From 49607c4b2d3f22d9f41f42928455e680cfdee023 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 16 Jun 2015 13:32:48 +0200 Subject: add first version of reversionslog implementation --- .../id/advancedlogging/MOAIDEventConstants.java | 59 ++ .../moa/id/advancedlogging/MOAIDEventLog.java | 14 +- .../moa/id/advancedlogging/MOAReversionLogger.java | 221 +++++++ .../moa/id/auth/AuthenticationServer.java | 29 +- .../internal/tasks/CreateIdentityLinkFormTask.java | 15 + .../modules/internal/tasks/GetForeignIDTask.java | 17 +- .../internal/tasks/GetMISSessionIDTask.java | 14 + .../tasks/VerifyAuthenticationBlockTask.java | 17 +- .../internal/tasks/VerifyCertificateTask.java | 17 +- .../internal/tasks/VerifyIdentityLinkTask.java | 11 +- .../servlet/GenerateIFrameTemplateServlet.java | 11 +- .../servlet/VerifyAuthenticationBlockServlet.java | 682 ++++++++++----------- .../id/auth/servlet/VerifyCertificateServlet.java | 470 +++++++------- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 556 ++++++++--------- .../gv/egovernment/moa/id/config/OAParameter.java | 6 +- .../moa/id/config/auth/IOAAuthParameters.java | 2 + .../moa/id/config/auth/OAAuthParameter.java | 11 + .../config/auth/data/DynamicOAAuthParameters.java | 9 + .../moa/id/entrypoints/DispatcherServlet.java | 56 +- .../moa/id/moduls/AuthenticationManager.java | 24 +- .../at/gv/egovernment/moa/id/moduls/IRequest.java | 2 + .../gv/egovernment/moa/id/moduls/RequestImpl.java | 11 + .../oauth20/protocol/OAuth20AuthAction.java | 6 +- .../oauth20/protocol/OAuth20AuthRequest.java | 6 +- .../oauth20/protocol/OAuth20TokenAction.java | 4 + .../oauth20/protocol/OAuth20TokenRequest.java | 7 +- .../moa/id/protocols/pvp2x/MetadataAction.java | 4 + .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 23 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 3 +- .../moa/id/protocols/stork2/STORKProtocol.java | 1 + .../moa/id/util/client/mis/simple/MISMandate.java | 28 + .../tasks/CreateStorkAuthRequestFormTask.java | 12 + 32 files changed, 1450 insertions(+), 898 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index c936c4e15..aae4dd8c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -34,6 +34,65 @@ import at.gv.egiz.components.eventlog.api.EventConstants; */ public interface MOAIDEventConstants extends EventConstants { + //move to EventConstants + public static final int TRANSACTION_ERROR = 1103; + public static final int SESSION_ERROR = 1003; + //auth protocol specific information + public static final int AUTHPROTOCOL_TYPE = 3000; + + public static final int AUTHPROTOCOL_PVP_METADATA = 3100; + public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101; + public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102; + public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103; + public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104; + + public static final int AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST = 3200; + public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201; + + + //authentication process information + public static final int AUTHPROCESS_START = 4000; + public static final int AUTHPROCESS_FINISHED = 4001; + public static final int AUTHPROCESS_MANDATES_REQUESTED = 4002; + public static final int AUTHPROCESS_STORK_REQUESTED = 4003; + public static final int AUTHPROCESS_SSO = 4004; + public static final int AUTHPROCESS_SSO_INVALID = 4005; + public static final int AUTHPROCESS_SSO_ASK_USER_START = 4006; + public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007; + public static final int AUTHPROCESS_INTERFEDERATION = 4008; + public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009; + + public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110; + public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111; + public static final int AUTHPROCESS_BKU_URL = 4112; + public static final int AUTHPROCESS_BKU_DATAURL_IP = 4113; + + public static final int AUTHPROCESS_IDL_VALIDATED = 4220; + public static final int AUTHPROCESS_CERTIFICATE_VALIDATED = 4221; + public static final int AUTHPROCESS_AUTHBLOCK_VALIDATED = 4222; + public static final int AUTHPROCESS_FOREIGN_FOUND = 4223; + public static final int AUTHPROCESS_FOREIGN_SZRGW_CONNECTED = 4224; + public static final int AUTHPROCESS_FOREIGN_SZRGW_RECEIVED = 4225; + + public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4330; + public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301; + public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302; + + public static final int AUTHPROCESS_PEPS_REQUESTED = 4400; + public static final int AUTHPROCESS_PEPS_RECEIVED = 4401; + + //person information + public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; + public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001; + public static final int PERSONAL_INFORMATION_USERNAME_HASH = 5002; + + public static final int PERSONAL_INFORMATION_MANDATE_TYPE = 5100; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE = 5101; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH = 5102; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID = 5103; + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java index 6bc6b3f81..6e09ea439 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java @@ -22,7 +22,10 @@ */ package at.gv.egovernment.moa.id.advancedlogging; +import at.gv.egiz.components.eventlog.api.Event; import