + + JsonObject container = new JsonObject(); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_SSO); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName()); - container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, ssoDataBlob); + + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, encAndEncodedPersonalData); //TODO container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at"); return container.toString(); - } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException e) { + } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { Logger.warn("SSO container generation FAILED.", e); } return null; } + public byte[] enOrDeCryptCSR(byte[] binBlob, byte[] binSecret, int mode) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException { + byte[] decrypted = null; + SecretKeySpec skeySpec = new SecretKeySpec(binSecret, "AES"); + Cipher cipher = Cipher.getInstance("AES"); + cipher.init(mode, skeySpec); + decrypted = cipher.doFinal(binBlob); + + return decrypted; + } + + public Pair createSpecificKey(BigInteger p, BigInteger g) throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DiffieHellman"); + + DHParameterSpec param = new DHParameterSpec(p, g); + kpg.initialize(param); + KeyPair kp = kpg.generateKeyPair(); + + KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); + + Pair pair = new Pair( + (DHPublicKeySpec) kfactory.getKeySpec(kp.getPublic(), DHPublicKeySpec.class), kp.getPrivate()); + return pair; + + } + + public byte[] getSecret(DHPublicKeySpec kspectrans, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { + KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman"); + aKeyAgree.init(privateKey); + + KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); + PublicKey pub = kfactory.generatePublic(kspectrans); + aKeyAgree.doPhase(pub, true); + + byte[] secretKey = aKeyAgree.generateSecret(); + return secretKey; + + } + private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); -- cgit v1.2.3 From b107abdc2655e62c5d11219f2b90a8e0a85bda91 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 23 Mar 2016 09:48:23 +0100 Subject: update Session-Transfer-Module --- .../moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index ab0aba6a7..bf1c7f773 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -518,7 +518,7 @@ public class SSOContainerUtils { transformer.transform(source, sr); sw.close(); - return Base64Utils.encode(sw.toString().getBytes()); + return sw.toString(); } -- cgit v1.2.3 From 2360a1be1c26b360af0ef66e0c2d0b126b26719b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 24 Mar 2016 09:02:56 +0100 Subject: add log messages to SSO transfer modul --- .../moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index bf1c7f773..753da96de 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -379,12 +379,16 @@ public class SSOContainerUtils { sessionIndex, subjectConfirmationData.getNotOnOrAfter()); - String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + //build blob with signed session information + String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + Logger.debug("Unencrypted SessionBlob:" + ssoDataBlob); + //encrypt session information with ephemeral key byte[] encPersonData = enOrDeCryptCSR(ssoDataBlob.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE); String encAndEncodedPersonalData = Base64Utils.encode(encPersonData); - + Logger.debug("Encrypted SessionBlob:" + encAndEncodedPersonalData); + //build JSON response JsonObject container = new JsonObject(); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_SSO); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); -- cgit v1.2.3 From 5848cd0057ad9f607e8c117c18481f5caebfd357 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 24 Mar 2016 17:03:22 +0100 Subject: update Session-Transfer-Module to restore session --- .../verification/SAMLVerificationEngineSP.java | 14 ++- .../modules/ssotransfer/SSOTransferConstants.java | 7 ++ .../ssotransfer/servlet/SSOTransferServlet.java | 2 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 117 +++++++++++++++------ .../ssotransfer/utils/SSOContainerUtils.java | 25 ++--- .../src/test/java/at/gv/egiz/tests/Tests.java | 17 +++ 6 files changed, 134 insertions(+), 48 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java index d9bc7daaf..385fe90fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java @@ -62,7 +62,7 @@ import at.gv.egovernment.moa.logging.Logger; public class SAMLVerificationEngineSP extends SAMLVerificationEngine { @Autowired AuthConfiguration authConfig; - + /** * Validate a PVP response and all included assertions * @@ -74,6 +74,13 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine { * @throws AssertionValidationExeption */ public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName) throws AssertionValidationExeption { + validateAssertion(samlResp, validateDestination, assertionDecryption, spEntityID, loggerSPName, true); + + } + + + public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName, + boolean validateDateTime) throws AssertionValidationExeption { try { if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List saml2assertions = new ArrayList(); @@ -102,7 +109,7 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine { throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' attribute is not included"}); } - if (issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { + if (validateDateTime && issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { Logger.warn("PVP response: IssueInstant DateTime is not valid anymore."); throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' Time is not valid any more"}); @@ -150,7 +157,8 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine { if (conditions != null) { DateTime notbefore = conditions.getNotBefore().minusMinutes(5); DateTime notafter = conditions.getNotOnOrAfter(); - if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + if (validateDateTime && + (notbefore.isAfterNow() || notafter.isBeforeNow()) ) { isAssertionValid = false; Logger.info("Assertion:" + saml2assertion.getID() + " is out of Date. " diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java index 1ee715afa..1a4356653 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -59,11 +59,18 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_SESSION = "session"; public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint"; public static final String SSOCONTAINER_KEY_NONCE = "nonce"; + public static final String SSOCONTAINER_KEY_BLOB = "blob"; + public static final String SSOCONTAINER_KEY_SIGNATURE = "signature"; + public static final String SSOCONTAINER_KEY_UNIQUEUSERID = "bPK"; + + public static final String SSOCONTAINER_KEY_STATUS = "status"; public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag"; public