From 399597f84d5a3112cc8ad7262a40cfcae88cf83c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 12 Mar 2015 16:23:02 +0100 Subject: getting rid of log4j in logger class --- .../id/commons/validation/ValidationHelper.java | 53 +++++++++++----------- 1 file changed, 26 insertions(+), 27 deletions(-) (limited to 'id/server') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java index be6d7d01e..13d680b78 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java @@ -44,14 +44,13 @@ import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; -import org.apache.log4j.Logger; +import at.gv.egovernment.moa.logging.Logger; public class ValidationHelper { public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; - private static final Logger log = Logger.getLogger(ValidationHelper.class); private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy"; @@ -68,7 +67,7 @@ public class ValidationHelper { host = host.substring(0, host.length()-1); if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) { - log.debug("PublicURLPrefix with .gv.at Domain found."); + Logger.debug("PublicURLPrefix with .gv.at Domain found."); return true; } else { @@ -95,7 +94,7 @@ public class ValidationHelper { return false; } else { - log.info("Found correct X509 Extension in server certificate. PublicService is allowed"); + Logger.info("Found correct X509 Extension in server certificate. PublicService is allowed"); return true; } } @@ -104,27 +103,27 @@ public class ValidationHelper { } } catch (MalformedURLException e) { - log.warn("PublicURLPrefix can not parsed to URL", e); + Logger.warn("PublicURLPrefix can not parsed to URL", e); return false; } catch (UnknownHostException e) { - log.warn("Can not connect to PublicURLPrefix Server", e); + Logger.warn("Can not connect to PublicURLPrefix Server", e); return false; } catch (IOException e) { - log.warn("Can not connect to PublicURLPrefix Server", e); + Logger.warn("Can not connect to PublicURLPrefix Server", e); return false; } catch (CertificateEncodingException e) { - log.warn("Can not parse X509 server certificate", e); + Logger.warn("Can not parse X509 server certificate", e); return false; } catch (CertificateException e) { - log.warn("Can not read X509 server certificate", e); + Logger.warn("Can not read X509 server certificate", e); return false; } catch (X509ExtensionInitException e) { - log.warn("Can not read X509 server certificate extension", e); + Logger.warn("Can not read X509 server certificate extension", e); return false; } @@ -133,7 +132,7 @@ public class ValidationHelper { try { socket.close(); } catch (IOException e) { - log.warn("SSL Socket can not be closed.", e); + Logger.warn("SSL Socket can not be closed.", e); } } } @@ -148,7 +147,7 @@ public class ValidationHelper { return true; } catch (Throwable t) { - log.warn("No valid DataBase OAID received! " + oaIDObj); + Logger.warn("No valid DataBase OAID received! " + oaIDObj); } } return false; @@ -156,7 +155,7 @@ public class ValidationHelper { public static boolean validateNumber(String value) { - log.debug("Validate Number " + value); + Logger.debug("Validate Number " + value); try { Float.valueOf(value); @@ -171,7 +170,7 @@ public class ValidationHelper { } public static boolean validatePhoneNumber(String value) { - log.debug ("Validate PhoneNumber " + value); + Logger.debug ("Validate PhoneNumber " + value); /* ************************************************************************************************ * Legende: @@ -187,11 +186,11 @@ public class ValidationHelper { Matcher matcher = pattern.matcher(value); boolean b = matcher.matches(); if (b) { - log.debug("Parameter PhoneNumber erfolgreich ueberprueft"); + Logger.debug("Parameter PhoneNumber erfolgreich ueberprueft"); return true; } else { - log.error("Fehler Ueberpruefung Parameter PhoneNumber. PhoneNumber entspricht nicht den Kriterien ^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]*[/\\-]{0,1} [ ]*[ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $"); + Logger.error("Fehler Ueberpruefung Parameter PhoneNumber. PhoneNumber entspricht nicht den Kriterien ^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]*[/\\-]{0,1} [ ]*[ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $"); return false; } @@ -200,7 +199,7 @@ public class ValidationHelper { public static boolean validateURL(String urlString) { - log.debug("Validate URL " + urlString); + Logger.debug("Validate URL " + urlString); if (urlString.startsWith("http") || urlString.startsWith("https")) { try { @@ -216,7 +215,7 @@ public class ValidationHelper { // public static boolean validateGeneralURL(String urlString) { // -// log.debug("Validate URL " + urlString); +// Logger.debug("Validate URL " + urlString); // // try { // new URL(urlString); @@ -231,17 +230,17 @@ public class ValidationHelper { public static boolean isValidAdminTarget(String target) { - log.debug("Ueberpruefe Parameter Target"); + Logger.debug("Ueberpruefe Parameter Target"); Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}"); Matcher matcher = pattern.matcher(target); boolean b = matcher.matches(); if (b) { - log.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService."); + Logger.