at.gv.egiz.components.eventlog.api.EventLogFactory; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz @@ -30,6 +33,15 @@ import at.gv.egiz.components.eventlog.api.EventLogFactory; */ public class MOAIDEventLog extends EventLogFactory { - + public static void logEvent(Event event) { + try { + getEventLog().logEvent(event); + + } catch (EventLoggingException e) { + Logger.warn("Event logging FAILED!", e); + + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index db8449fa2..1228a95a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -22,10 +22,231 @@ */ package at.gv.egovernment.moa.id.advancedlogging; +import java.security.MessageDigest; +import java.util.Date; +import java.util.List; + +import com.google.common.primitives.Ints; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + /** * @author tlenz * */ public class MOAReversionLogger { + private static MOAReversionLogger instance = null; + + private static final List defaultEventCodes = Ints.asList( + MOAIDEventConstants.SESSION_CREATED, + MOAIDEventConstants.SESSION_DESTROYED, + MOAIDEventConstants.SESSION_ERROR, + MOAIDEventConstants.SESSION_IP, + MOAIDEventConstants.TRANSACTION_CREATED, + MOAIDEventConstants.TRANSACTION_DESTROYED, + MOAIDEventConstants.TRANSACTION_ERROR, + MOAIDEventConstants.TRANSACTION_IP, + MOAIDEventConstants.AUTHPROTOCOL_TYPE, + MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA, + + MOAIDEventConstants.AUTHPROCESS_START, + MOAIDEventConstants.AUTHPROCESS_FINISHED, + MOAIDEventConstants.AUTHPROCESS_BKU_URL, + MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, + MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, + MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, + MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, + MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH + + ); + + public static synchronized MOAReversionLogger getInstance() { + if (instance == null) { + instance = new MOAReversionLogger(); + MOAIDEventLog.reload(); + + } + + return instance; + } + + + public void logEvent(IOAAuthParameters oaConfig, + int eventCode, String message) { + List OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); + } + + public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, + int eventCode) { + List OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID())); + + } + + public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, + int eventCode, String message) { + List OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + message, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID() + )); + + } + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + public void logEvent(int eventCode, String message) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); + + } + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + public void logEvent(String sessionID, String transactionID, int eventCode, String message) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); + + } + + /** + * @param errorRequest + * @param transactionError + */ + public void logEvent(IRequest pendingRequest, int eventCode) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID())); + + } + + public void logEvent(IRequest pendingRequest, int eventCode, String message) { + logEvent(pendingRequest.getOnlineApplicationConfiguration(), + pendingRequest, eventCode, message); + + } + + public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) { + if (MiscUtil.isNotEmpty(mandate.getOWbPK())) + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, + mandate.getOWbPK()); + + if (MiscUtil.isNotEmpty(mandate.getProfRep())) + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE, + mandate.getProfRep()); + + Mandate jaxBMandate = mandate.getMandateJaxB(); + if (jaxBMandate != null) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, + jaxBMandate.getAnnotation()); + + if (jaxBMandate.getMandator().getCorporateBody() != null) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, + "jur"); + try { + String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() + + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId(); + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID, + jurBaseID); + + } catch (Throwable e) { + Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e); + + } + + } else { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, + "nat"); + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, + buildPersonInformationHash( + jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), + jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(), + jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth())); + } + } + } + + /** + * @param pendingReq + * @param identityLink + */ + public void logPersonalInformationEvent(IRequest pendingReq, + IdentityLink identityLink) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, + buildPersonInformationHash( + identityLink.getGivenName(), + identityLink.getFamilyName(), + identityLink.getDateOfBirth() + )); + + } + + private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) { + + // {"hash":"hashvalue","salt":"testSalt"} + // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"} + + String salt = "default"; + String inputData = "{\"person\":{\"givenname\":\"" + + givenName + + "\",\"familyname\":\"" + + familyName + + "\",\"dateofbirth\":\"" + + dateofBirth + +"\"},\"salt\":\"" + + salt + +"\"}"; + + MessageDigest md; + try { + md = MessageDigest.getInstance("SHA-256"); + byte[] hash = md.digest(inputData.getBytes("UTF-8")); + String hashBase64 = Base64Utils.encode(hash); + return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}"; + + } catch (Throwable e) { + Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e); + return null; + + } + + } + + public List getDefaulttReversionsLoggingEventCodes() { + return defaultEventCodes; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index eab7c511e..3e40ca246 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -46,6 +46,8 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; @@ -89,6 +91,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -297,8 +300,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); appletheigth = StringEscapeUtils.escapeHtml(appletheigth); appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - - + //TODO: cleanup before MOA-ID 2.1 release try { String htmlForm = new GetIdentityLinkFormBuilder().build(template, @@ -338,7 +340,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * link results in an Exception being thrown. * @throws BKUException */ - public String verifyIdentityLink(AuthenticationSession session, + public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { @@ -408,10 +410,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - + //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + return "found!"; } @@ -484,6 +489,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation * + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -684,13 +690,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Verifies signature by calling the MOA SP component
  • *
  • Returns the signer certificate
  • * + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param readInfoboxResponseParameters The parameters from the response returned from the BKU * including the <ReadInfoboxResponse> * @throws BKUException */ - public X509Certificate getCertificate(String sessionID, + public X509Certificate getCertificate(IRequest pendingReq, String sessionID, Map readInfoboxResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { @@ -711,6 +718,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); + return cert; } @@ -1102,6 +1112,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Deletes authentication session
  • *
  • Returns the SAML artifact, encoded BASE64
    New id of the authenticated MOA session or {@code null} in case of mandate mode (???)
  • * + * @param pendingReq * * @param sessionID session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse String representation of the @@ -1110,7 +1121,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * BASE64
    New id of the authenticated MOA session or {@code null} in case of mandate mode (???) * @throws BKUException */ - public String verifyAuthenticationBlock(AuthenticationSession session, + public String verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException { @@ -1273,6 +1284,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp.setX509certificate(null); session.setForeigner(false); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink() + ); + if (session.getUseMandate()) { // mandate mode return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index 77f2cabc4..183467d87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -8,8 +8,11 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.ObjectUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -20,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; @@ -75,6 +80,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { try { moasession = AuthenticationSessionStoreage.getSession(moasessionid); + AuthenticationSessionStoreage.changeSessionID(moasession); executionContext.remove(PARAM_SESSIONID); @@ -90,6 +96,15 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); String getIdentityLinkForm = startauth.build(moasession, req, resp); + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + + if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate"))) + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); + if (!StringUtils.isEmpty(getIdentityLinkForm)) { resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 6bf68e2eb..8f1cd8cfe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -15,6 +15,8 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -29,7 +31,9 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -99,6 +103,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask { pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); session = AuthenticationServer.getSession(sessionID); + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + // change MOASessionID sessionID = AuthenticationSessionStoreage.changeSessionID(session); @@ -118,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); } - + Element signature = csresp.getDsigSignature(); try { @@ -128,6 +137,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new MOAIDException("auth.14", null); } + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); + // make SZR request to the identity link CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature); @@ -159,6 +171,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask { // TODO[branch]: Final step back to /dispatcher + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); + try { AuthenticationSessionStoreage.storeSession(session); } catch (MOADatabaseException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 