static final long CERT_VALIDITY = 700; //2 years public static final String PENDINGREQ_DH = "dhparams"; public static final String PENDINGREQ_NONCE = "nonce"; + + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 7cf7c914a..b18425839 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -278,7 +278,7 @@ public class SSOTransferServlet{ @RequestMapping(value = { "/TransmitSSOSession" }, - method = {RequestMethod.GET}) + method = {RequestMethod.GET, RequestMethod.POST}) public void transferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException { Logger.debug("Receive " + this.getClass().getName() + " request"); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 6d9b43e5b..dd133e4fb 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import java.io.BufferedReader; import java.io.IOException; +import java.io.PrintWriter; import java.math.BigInteger; import java.security.MessageDigest; @@ -96,48 +97,57 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.warn("Received POST-message produce an ERROR.", e); } - - //session is valid --> load MOASession object - try { - defaultTaskInitialization(request, executionContext); - - } catch (MOAIDException | MOADatabaseException e1) { - Logger.error("Database Error! MOASession is not stored!"); - throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); - - } - + String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); SSOTransferContainer container = pendingReq.getGenericData( SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); if (container == null) { - throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", null); + throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", + new MOAIDException("NO DH-Params in pending-request", null)); } if (MiscUtil.isNotEmpty(receivedPostMessage)) { Logger.debug("Receive POST-Message data. Start data-validation process ... "); + JsonObject responseMsg = new JsonObject(); try { + Logger.debug("Unformated Msg:" + receivedPostMessage); + JsonParser parser = new JsonParser(); - JsonObject reveivedData = (JsonObject) parser.parse(sb.toString()); - JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject(); - String validTo = reveivedSession.get("validTo").getAsString(); - String entityID = reveivedSession.get("entityID").getAsString(); - //String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); - -// Logger.trace("Blob:" + sessionBlob + -// " | validTo:" + validTo + -// " | entityIS:" + entityID); - - - //TODO!!!! - String mobilePubKeyBase64 = reveivedSession.get( + JsonObject receivedData = (JsonObject) parser.parse(sb.toString()); + + JsonObject receivedSession = receivedData.get( + SSOTransferConstants.SSOCONTAINER_KEY_SESSION).getAsJsonObject(); + + Logger.debug("Received Session-Object:"+ receivedSession.toString()); + + String signature = receivedData.get( + SSOTransferConstants.SSOCONTAINER_KEY_SIGNATURE).getAsString(); + String mobilePubKeyBase64 = receivedData.get( SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString(); - String encSessionBlobBase64 = new String(); + + String respNonce = receivedSession.get( + SSOTransferConstants.PENDINGREQ_NONCE).getAsString(); + String encSessionBlobBase64 = receivedSession.get( + SSOTransferConstants.SSOCONTAINER_KEY_BLOB).getAsString(); - Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + " | SessionBlob:" + encSessionBlobBase64); + Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + + " | SessionBlob:" + encSessionBlobBase64 + + " | Nonce:" + respNonce + + " | Signature:" + signature + + " | SignedData:" + receivedSession.toString()); + if (MiscUtil.isEmpty(respNonce) || !respNonce.equals(nonce)) { + Logger.warn("Received 'nonce':" + respNonce + + " does not match to stored 'nonce':" + nonce); + throw new TaskExecutionException(pendingReq, "Received 'nonce':" + respNonce + + " does not match to stored 'nonce':" + nonce, + new MOAIDException("Received 'nonce':" + respNonce + " does not match to stored 'nonce':" + nonce, null)); + + } + + //finish DH key agreement BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, true)); DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, @@ -175,6 +185,16 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); + //session is valid --> load MOASession object + try { + defaultTaskInitialization(request, executionContext); + + } catch (MOAIDException | MOADatabaseException e1) { + Logger.error("Database Error! MOASession is not stored!"); + throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); + + } + //transfer SSO Assertion into MOA-Session ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor); @@ -190,8 +210,18 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); executionContext.put("sessionRestoreFinished", false); - + + + responseMsg.addProperty( + SSOTransferConstants.SSOCONTAINER_KEY_STATUS, + "OK"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(responseMsg.toString()); + out.flush(); + // Logger.info("Received SSO session-data is from IDP: " + entityID // + ". Start inderfederation process to restore SSO session ... "); // //change to inderfederated session reconstruction @@ -202,8 +232,20 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } catch (Exception e) { Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e); - throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e); - + //throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e); + try { + responseMsg.addProperty( + SSOTransferConstants.SSOCONTAINER_KEY_STATUS, + "FAILED"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(responseMsg.toString()); + out.flush(); + } catch (IOException e1) { + e1.printStackTrace(); + + } } } else { @@ -218,10 +260,21 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { executionContext.put("sessionRestoreFinished", true); } else { + //session is valid --> load MOASession object + try { + defaultTaskInitialization(request, executionContext); + + } catch (MOAIDException | MOADatabaseException e1) { + Logger.error("Database Error! MOASession is not stored!"); + throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); + + } + DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); - if (moaSessionCreated.plusMinutes(3).isBeforeNow()) { + if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); - throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", null); + throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", + new MOAIDException("No SSO container received from smartphone app.", null)); } else { Logger.debug("No restored SSO session found --> Wait a few minutes and check again."); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 753da96de..0785f767b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -129,6 +129,7 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.util.BpkUtil; import