From 74a42b6128f6f8d21a65dddb9405cd52ebbc0520 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 4 Feb 2015 15:37:10 +0100 Subject: Create exemplary AuthServlet module (MOAID-68) - Create new module moa-id-module-monitoring. - Move MonitoringServlet, DatabaseTestModule, IdentityLinkTestModule, TestManager and TestModuleInterface to new module. - Update pom.xml, adding new module dependency. - Update web.xml, disabling static servlet registration. - Add @WebServlet servlet registration for MonitoringServlet. --- id/server/modules/module-monitoring/pom.xml | 22 ++++ .../moa/id/auth/servlet/MonitoringServlet.java | 132 +++++++++++++++++++ .../moa/id/monitoring/DatabaseTestModule.java | 142 +++++++++++++++++++++ .../moa/id/monitoring/IdentityLinkTestModule.java | 109 ++++++++++++++++ .../egovernment/moa/id/monitoring/TestManager.java | 111 ++++++++++++++++ .../moa/id/monitoring/TestModuleInterface.java | 34 +++++ 6 files changed, 550 insertions(+) create mode 100644 id/server/modules/module-monitoring/pom.xml create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java (limited to 'id/server/modules/module-monitoring') diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml new file mode 100644 index 000000000..60ab6b6c0 --- /dev/null +++ b/id/server/modules/module-monitoring/pom.xml @@ -0,0 +1,22 @@ + + 4.0.0 + + + MOA.id.server.modules + moa-id-modules + ${moa-id-version} + + + MOA.id.server.modules + moa-id-module-monitoring + ${moa-id-version} + jar + + MOA ID-Module Monitoring + + + ${basedir}/../../../../repository + + + diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java new file mode 100644 index 000000000..1c1cbb723 --- /dev/null +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java @@ -0,0 +1,132 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.monitoring.TestManager; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@WebServlet(name = "MonitoringServlet", value = "/MonitoringServlet") +public class MonitoringServlet extends AuthServlet { + + private static final long serialVersionUID = 1L; + private static final String REQUEST_ATTR_MODULE = "module"; + + public MonitoringServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/MonitoringServlet'."); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + try { + AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + + if (config.isMonitoringActive()) { + Logger.debug("Monitoring Servlet received request"); + + TestManager tests = TestManager.getInstance(); + + String modulename = req.getParameter(REQUEST_ATTR_MODULE); + if (MiscUtil.isEmpty(modulename)) { + + List error = tests.executeTests(); + if (error != null && error.size() > 0) { + createErrorMessage(req, resp, error); + + } else { + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("text/html;charset=UTF-8"); + resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); + Logger.info("Monitoring Servlet finished without errors"); + } + + } else { + if (tests.existsModule(modulename)) { + List errors = tests.executeTest(modulename); + if (errors != null && errors.size() > 0) { + createErrorMessage(req, resp, errors); + + } else { + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("text/html;charset=UTF-8"); + resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); + Logger.info("Monitoring Servlet finished without errors"); + } + + } else { + Logger.warn("NO Testmodule exists with modulename " + modulename); + resp.setStatus(HttpServletResponse.SC_NOT_FOUND); + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out; + try { + out = new PrintWriter(resp.getOutputStream()); + out.write("NO Testmodule exists with modulename " + modulename); + out.flush(); + + } catch (IOException e) { + Logger.warn("Internal Monitoring Servlet Error. ", e); + } + } + + } + } + + } catch (ConfigurationException e) { + createErrorMessage(req, resp, Arrays.asList(e.getMessage())); + } + } + + private void createErrorMessage(HttpServletRequest req, HttpServletResponse resp, List errorMessage) { + Logger.warn("Monitoring Servlet found some Error: " + errorMessage); + resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out; + try { + out = new PrintWriter(resp.getOutputStream()); + for (String error : errorMessage) + out.write(error + "
"); + out.flush(); + + } catch (IOException e) { + Logger.warn("Internal Monitoring Servlet Error. ", e); + } + } + + private String getHtml(String text) { + return "Reponse" + text +""; + } +} diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java new file mode 100644 index 000000000..a08ef5f0c --- /dev/null +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -0,0 +1,142 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.monitoring; + +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class DatabaseTestModule implements TestModuleInterface{ + + public List performTests() throws Exception { + Logger.trace("Start MOA-ID Database Test."); + + List errors = new ArrayList(); + + AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + + String error = testMOAConfigurationDatabase(); + if (MiscUtil.isNotEmpty(error)) + errors.add(error); + + error = testMOASessionDatabase(); + if (MiscUtil.isNotEmpty(error)) + errors.add(error); + + if (config.isAdvancedLoggingActive()) { + error = testMOAAdvancedLoggingDatabase(); + if (MiscUtil.isNotEmpty(error)) + errors.add(error); + } + + return errors; + } + + + private String testMOASessionDatabase() throws Exception{ + Logger.trace("Start Test: MOASessionDatabase"); + + Date expioredate = new Date(new Date().getTime() - 120); + + try { + List results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + Logger.trace("Finish