4ff5672bd..f4c09dbab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -14,6 +14,8 @@ import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang.StringEscapeUtils; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -25,7 +27,9 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -84,6 +88,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { session = AuthenticationServer.getSession(sessionID); + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + //change MOASessionID sessionID = AuthenticationSessionStoreage.changeSessionID(session); @@ -105,6 +112,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null); } + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); + + // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); @@ -130,6 +141,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { session.setAuthenticatedUsed(false); session.setAuthenticated(true); + //log mandate specific set of events + MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate); + //set QAA Level four in case of card authentifcation session.setQAALevel(PVPConstants.STORK_QAA_1_4); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 64dcb0f41..6f538cd90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -17,6 +17,8 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -31,7 +33,9 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -114,10 +118,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { AuthenticationSession session = AuthenticationServer.getSession(sessionID); + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + //change MOASessionID sessionID = AuthenticationSessionStoreage.changeSessionID(session); - String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); + String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse); if (authenticatedMOASessionId == null) { //mandate Mode @@ -173,6 +182,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); } + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( connectionParameters.getUrl(), idl, @@ -201,6 +213,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { // TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID" + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); + resp.setStatus(302); resp.addHeader("Location", redirectMISGUI); Logger.debug("REDIRECT TO: " + redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 607641532..26c10399d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -12,6 +12,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -22,6 +24,8 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -86,10 +90,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { session = AuthenticationServer.getSession(sessionID); + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + //change MOASessionID sessionID = AuthenticationSessionStoreage.changeSessionID(session); - X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); + X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters); if (cert == null) { Logger.error("Certificate could not be read."); throw new AuthenticationException("auth.14", null); @@ -113,8 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } else { - - + String countrycode = CertificateUtils.getIssuerCountry(cert); if (countrycode != null) { if (countrycode.compareToIgnoreCase("AT") == 0) { @@ -124,6 +132,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } // Foreign Identities Modus + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert); // build dataurl (to the GetForeignIDSerlvet) String dataurl = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 44557453a..821bb572a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,6 +10,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -18,6 +20,8 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -77,7 +81,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { } AuthenticationSession session = AuthenticationServer.getSession(sessionID); - boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null; + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + + boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null; AuthenticationSessionStoreage.storeSession(session); executionContext.put("identityLinkAvailable", identityLinkAvailable); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index ad4776a45..bf56acfe1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -105,16 +107,20 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); else { - + //get Target from config or from request in case of SAML 1 String target = null; IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && pendingReq.requestedModule().equals(SAML1Protocol.PATH)) target = pendingReq.getTarget(); else target = oaParam.getTarget(); - + String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); @@ -161,6 +167,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { ec.put("ccc", moasession.getCcc()); ec.put("useMandate", moasession.getUseMandate()); ec.put("bkuURL", moasession.getBkuURL()); + ec.put("pendingRequestID", pendingRequestID); // select and create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index a8fe71485..fa44296fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,342 +1,342 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import iaik.pki.PKIException; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.List; -import java.util.Map; - -import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; - -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; - -/** - * Servlet