iaik.x509.X509Certificate; /** @@ -269,16 +270,14 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { - byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false); - + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { final BasicParserPool ppMgr = new BasicParserPool(); final HashMap features = new HashMap(); features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); ppMgr.setBuilderFeatures(features); ppMgr.setNamespaceAware(true); - Document document = ppMgr.parse(new ByteArrayInputStream(base64decodedContainer)); + Document document = ppMgr.parse(new ByteArrayInputStream(signedEncryptedContainer.getBytes())); Element domElement = document.getDocumentElement(); UnmarshallerFactory saml2UnmarshallerFactory = Configuration.getUnmarshallerFactory(); @@ -317,8 +316,8 @@ public class SSOContainerUtils { samlVerificationEngine.validateAssertion(ssoContainer, false, credentials.getIDPAssertionEncryptionCredential(), ssoContainer.getIssuer().getValue(), - "SSO-Session Transfer module" - ); + "SSO-Session Transfer module", + false); return ssoContainer; } else { @@ -369,7 +368,7 @@ public class SSOContainerUtils { IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( - authURL, + entityID, entityID, new DateTime(date.getTime()), authnContextClassRef, @@ -380,7 +379,7 @@ public class SSOContainerUtils { subjectConfirmationData.getNotOnOrAfter()); //build blob with signed session information - String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + String ssoDataBlob = buildSSOContainerObject(entityID, assertion, new DateTime(date.getTime())); Logger.debug("Unencrypted SessionBlob:" + ssoDataBlob); //encrypt session information with ephemeral key @@ -394,8 +393,10 @@ public class SSOContainerUtils { container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName()); - + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, encAndEncodedPersonalData); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_UNIQUEUSERID, + BpkUtil.calcBPK(authData.getIdentificationValue(), "AB")); //TODO container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at"); @@ -447,13 +448,13 @@ public class SSOContainerUtils { } - private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { + private String buildSSOContainerObject(String entityID, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(authURL); + nissuer.setValue(entityID); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); @@ -541,7 +542,7 @@ public class SSOContainerUtils { Logger.info("SSO-Transfer attribute " + el + " is empty!"); } catch (Exception e) { - Logger.warn("Build SSO-Transfer attribute " + el + " FAILED.", e); + Logger.info("Build SSO-Transfer attribute " + el + " FAILED:" + e.getMessage()); } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 57f4d11ad..0eb71ec92 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -22,6 +22,10 @@ */ package at.gv.egiz.tests; +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; + /** * @author tlenz * @@ -53,6 +57,19 @@ public class Tests { + JsonObject responseMsg = new JsonObject(); + responseMsg.addProperty( + SSOTransferConstants.SSOCONTAINER_KEY_STATUS, + "OK"); + + + JsonObject levelTwo = new JsonObject(); + levelTwo.addProperty("test", "12345"); + + responseMsg.add("levelTwo", levelTwo ); + + + System.out.println(responseMsg.toString()); // } catch (IOException e) { // // TODO Auto-generated catch block -- cgit v1.2.3 From ab67fbdf5d661a33b67436c70db0dcb8b840cf57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 31 Mar 2016 08:03:28 +0200 Subject: if database cleanUP process found some unhandled exception, write error messages to technical log --- id/server/auth-final/pom.xml | 2 +- .../moa/id/auth/AuthenticationSessionCleaner.java | 76 +++++++++++++++++++++- .../moa/id/auth/servlet/AbstractController.java | 24 ++++++- .../AbstractProcessEngineSignalController.java | 6 +- .../moa/id/data/ExceptionContainer.java | 65 ++++++++++++++++++ .../protocols/ProtocolFinalizationController.java | 12 ++-- .../moa/id/storage/DBTransactionStorage.java | 37 ++++++----- .../moa/id/storage/ITransactionStorage.java | 15 ++++- .../servlet/SSOTransferSignalServlet.java | 6 +- 9 files changed, 207 insertions(+), 36 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 776ec00d3..61eba7f22 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -165,7 +165,7 @@ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 94138e0fc..e0552c337 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -4,15 +4,22 @@ package at.gv.egovernment.moa.id.auth; import java.util.Date; +import java.util.List; +import org.hibernate.HibernateException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.data.ExceptionContainer; +import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Thread cleaning the AuthenticationServer session store @@ -53,11 +60,55 @@ public class AuthenticationSessionCleaner implements Runnable { authenticationSessionStorage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); //clean TransactionStorage - transactionStorage.clean(now, authDataTimeOut); + List entryKeysToClean = transactionStorage.clean(now, authDataTimeOut); + if (entryKeysToClean != null && entryKeysToClean.size() != 0) { + for(String entryKey : entryKeysToClean) { + try { + try { + Object entry = transactionStorage.get(entryKey); + //if entry is an exception --> log it because is could be unhandled + if (entry != null && entry instanceof ExceptionContainer) { + ExceptionContainer exContainer = (ExceptionContainer) entry; + + if (exContainer.getExceptionThrown() != null) { + //add session and transaction ID to log if exists + if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID())) + TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID()); + + if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID())) + TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID()); + + //log exception to technical log + logExceptionToTechnicalLog(exContainer.getExceptionThrown()); + + //remove session and transaction ID from thread + TransactionIDUtils.removeSessionId(); + TransactionIDUtils.removeTransactionId(); + } + } + + } catch (Exception e) { + Logger.info("Transaction info is not loadable. " + + "Key:" + entryKey + + " ErrorMsg:" + e.getMessage()); + + } + + transactionStorage.remove(entryKey); + Logger.info("Remove stored information with ID: " + entryKey + + " after timeout."); + + } catch (HibernateException e){ + Logger.warn("Transaction information with ID=" + entryKey + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } } catch (Exception e) { - Logger.error("Session cleanUp FAILED!" , e); + Logger.error("Session/Transaction cleanUp FAILED!" , e); } @@ -72,6 +123,27 @@ public class AuthenticationSessionCleaner implements Runnable { } } + /** + * Write a Exception to the MOA-ID-Auth internal technical log + * + * @param loggedException Exception to log + */ + protected void logExceptionToTechnicalLog(Throwable loggedException) { + if (!