Test: MOASessionDatabase"); + return null; + + } catch (Throwable e) { + Logger.warn("Failed Test: MOASessionDatabase", e); + return "MOASessionDatabase: " + e.getMessage(); + } + } + + private String testMOAConfigurationDatabase() throws Exception{ + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + ConfigurationDBUtils.closeSession(); + + if (moaidconfig == null) + return ("MOA-ID 2.x configuration can not be loaded from Database."); + + return null; + } + + private String testMOAAdvancedLoggingDatabase() { + + Date expioredate = new Date(new Date().getTime() - 120); + try { + Session session = StatisticLogDBUtils.getCurrentSession(); + + List results; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAllEntriesNotBeforeTimeStamp"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + Logger.trace("Finish Test: AdvancedLoggingDataBase"); + return null; + + } catch (Throwable e) { + Logger.warn("Failed Test: AdvancedLoggingDataBase", e); + return "AdvancedLoggingDataBase: " + e.getMessage(); + } + } + + + public String getName() { + return "DatabaseTest"; + } + + + public void initializeTest(long delayParam, String url) throws Exception { + // TODO Auto-generated method stub + + } +} diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java new file mode 100644 index 000000000..b5220914c --- /dev/null +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -0,0 +1,109 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.monitoring; + +import java.io.InputStream; +import java.net.URL; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class IdentityLinkTestModule implements TestModuleInterface { + + private static IdentityLink identityLink = null; + + public void initializeTest(long delayParam, String url) throws Exception{ + + if (MiscUtil.isNotEmpty(url)) { + + URL keystoreURL = new URL(url); + InputStream idlstream = keystoreURL.openStream(); + identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); + } + + } + + public List performTests() throws Exception{ + Logger.trace("Start MOA-ID IdentityLink Test"); + + AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + + IdentityLinkValidator.getInstance().validate(identityLink); + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(identityLink, config + .getMoaSpIdentityLinkTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + // parses the + try { + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters(); + oaParam.setBusinessService(true); + + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + config.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + oaParam); + + } catch (ValidateException e) { + //check if default Monitoring IDL is used then error is ignored + if ("validator.07".equals(e.getMessageId()) + && e.getMessage().contains("Das Zertifikat der Personenbindung ist")) + return null; + + else + throw e; + + } + + Logger.trace("Finished MOA-ID IdentityLink Test without errors"); + + return null; + } + + public String getName() { + return "IdentityLinkTest"; + } + +} diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java new file mode 100644 index 000000000..84581abe8 --- /dev/null +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -0,0 +1,111 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.monitoring; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; + +public class TestManager { + + private static TestManager instance; + + private Map tests = new HashMap(); + + public static TestManager getInstance() throws ConfigurationException { + if (instance == null) + instance = new TestManager(); + + return instance; + } + + private TestManager() throws ConfigurationException { + + AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + + //add Database test + DatabaseTestModule test1 = new DatabaseTestModule(); + tests.put(test1.getName(), test1); + + //add IdentityLink verification test + IdentityLinkTestModule test2 = new IdentityLinkTestModule(); + String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir()); + try { + test2.initializeTest(0, idlurl); + tests.put(test2.getName(), test2);; + + } catch (Exception e) { + Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e); + } + } + + public List executeTests() { + Logger.debug("Start MOA-ID-Auth testing"); + + + List errors; + + for (TestModuleInterface test : tests.values()) { + try { + errors = test.performTests(); + if (errors != null && errors.size() > 0) + return errors; + + } catch (Exception e) { + Logger.warn("General Testing Eception during Test " + test.getClass() + ": ", e); + return Arrays.asList(e.getMessage()); + } + } + + return null; + } + + public List executeTest(String testname) { + + TestModuleInterface test = tests.get(testname); + + if (test != null) { + try { + return test.performTests(); + + } catch (Exception e) { + Logger.warn("General Testing Eception during Test " + test.getName() + ": ", e); + return Arrays.asList(e.getMessage()); + } + + } else { + Logger.info("TestModule with Name " + testname + " is not implemented"); + return null; + } + } + + public boolean existsModule(String modulename) { + return tests.containsKey(modulename); + } +} diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java new file mode 100644 index 000000000..4e26b1ce8 --- /dev/null +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java @@ -0,0 +1,34 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.monitoring; + +import java.util.List; + +public interface TestModuleInterface { + + public List performTests() throws Exception; + + public void initializeTest(long delayParam, String url) throws Exception; + + public String getName(); +} -- cgit v1.2.3