requested for verifying the signed authentication block - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @deprecated Use {@link VerifyAuthenticationBlockTask} instead. - */ -public class VerifyAuthenticationBlockServlet extends AuthServlet { - - - /** - * - */ - private static final long serialVersionUID = -2409629495345900542L; - -/** - * Constructor for VerifyAuthenticationBlockServlet. - */ - public VerifyAuthenticationBlockServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - //doPost(req, resp); - - Logger.debug("GET VerifyAuthenticationBlock"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - } - - /** - * Verifies the signed authentication block and redirects the browser - * to the online application requested, adding a parameter needed for - * retrieving the authentication data. - *
    - * Request parameters: - *
      - *
    • MOASessionID: ID of associated authentication session
    • - *
    • XMLResponse: <CreateXMLSignatureResponse>
    • - *
    - * Response: - *
      - *
    • Status: 302
    • - *
    • Header "Location": URL of the online application requested, with - * parameters "Target"(only if the online application is - * a public service) and "SAMLArtifact" added
    • - *
    • Error status: 500 - *
    - * @see AuthenticationServer#verifyAuthenticationBlock - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyAuthenticationBlock"); - - Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String pendingRequestID = null; - - Map parameters; - try - { - parameters = getParameters(req); - } catch (FileUploadException e) - { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); - - } - String sessionID = req.getParameter(PARAM_SESSIONID); - String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - String redirectURL = null; - try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); - - - - if (samlArtifactBase64 == null) { - //mandate Mode - - AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); - - // get identitity link as byte[] - Element elem = session.getIdentityLink().getSamlAssertion(); - String s = DOMUtils.serializeNode(elem); - - //System.out.println("IDL: " + s); - - byte[] idl = s.getBytes("UTF-8"); - - // redirect url - // build redirect(to the GetMISSessionIdSerlvet) - - //change MOASessionID before MIS request - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - - redirectURL = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - GET_MIS_SESSIONID, - newMOASessionID); - - String oaURL = session.getOAURLRequested(); - OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); - List profiles = oaParam.getMandateProfiles(); - - if (profiles == null) { - Logger.error("No Mandate/Profile for OA configured."); - throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID}); - } - -// String profilesArray[] = profiles.split(","); -// for(int i = 0; i < profilesArray.length; i++) { -// profilesArray[i] = profilesArray[i].trim(); +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +///* +// * Copyright 2003 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// */ +// +// +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import iaik.pki.PKIException; +// +//import java.io.IOException; +//import java.security.GeneralSecurityException; +//import java.util.List; +//import java.util.Map; +// +//import javax.net.ssl.SSLSocketFactory; +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +//import javax.xml.transform.TransformerException; +// +//import org.apache.commons.fileupload.FileUploadException; +//import org.apache.commons.lang.StringEscapeUtils; +//import org.w3c.dom.Element; +// +//import at.gv.egovernment.moa.id.auth.AuthenticationServer; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask; +//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +//import at.gv.egovernment.moa.id.config.ConnectionParameter; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +//import at.gv.egovernment.moa.id.moduls.ModulUtils; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +//import at.gv.egovernment.moa.id.util.SSLUtils; +//import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +//import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.DOMUtils; +// +///** +// * Servlet requested for verifying the signed authentication block +// * provided by the security layer implementation. +// * Utilizes the {@link AuthenticationServer}. +// * +// * @author Paul Ivancsics +// * @version $Id$ +// * @deprecated Use {@link VerifyAuthenticationBlockTask} instead. +// */ +//public class VerifyAuthenticationBlockServlet extends AuthServlet { +// +// +// /** +// * +// */ +// private static final long serialVersionUID = -2409629495345900542L; +// +///** +// * Constructor for VerifyAuthenticationBlockServlet. +// */ +// public VerifyAuthenticationBlockServlet() { +// super(); +// } +// +// /** +// * GET requested by security layer implementation to verify +// * that data URL resource is available. +// * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) +// */ +// protected void doGet(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// +// //doPost(req, resp); +// +// Logger.debug("GET VerifyAuthenticationBlock"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// } +// +// /** +// * Verifies the signed authentication block and redirects the browser +// * to the online application requested, adding a parameter needed for +// * retrieving the authentication data. +// *