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService."); return true; } else { - log.info("Parameter SSO-Target entspricht nicht den Kriterien " + + Logger.info("Parameter SSO-Target entspricht nicht den Kriterien " + "(nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang) fuer den oeffentlichen Bereich. " + "Valiere SSO-Target fuer privatwirtschaftliche Bereiche."); return false; @@ -250,14 +249,14 @@ public class ValidationHelper { public static boolean isValidTarget(String target) { - log.debug("Ueberpruefe Parameter Target"); + Logger.debug("Ueberpruefe Parameter Target"); if (TargetValidator.isValidTarget(target)) { - log.debug("Parameter Target erfolgreich ueberprueft"); + Logger.debug("Parameter Target erfolgreich ueberprueft"); return true; } else { - log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + Logger.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); return false; } @@ -265,17 +264,17 @@ public class ValidationHelper { public static boolean isValidSourceID(String sourceID) { - log.debug("Ueberpruefe Parameter sourceID"); + Logger.debug("Ueberpruefe Parameter sourceID"); Pattern pattern = Pattern.compile("[\\w-_]{1,20}"); Matcher matcher = pattern.matcher(sourceID); boolean b = matcher.matches(); if (b) { - log.debug("Parameter sourceID erfolgreich ueberprueft"); + Logger.debug("Parameter sourceID erfolgreich ueberprueft"); return true; } else { - log.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); + Logger.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); return false; } } -- cgit v1.2.3 From 12c3c34ea26ff20e39c9b67f698e9c8b99ef11ee Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Mar 2015 15:38:31 +0100 Subject: STORK PEPS-conform logging --- .../moa/id/auth/AuthenticationServer.java | 24 ++++++++++++++++++++++ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 20 ++++++++++++++++++ .../modules/stork/tasks/PepsConnectorTask.java | 20 ++++++++++++++++++ 3 files changed, 64 insertions(+) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index fd7c7f237..c4d6859db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -11,9 +11,11 @@ import java.io.InputStream; import java.io.StringWriter; import java.io.UnsupportedEncodingException; import java.math.BigInteger; +import java.net.URL; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; +import java.text.SimpleDateFormat; import java.util.ArrayList; //import java.security.cert.CertificateFactory; import java.util.Calendar; @@ -1845,6 +1847,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { //send moasession.setStorkAuthnRequest(authnRequest); + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS receives request from SP#spurl#spepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives request from SP#" + + moasession.getPublicOAURLPrefix() + "#" + issuerValue + "#" + spApplication + "#" + + new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() + + "#_hash_#" + moasession.getProcessInstanceId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } + AuthenticationSessionStoreage.changeSessionID(moasession, authnRequest.getSamlId()); @@ -1877,6 +1890,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); + + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS generates request to C-PEPS#spepsurl#cpepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1#id2# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates request to C-PEPS#" + + issuerValue + "#" + destination + "#" + spApplication + "#" + + new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() + + "#_hash_#" + moasession.getProcessInstanceId() + "#" + authnRequest.getSamlId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } } private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 7357818c8..24daa76a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -28,8 +28,10 @@ import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; import java.net.URL; +import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; +import java.util.Date; import java.util.List; import java.util.Properties; @@ -201,6 +203,15 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("STORK response: "); Logger.debug(authnResponse.toString()); + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS receives response from C-PEPS#orig_msg_id id2 (in response to)#orig_msg_id id1 (in response to)#status#msghash#msg_id id3# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives response from C-PEPS#" + + authnResponse.getInResponseTo() + "#NA#" + authnResponse.getMessage() + "#_hash_#" + authnResponse.getSamlId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } + Logger.debug("Trying to find MOA Session-ID ..."); //String moaSessionID = request.getParameter(PARAM_SESSIONID); //first use SAML2 relayState @@ -554,6 +565,15 @@ public class PEPSConnectorServlet extends AuthServlet { // stork did the authentication step moaSession.setAuthenticated(true); + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS generates response to SP#orig_msg_id id1 (in response to)#status#msghash#msg_id id4# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates response to SP#" + + "#NA#" + authnResponse.getMessage() + "#_hash_#" + moaSession.getProcessInstanceId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } + // //TODO: found better solution, but QAA Level in response could be not supported yet // try { // diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 59f54f957..d233f88c4 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -6,8 +6,10 @@ import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; import java.net.URL; +import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; +import