( loggedException instanceof MOAIDException + || loggedException instanceof ProcessExecutionException )) { + Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); + + } else { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { + Logger.warn(loggedException.getMessage(), loggedException); + + } else { + Logger.info(loggedException.getMessage()); + + } + } + } + /** * start the sessionCleaner */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index e51f3e6c9..fd2e03afa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; @@ -42,10 +43,12 @@ import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.data.ExceptionContainer; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; @@ -101,8 +104,12 @@ public abstract class AbstractController extends MOAIDAuthConstants { } protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { + HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws IOException { + String pendingRequestID = null; + if (pendingReq != null) + pendingRequestID = pendingReq.getRequestID(); + Throwable loggedException = null; Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown); @@ -127,8 +134,19 @@ public abstract class AbstractController extends MOAIDAuthConstants { //switch to protocol-finalize method to generate a protocol-specific error message //put exception into transaction store for redirect - String key = Random.nextRandom(); - transactionStorage.put(key, loggedException); + String key = Random.nextLongRandom(); + if (pendingReq != null) { + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); + transactionStorage.put(key, + new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), loggedException)); + + } else { + transactionStorage.put(key, + new ExceptionContainer(null, + null, loggedException)); + + } //build up redirect URL String redirectURL = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 7a4ee35fa..0ce7b0050 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -28,14 +28,14 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req)); - + IRequest pendingReq = null; try { if (pendingRequestID == null) { throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."}); } - IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); + pendingReq = requestStorage.getPendingRequest(pendingRequestID); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); @@ -60,7 +60,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont processEngine.signal(pendingReq); } catch (Exception ex) { - handleError(null, ex, req, resp, pendingRequestID); + handleError(null, ex, req, resp, pendingReq); } finally { //MOASessionDBUtils.closeSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java new file mode 100644 index 000000000..5e3fb5df6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java @@ -0,0 +1,65 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +/** + * @author tlenz + * + */ +public class ExceptionContainer { + + private Throwable exceptionThrown = null; + private String uniqueSessionID = null; + private String uniqueTransactionID = null; + + /** + * + */ + public ExceptionContainer(String uniqueSessionID, String uniqueTransactionID, Throwable exception) { + this.uniqueSessionID = uniqueSessionID; + this.uniqueTransactionID = uniqueTransactionID; + this.exceptionThrown = exception; + } + + /** + * @return the exceptionThrown + */ + public Throwable getExceptionThrown() { + return exceptionThrown; + } + /** + * @return the uniqueSessionID + */ + public String getUniqueSessionID() { + return uniqueSessionID; + } + /** + * @return the uniqueTransactionID + */ + public String getUniqueTransactionID() { + return uniqueTransactionID; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 991c6a881..0da43d818 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.data.ExceptionContainer; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -66,15 +67,14 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon if (errorid != null) { try { //load stored exception from database - Throwable throwable = transactionStorage.get(errorid, Throwable.class); - - if (throwable != null) { + ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class); + if (container != null) { //remove exception if it was found transactionStorage.remove(errorid); - if (pendingReq != null) { - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); - + Throwable throwable = container.getExceptionThrown(); + + if (pendingReq != null) { //build protocol-specific error message if possible buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java index ff631a720..6778dc32e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.storage; import java.io.Serializable; +import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -99,6 +100,17 @@ public class DBTransactionStorage implements ITransactionStorage { } } + public Object get(String key) throws MOADatabaseException { + AssertionStore element = searchInDatabase(key); + + if (element == null) + return null; + + return SerializationUtils.deserialize(element.getAssertion()); + + + } + public T get(String key, final Class clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException { AssertionStore element = searchInDatabase(key); @@ -134,10 +146,11 @@ public class DBTransactionStorage implements ITransactionStorage { } } - public void clean(Date now, long dataTimeOut) { + public List clean(Date now, long dataTimeOut) { Date expioredate = new Date(now.getTime() - dataTimeOut); List results; + List returnValues = new ArrayList();; Session session = MOASessionDBUtils.getCurrentSession(); synchronized (session) { @@ -146,22 +159,14 @@ public class DBTransactionStorage implements ITransactionStorage { query.setTimestamp("timeout", expioredate); results = query.list(); session.getTransaction().commit(); - - if (results.size() != 0) { - for(AssertionStore result : results) { - try { - cleanDelete(result); - Logger.info("Remove stored information with ID: " + result.getArtifact() - + " after timeout."); - - } catch (HibernateException e){ - Logger.warn("Sessioninformation with ID=" + result.getArtifact() - + " not removed after timeout! (Error during Database communication)", e); - } - - } - } } + + if (results != null) { + for (AssertionStore el : results) + returnValues.add(el.getArtifact()); + + } + return returnValues; } public void remove(String key) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java index 48283d2b6..fe959c39d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.storage; import java.util.Date; +import java.util.List; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -50,6 +51,15 @@ public interface ITransactionStorage { */ public void put(String key, Object value) throws MOADatabaseException; + /** + * Get a data object from transaction storage + * + * @param key key Id which identifiers the data object + * @return The transaction-data object, or null + * @throws MOADatabaseException In case of load operation failed + */ + public Object get(String key) throws MOADatabaseException; + /** * Get a data object from transaction storage * @@ -91,11 +101,12 @@ public interface ITransactionStorage { public void remove(String key); /** - * Clean-up the transaction storage + * Get all entries for Clean-up the transaction storage * * @param now Current time * @param dataTimeOut Data-object timeout in [ms] + * @return List of entry-keys which as a timeout */ - public void clean(Date now, long dataTimeOut); + public List clean(Date now, long dataTimeOut); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index cd18afb71..e92925dfb 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -61,13 +61,13 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl @Override protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req)); - + IRequest pendingReq = null; try { if (pendingRequestID == null) { throw new IllegalStateException("Unable to determine MOA pending-request id."); } - IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); + pendingReq = requestStorage.getPendingRequest(pendingRequestID); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); @@ -87,7 +87,7 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl processEngine.signal(pendingReq); } catch (Exception ex) { - handleError(null, ex, req, resp, pendingRequestID); + handleError(null, ex, req, resp, pendingReq); } finally { //MOASessionDBUtils.closeSession(); -- cgit v1.2.3 From 4b932484d66ef161bb547a419fdc32f04677fe57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Apr 2016 10:44:11 +0200 Subject: fix some possible problems with STORK configuration in config-GUI --- .../id/configuration/data/GeneralStorkConfig.java | 38 +++++---- .../id/configuration/data/oa/OASTORKConfig.java | 19 +++-- .../struts/action/EditGeneralConfigAction.java | 99 +++++++++++++++------- .../validation/moaconfig/MOAConfigValidator.java | 2 +- .../validation/moaconfig/StorkConfigValidator.java | 55 ++++++------ .../src/main/webapp/jsp/editMOAConfig.jsp | 7 +- .../task/impl/GeneralMOAIDConfigurationTask.java | 8 +- .../task/impl/GeneralSTORKConfigurationTask.java | 54 ++++++------ .../StartAuthentificationParameterParser.java | 2 +- .../PropertyBasedAuthConfigurationProvider.java | 10 ++- .../moa/id/auth/AuthenticationServer.java | 14 +-- .../data/SSOTransferAuthenticationData.java | 5 +- 12 files changed, 191 insertions(+), 122 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index d8bb0179c..e71bad299 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ForeignIdentities; @@ -34,8 +36,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; -import org.apache.log4j.Logger; - public class GeneralStorkConfig { private List cpepslist; @@ -61,7 +61,9 @@ public class GeneralStorkConfig { public void parse(MOAIDConfiguration config) { log.info("Initializing general Stork config"); - + + cpepslist = new ArrayList(); + attributes = new ArrayList(); if (config != null) { AuthComponentGeneral auth = config.getAuthComponentGeneral(); @@ -71,15 +73,14 @@ public class GeneralStorkConfig { if (foreign != null) { STORK stork = foreign.getSTORK(); - cpepslist = new ArrayList(); - attributes = new ArrayList(); - + if (stork != null) { // deep clone all the things - // to foreclose lazyloading session timeouts - - for(CPEPS current : stork.getCPEPS()) { - cpepslist.add(current); + // to foreclose lazyloading session timeouts + if (stork.getCPEPS() != null) { + for(CPEPS current : stork.getCPEPS()) { + cpepslist.add(current); + } } List tmp = stork.getAttributes(); @@ -91,19 +92,26 @@ public class GeneralStorkConfig { try { qaa = stork.getQualityAuthenticationAssuranceLevel(); + } catch(NullPointerException e) { qaa = 4; } } - if (cpepslist.isEmpty()) - cpepslist = null; - - if(attributes.isEmpty()) - attributes.add(new StorkAttribute()); } } } + + if (cpepslist.isEmpty()) { + CPEPS defaultCPEPS = new CPEPS(); + defaultCPEPS.setCountryCode("CC"); + defaultCPEPS.setURL("http://"); + defaultCPEPS.setSupportsXMLSignature(true); + cpepslist.add(defaultCPEPS ); + + } + if(attributes.isEmpty()) + attributes.add(new StorkAttribute()); } public List getRawCPEPSList() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 33277af07..c0e1eaaf7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.util.MiscUtil; //import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; public class OASTORKConfig implements IOnlineApplicationData{ @@ -120,8 +121,10 @@ public class OASTORKConfig implements IOnlineApplicationData{ enabledCitizenCountries = new ArrayList(); - for(CPEPS current : config.getCPEPS()) - enabledCitizenCountries.add(current.getCountryCode()); + if (config.getCPEPS() != null) { + for(CPEPS current : config.getCPEPS()) + enabledCitizenCountries.add(current.getCountryCode()); + } // prepare attribute helper list attributes = new ArrayList(); @@ -130,9 +133,11 @@ public class OASTORKConfig implements IOnlineApplicationData{ for(StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) { AttributeHelper tmp = null; - for(OAStorkAttribute sepp : config.getOAAttributes()) - if(sepp.getName().equals(current.getName())) - tmp = new AttributeHelper(sepp); + if (config.getOAAttributes() != null) { + for(OAStorkAttribute sepp : config.getOAAttributes()) + if(sepp.getName() != null && sepp.getName().equals(current.getName())) + tmp = new AttributeHelper(sepp); + } if(null == tmp) tmp = new AttributeHelper(current); @@ -248,12 +253,14 @@ public class OASTORKConfig implements IOnlineApplicationData{ if (generalConfStorkAttr != null) { for(StorkAttribute currentAttribute : generalConfStorkAttr) - if(currentAttribute.getName().equals(current.getName())) { + if(MiscUtil.isNotEmpty(currentAttribute.getName()) && + currentAttribute.getName().equals(current.getName())) { if(current.isUsed() || currentAttribute.isMandatory()) { OAStorkAttribute tmp = new OAStorkAttribute(); tmp.setName(current.getName()); tmp.setMandatory(current.isMandatory()); result.add(tmp); + } break; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 504b598c0..d12c1342c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -542,42 +542,77 @@ public class EditGeneralConfigAction extends BasicAction { forcon.setURL(moaconfig.getSzrgwURL()); } - ForeignIdentities foreign = dbauth.getForeignIdentities(); - if (foreign != null) { - STORK stork = foreign.getSTORK(); - if (stork == null) { - stork = new STORK(); - foreign.setSTORK(stork); - - } - - try { - log.error("QAAAA " + storkconfig.getDefaultQaa()); - stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); + ForeignIdentities foreign = dbauth.getForeignIdentities(); + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork == null) { + stork = new STORK(); + foreign.setSTORK(stork); - if (storkconfig.getAttributes() != null) - stork.setAttributes(storkconfig.getAttributes()); - - else + } + + try { + log.error("QAAAA " + storkconfig.getDefaultQaa()); + stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); + + if (storkconfig.getAttributes() != null) { + List dbStorkAttr = stork.getAttributes(); + if (dbStorkAttr == null) { + dbStorkAttr = new ArrayList(); + stork.setAttributes(dbStorkAttr); + + } + + for (StorkAttribute attr : storkconfig.getAttributes()) { + if (attr != null && MiscUtil.isNotEmpty(attr.getName())) + dbStorkAttr.add(attr); + + else + log.info("Remove null or empty STORK attribute"); + } + + } else stork.setAttributes((List) (new ArrayList())); - if (storkconfig.getCpepslist() != null) - - stork.setCPEPS(storkconfig.getCpepslist()); - else - stork.setCPEPS((List) (new ArrayList())); + if (storkconfig.getCpepslist() != null) { + List dbStorkCPEPS = stork.getCPEPS(); + if (dbStorkCPEPS == null) { + dbStorkCPEPS = new ArrayList(); + stork.setCPEPS(dbStorkCPEPS); + } + + for (CPEPS cpeps : storkconfig.getCpepslist()) { + if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && + MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + + if (cpeps.getCountryCode().equals("CC") && + cpeps.getURL().equals("http://")) + log.info("Remove dummy STORK CPEPS entry."); + + else + dbStorkCPEPS.add(cpeps); + + } else + log.info("Remove null or emtpy STORK CPEPS configuration"); + } - } catch (Exception e) { - e.printStackTrace(); - } - - try{ - log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); - log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); - } catch (Exception ex) { - log.info("CPEPS LIST is null"); - } - } + } else + stork.setCPEPS((List) (new ArrayList())); + + } catch (Exception e) { + e.printStackTrace(); + + } + + try{ + log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); + log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); + + } catch (Exception ex) { + log.info("CPEPS LIST is null"); + + } + } if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { OnlineMandates dbmandate = dbauth.getOnlineMandates(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index d4e8e957d..617e9cf51 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -367,7 +367,7 @@ public class MOAConfigValidator { check = form.getSsoTarget(); if (MiscUtil.isEmpty(check)) { log.info("Empty SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); + //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); } else { if (!ValidationHelper.isValidAdminTarget(check)) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index b73859d81..6b5c51e3f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -47,31 +47,33 @@ public class StorkConfigValidator { errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", new Object[] {check}, request )); } + + // check url + check = current.getURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("CPEPS config URL is invalid : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); + } + } else { + log.warn("CPEPS config url is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {check}, request )); + } + } else { log.warn("CPEPS config countrycode is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); +// errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", +// new Object[] {check}, request )); } - // check url - check = current.getURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("CPEPS config URL is invalid : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); - } - } else { - log.warn("CPEPS config url is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); - } } if (form.getCpepslist() != null) { // ensure uniqueness of country code for (CPEPS one : form.getCpepslist()) for (CPEPS another : form.getCpepslist()) - if (null != one && null != another) + if (null != one && null != another && one.getCountryCode() != null) if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); break; @@ -90,17 +92,20 @@ public class StorkConfigValidator { // check attributes if (MiscUtil.isNotEmpty(form.getAttributes())) { for(StorkAttribute check : form.getAttributes()) { - String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? - if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { - log.warn("default attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); - } - if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { - log.warn("default attributes do not match the requested format : " + check); + if (check != null && MiscUtil.isNotEmpty(check.getName())) { + String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? + if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check}, request )); - } + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); + } + if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {check}, request )); + } + + } } //TODO: STORK attributes check if no attribute is set diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index ac2c8de5a..45ea159e4 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -288,7 +288,12 @@ - + + + + + + " onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/> diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index 1c3e0fe13..270d0866c 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -435,10 +435,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SSO Target"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, - "SSO - Target", - LanguageHelper.getErrorString("validation.general.sso.target.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, +// "SSO - Target", +// LanguageHelper.getErrorString("validation.general.sso.target.empty"))); } else { diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index 1747e2207..8a1a2925b 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -133,38 +133,40 @@ public static final List KEYWHITELIST; LanguageHelper.getErrorString("validation.stork.cpeps.cc", new Object[] {cc}))); } - } else { - log.warn("CPEPS config countrycode is empty : " + cc); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST - + "." + cpepsKey, - "STORK - CPEPS Country", - LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {cc}))); - } - - // check url - if (MiscUtil.isNotEmpty(url)) { - if (!ValidationHelper.validateURL(url)) { - log.info("CPEPS config URL is invalid : " + url); + + // check url + if (MiscUtil.isNotEmpty(url)) { + if (!ValidationHelper.validateURL(url)) { + log.info("CPEPS config URL is invalid : " + url); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + index + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, + "STORK - CPEPS URL", + LanguageHelper.getErrorString("validation.stork.cpeps.url"))); + } + } else { + log.warn("CPEPS config url is empty : " + url); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + "." + index + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, "STORK - CPEPS URL", - LanguageHelper.getErrorString("validation.stork.cpeps.url"))); - } + LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {url}))); + + } + } else { - log.warn("CPEPS config url is empty : " + url); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST - + "." + index + "." - + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, - "STORK - CPEPS URL", - LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {url}))); - - } + log.warn("CPEPS config countrycode is empty : " + cc); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST +// + "." + cpepsKey, +// "STORK - CPEPS Country", +// LanguageHelper.getErrorString("validation.stork.cpeps.empty", +// new Object[] {cc}))); + } + validatedCPeps.put(cc, url); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 69c155c1e..140c7aebc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //validate SSO functionality - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); + String domainIdentifier = authConfig.getSSOTagetIdentifier(); if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) { //do not use SSO if no Target is set Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index 210bda3e6..348b1c45a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -738,13 +738,17 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide */ public String getSSOTagetIdentifier() throws ConfigurationException { try { - return configuration.getStringValue( + String value = configuration.getStringValue( MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET); - + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { Logger.warn("Single Sign-On Target can not be read from configuration.", e); - return null; + } + + return null; } /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 7122c6577..f5000581c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -167,12 +167,14 @@ public class AuthenticationServer extends BaseAuthenticationServer { } String infoboxReadRequest = ""; - if (pendingReq.needSingleSignOnFunctionality()) { - Logger.info("SSO Login requested"); + String ssoDomainIdentifier = authConfig.getSSOTagetIdentifier(); + if (MiscUtil.isNotEmpty(ssoDomainIdentifier) && + pendingReq.needSingleSignOnFunctionality()) { + Logger.debug("SSO Login requested"); //load identityLink with SSO Target boolean isbuisness = false; - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); - if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + if (ssoDomainIdentifier.startsWith(PREFIX_WPBK)) { isbuisness = true; } else { @@ -182,10 +184,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( - isbuisness, domainIdentifier); + isbuisness, ssoDomainIdentifier); } else { - Logger.info("Non-SSO Login requested"); + Logger.debug("Non-SSO Login requested or SSO not allowed/possible"); //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( oaParam.getBusinessService(), oaParam diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index f9cb4c636..78cbd788d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -49,8 +49,9 @@ public class SSOTransferAuthenticationData implements IAuthData { public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException { this.authSession = authSession; - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); - isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK); + String domainIdentifier = authConfig.getSSOTagetIdentifier(); + if (domainIdentifier != null) + isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK); } -- cgit v1.2.3 From c3e07d7fb87b2d132ffc838e4878b9479da361a7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 May 2016 16:06:56 +0200 Subject: fix ContentType typo, which make problems with IE11 in some cases --- .../moa/id/auth/servlet/AbstractController.java | 10 ++++++---- .../moa/id/auth/servlet/GUILayoutBuilderServlet.java | 4 ++-- .../egovernment/moa/id/protocols/pvp2x/MetadataAction.java | 4 +++- .../moa/id/auth/frontend/builder/GUIFormBuilderImpl.java | 2 +- .../modules/internal/tasks/CreateIdentityLinkFormTask.java | 6 ++++-- .../egovernment/moa/id/util/CitizenCardServletUtils.java | 6 ++++-- .../auth/modules/eidas/tasks/GenerateAuthnRequestTask.java | 6 ++++-- .../controller/ELGAMandateMetadataController.java | 4 +++- .../modules/ssotransfer/task/RestoreSSOSessionTask.java | 3 ++- .../controller/FederatedAuthMetadataController.java | 4 +++- .../id/protocols/saml1/GetAuthenticationDataService.java | 14 ++++++++------ 11 files changed, 40 insertions(+), 23 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index d87480cc1..e3efdeac0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -32,6 +32,8 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; @@ -86,7 +88,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { @ExceptionHandler({Exception.class}) public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + "(Errorcode=9199" +" | Description="+ exception.getMessage() + ")"); @@ -97,7 +99,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { @ExceptionHandler({IOException.class}) public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) { Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; @@ -232,7 +234,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { String code = utils.mapInternalErrorToExternalError( ((InvalidProtocolRequestException)e).getMessageId()); String descr = e.getMessage(); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + "(Errorcode=" + code + " | Description=" + descr + ")"); @@ -315,7 +317,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException { if (e instanceof ProtocolNotActiveException) { resp.getWriter().write(e.getMessage()); - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); } else if (e instanceof AuthnRequestValidatorException) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index babc87866..9b658d81b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -85,7 +85,7 @@ public class GUILayoutBuilderServlet extends AbstractController { null); //build GUI component - formBuilder.build(resp, config, "text/css;charset=UTF-8", "CSS-Form"); + formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form"); } catch (Exception e) { Logger.warn("GUI ressource:'CSS' generation FAILED."); @@ -114,7 +114,7 @@ public class GUILayoutBuilderServlet extends AbstractController { GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component - formBuilder.build(resp, config, "text/javascript;charset=UTF-8", "JavaScript"); + formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript"); } catch (Exception e) { Logger.warn("GUI ressource:'JavaScript' generation FAILED."