    +// * Request parameters: +// *
      +// *
    • MOASessionID: ID of associated authentication session
    • +// *
    • XMLResponse: <CreateXMLSignatureResponse>
    • +// *
    +// * Response: +// *
      +// *
    • Status: 302
    • +// *
    • Header "Location": URL of the online application requested, with +// * parameters "Target"(only if the online application is +// * a public service) and "SAMLArtifact" added
    • +// *
    • Error status: 500 +// *
    +// * @see AuthenticationServer#verifyAuthenticationBlock +// * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) +// */ +// protected void doPost(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// +// Logger.debug("POST VerifyAuthenticationBlock"); +// +// Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// String pendingRequestID = null; +// +// Map parameters; +// try +// { +// parameters = getParameters(req); +// } catch (FileUploadException e) +// { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// +// } +// String sessionID = req.getParameter(PARAM_SESSIONID); +// String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); +// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); +// +// String redirectURL = null; +// try { +// // check parameter +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); +// if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) +// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); +// +// AuthenticationSession session = AuthenticationServer.getSession(sessionID); +// +// //change MOASessionID +// sessionID = AuthenticationSessionStoreage.changeSessionID(session); +// +// String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); +// +// +// +// if (samlArtifactBase64 == null) { +// //mandate Mode +// +// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); +// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); +// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); +// +// // get identitity link as byte[] +// Element elem = session.getIdentityLink().getSamlAssertion(); +// String s = DOMUtils.serializeNode(elem); +// +// //System.out.println("IDL: " + s); +// +// byte[] idl = s.getBytes("UTF-8"); +// +// // redirect url +// // build redirect(to the GetMISSessionIdSerlvet) +// +// //change MOASessionID before MIS request +// String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); +// +// redirectURL = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// GET_MIS_SESSIONID, +// newMOASessionID); +// +// String oaURL = session.getOAURLRequested(); +// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); +// List profiles = oaParam.getMandateProfiles(); +// +// if (profiles == null) { +// Logger.error("No Mandate/Profile for OA configured."); +// throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID}); // } - - String oaFriendlyName = oaParam.getFriendlyName(); - String mandateReferenceValue = session.getMandateReferenceValue(); - byte[] cert = session.getEncodedSignerCertificate(); - byte[] authBlock = session.getAuthBlock().getBytes("UTF-8"); - - //TODO: check in case of SSO!!! - String targetType = null; - if(oaParam.getBusinessService()) { - String id = oaParam.getIdentityLinkDomainIdentifier(); - if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - targetType = id; - else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); - - } else { - targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); - } - - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( - connectionParameters.getUrl(), - idl, - cert, - oaFriendlyName, - redirectURL, - mandateReferenceValue, - profiles, - targetType, - authBlock, - sslFactory); - - if (misSessionID == null) { - Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); - throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); - } - - String redirectMISGUI = misSessionID.getRedirectURL(); - session.setMISSessionID(misSessionID.getSessiondId()); - - try { - AuthenticationSessionStoreage.storeSession(session); - } catch (MOADatabaseException e) { - throw new MOAIDException("Session store error", null); - } - - resp.setStatus(302); - resp.addHeader("Location", redirectMISGUI); - Logger.debug("REDIRECT TO: " + redirectURL); - } - else { - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - /*redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL);*/ - - - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64); - - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - } - - } - - catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (GeneralSecurityException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (PKIException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (TransformerException e) { - handleError(null, e, req, resp, pendingRequestID); - - } catch (Exception e) { - Logger.error("AuthBlockValidation has an interal Error.", e); - } - - - finally { - ConfigurationDBUtils.closeSession(); - } - - } - -} +// +//// String profilesArray[] = profiles.split(","); +//// for(int i = 0; i < profilesArray.length; i++) { +//// profilesArray[i] = profilesArray[i].trim(); +//// } +// +// String oaFriendlyName = oaParam.getFriendlyName(); +// String mandateReferenceValue = session.getMandateReferenceValue(); +// byte[] cert = session.getEncodedSignerCertificate(); +// byte[] authBlock = session.getAuthBlock().getBytes("UTF-8"); +// +// //TODO: check in case of