java.util.Date; import java.util.List; import java.util.Properties; @@ -170,6 +172,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("STORK response: "); Logger.debug(authnResponse.toString()); + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS receives response from C-PEPS#orig_msg_id id2 (in response to)#orig_msg_id id1 (in response to)#status#msghash#msg_id id3# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives response from C-PEPS#" + + authnResponse.getInResponseTo() + "#NA#" + authnResponse.getMessage() + "#_hash_#" + authnResponse.getSamlId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } + Logger.debug("Trying to find MOA Session-ID ..."); // String moaSessionID = request.getParameter(PARAM_SESSIONID); // first use SAML2 relayState @@ -549,6 +560,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // stork did the authentication step moaSession.setAuthenticated(true); + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS generates response to SP#orig_msg_id id1 (in response to)#status#msghash#msg_id id4# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates response to SP#" + + "#" + moaSession.getProcessInstanceId() + "#" + authnResponse.getMessage() + "#_hash_#" + moaSession.getProcessInstanceId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } + // TODO: found better solution, but QAA Level in STORK response is not be supported yet // try { // -- cgit v1.2.3 From 9ac6c3342ba7afdd75838230d13ceda70614cedc Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Mar 2015 16:03:33 +0100 Subject: added fakeidl no-signature option config --- .../moa/id/config/auth/AuthConfigurationProvider.java | 10 ++++++++++ .../moa/id/auth/modules/stork/tasks/PepsConnectorTask.java | 8 ++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index c746c0888..d33a9ea92 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1042,6 +1042,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return null; } + /** + * Gets the countries for which it is configured to require no signature + * + * @return the stork no signature countries + */ + public List getStorkNoSignatureCountries() { + String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", ""); + return Arrays.asList(prop.replaceAll(" ", "").split(",")); + } + public boolean isMonitoringActive() { String prop = props.getProperty("configuration.monitoring.active", "false"); return Boolean.valueOf(prop); diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index d233f88c4..3d787f371 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -326,9 +326,13 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // //////////////////////////////////////////////////////////////////////// + AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + String citizenSignature = null; + if(config.isStorkFakeIdLActive() && config.getStorkNoSignatureCountries().contains(storkAuthnRequest.getCitizenCountryCode()) && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { + Logger.debug("signedDoc extraction skipped due to configuration"); + } else { Logger.debug("Starting extraction of signedDoc attribute"); // extract signed doc element and citizen signature - String citizenSignature = null; try { if (authnResponse.getPersonalAttributeList().get("signedDoc") == null @@ -409,6 +413,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.error("Could not extract citizen signature from C-PEPS", e); throw new MOAIDException("stork.09", null); } + } Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); @@ -441,7 +446,6 @@ public class PepsConnectorTask extends AbstractAuthServletTask { IdentityLink identityLink = null; executionContext.put("identityLinkAvailable", false); try { - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); if(config.isStorkFakeIdLActive() && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { // create fake IdL // - fetch IdL template from resources -- cgit v1.2.3 From c0613b08431899c6d97affc570a237b81dfcda80 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Mar 2015 16:04:09 +0100 Subject: fixed date format issue with fakeIdL creation --- .../gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java | 2 +- .../egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 82e079459..cd751ce7f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -906,7 +906,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } catch (Exception e) { - Logger.error("Failed to extract country code from certificate", e); + Logger.error("Failed to extract country code from certificate with message: " + e.getMessage()); } diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 3d787f371..6e0bd19ff 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -30,6 +30,7 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.opensaml.saml2.core.StatusCode; +import org.springframework.format.datetime.DateFormatter; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -482,6 +483,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { if(!STORKResponseProcessor.hasAttribute("dateOfBirth", attributeList)) throw new STORKException("dateOfBirth is missing"); String dateOfBirth = STORKResponseProcessor.getAttributeValue("dateOfBirth", attributeList, false); + dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth)); prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth); identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); -- cgit v1.2.3