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 2a688da68..b282e3a4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -28,6 +28,8 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -62,7 +64,7 @@ public class MetadataAction implements IAction { String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig); Logger.debug("METADATA: " + metadataXML); - httpResp.setContentType("text/xml"); + httpResp.setContentType(MediaType.XML_UTF_8.toString()); httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8")); httpResp.getOutputStream().close(); diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java index 94fa4d977..26b37226d 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java @@ -54,7 +54,7 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("guiFormBuilder") public class GUIFormBuilderImpl implements IGUIFormBuilder { - private static final String DEFAULT_CONTENT_TYPE = "text/html;charset=UTF-8"; + private static final String DEFAULT_CONTENT_TYPE = "text/html; charset=UTF-8"; private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates/"; private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index e82aa8fbb..e47aff83b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -10,6 +10,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -75,9 +77,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); - + if (!StringUtils.isEmpty(getIdentityLinkForm)) { - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.HTML_UTF_8.toString()); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); out.flush(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index 2a8d26566..9fbdf5cd7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -55,6 +55,8 @@ import java.net.URLEncoder; import javax.servlet.http.HttpServletResponse; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; @@ -91,7 +93,7 @@ public class CitizenCardServletUtils extends ServletUtils{ resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); OutputStream out = resp.getOutputStream(); out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); @@ -127,7 +129,7 @@ public class CitizenCardServletUtils extends ServletUtils{ resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); OutputStream out = resp.getOutputStream(); out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index c82636a8f..30c206025 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -35,6 +35,8 @@ import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.springframework.stereotype.Component; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; @@ -176,8 +178,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { Logger.debug("Template merge done"); Logger.debug("Sending html content: " + writer.getBuffer().toString()); - - response.setContentType("text/html;charset=UTF-8"); + + response.setContentType(MediaType.HTML_UTF_8.toString()); response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); revisionsLogger.logEvent(oaConfig, pendingReq, diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index 29bc5ee12..5720e4827 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -32,6 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; @@ -80,7 +82,7 @@ public class ELGAMandateMetadataController extends AbstractController { String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); //write response - resp.setContentType("text/xml"); + resp.setContentType(MediaType.XML_UTF_8.toString()); resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8")); resp.getOutputStream().close(); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index dd133e4fb..003ce8c21 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import com.google.common.net.MediaType; import com.google.gson.JsonObject; import com.google.gson.JsonParser; @@ -216,7 +217,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { SSOTransferConstants.SSOCONTAINER_KEY_STATUS, "OK"); response.setStatus(HttpServletResponse.SC_OK); - response.setContentType("text/html;charset=UTF-8"); + response.setContentType(MediaType.HTML_UTF_8.toString()); PrintWriter out = new PrintWriter(response.getOutputStream()); out.print(responseMsg.toString()); out.flush(); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index 98240a636..02356d74a 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -32,6 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; @@ -80,7 +82,7 @@ public class FederatedAuthMetadataController extends AbstractController { String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); //write response - resp.setContentType("text/xml"); + resp.setContentType(MediaType.XML_UTF_8.toString()); resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8")); resp.getOutputStream().close(); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index b01ea666d..f00358d02 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -69,6 +69,8 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; @@ -136,13 +138,13 @@ public class GetAuthenticationDataService extends AbstractController implements String respString = DOMUtils.serializeNode(soapResp, true); - resp.setContentType("text/xml;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); context.put(CONTEXT_SOAP_ASSERTION, respString); evaluateTemplate(context, resp, TEMPLATE_SOAP_SUCCESS); } catch (ParserConfigurationException | SAXException | IOException | TransformerException e) { Logger.error("SAML1 GetAuthenticationData receive a non-valid request.", e); - resp.setContentType("text/xml;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); context.put(CONTEXT_SOAP_ISSUEINSTANT, DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); context.put(CONTEXT_SOAP_RESPONSEID, Random.nextRandom()); @@ -153,7 +155,7 @@ public class GetAuthenticationDataService extends AbstractController implements } catch (SAML1AssertionResponseBuildException e) { Logger.error("SAML1 GetAuthenticationData response build failed..", e); - resp.setContentType("text/xml;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); context.put(CONTEXT_SOAP_ISSUEINSTANT, e.getIssueInstant()); context.put(CONTEXT_SOAP_REQUESTEID, e.getRequestID()); @@ -187,17 +189,17 @@ public class GetAuthenticationDataService extends AbstractController implements if (wsdl_param != null) { //print wsdl - resp.setContentType("text/xml;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); evaluateTemplate(context, resp, TEMPLATE_WSDL); } else if (xsd_param != null){ //print xsd - resp.setContentType("text/xml;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); evaluateTemplate(context, resp, TEMPLATE_XSD); } else { //print plain info - resp.setContentType("text/html;charset=UTF-8"); + resp.setContentType(MediaType.XML_UTF_8.toString()); evaluateTemplate(context, resp, TEMPLATE_PLAIN_INFO); } -- cgit v1.2.3