SSO!!! +// String targetType = null; +// if(oaParam.getBusinessService()) { +// String id = oaParam.getIdentityLinkDomainIdentifier(); +// if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) +// targetType = id; +// else +// targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); +// +// } else { +// targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); +// } +// +// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( +// connectionParameters.getUrl(), +// idl, +// cert, +// oaFriendlyName, +// redirectURL, +// mandateReferenceValue, +// profiles, +// targetType, +// authBlock, +// sslFactory); +// +// if (misSessionID == null) { +// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); +// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); +// } +// +// String redirectMISGUI = misSessionID.getRedirectURL(); +// session.setMISSessionID(misSessionID.getSessiondId()); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// } catch (MOADatabaseException e) { +// throw new MOAIDException("Session store error", null); +// } +// +// resp.setStatus(302); +// resp.addHeader("Location", redirectMISGUI); +// Logger.debug("REDIRECT TO: " + redirectURL); +// } +// else { +// +// if (!samlArtifactBase64.equals("Redirect to Input Processor")) { +// /*redirectURL = session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); +// +// } +// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); +// redirectURL = resp.encodeRedirectURL(redirectURL);*/ +// +// +// redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), +// ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64); +// +// } else { +// redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); +// } +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// } +// +// } +// +// catch (MOAIDException ex) { +// handleError(null, ex, req, resp, pendingRequestID); +// +// } catch (GeneralSecurityException e) { +// handleError(null, e, req, resp, pendingRequestID); +// +// } catch (PKIException e) { +// handleError(null, e, req, resp, pendingRequestID); +// +// } catch (TransformerException e) { +// handleError(null, e, req, resp, pendingRequestID); +// +// } catch (Exception e) { +// Logger.error("AuthBlockValidation has an interal Error.", e); +// } +// +// +// finally { +// ConfigurationDBUtils.closeSession(); +// } +// +// } +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 2aa717a65..574452163 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -1,235 +1,235 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import iaik.x509.X509Certificate; - -import java.io.IOException; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.util.CertificateUtils; - -/** - * Servlet requested for getting the foreign eID - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * @deprecated Use {@link VerifyCertificateTask} instead. - * - */ -public class VerifyCertificateServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = -4110159749768152538L; - -/** - * Constructor for VerifyCertificateServlet. - */ - public VerifyCertificateServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET VerifyCertificateServlet"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - } - - /** - * Gets the signer certificate from the InfoboxReadRequest and - * responds with a new - * CreateXMLSignatureRequest. - *
    - * Request parameters: - *
      - *
    • MOASessionID: ID of associated authentication session
    • - *
    • XMLResponse: <InfoboxReadResponse>
    • - *
    - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyCertificateServlet"); - - Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String pendingRequestID = null; - - Map parameters; - try - { - parameters = getParameters(req); - } catch (FileUploadException e) - { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); - } - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - AuthenticationSession session = null; - try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); - - session = AuthenticationServer.getSession(sessionID); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - if (cert == null) { - Logger.error("Certificate could not be read."); - throw new AuthenticationException("auth.14", null); - } - - boolean useMandate = session.getUseMandate(); - - - if (useMandate) { - - // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); - - try { - AuthenticationSessionStoreage.storeSession(session); - } catch (MOADatabaseException e) { - throw new MOAIDException("session store error", null); - } - - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); - - } - else { - - - String countrycode = CertificateUtils.getIssuerCountry(cert); - if (countrycode != null) { - if (countrycode.compareToIgnoreCase("AT") == 0) { - Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode."); - throw new AuthenticationException("auth.22", null); - } - } - - // Foreign Identities Modus - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert); - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_GET_FOREIGN_ID, - session.getSessionID()); - - try { - AuthenticationSessionStoreage.storeSession(session); - } catch (MOADatabaseException e) { - throw new MOAIDException("session store error", null); - } - - ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); - - Logger.debug("Send CreateXMLSignatureRequest to BKU"); - } - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (Exception e) { - Logger.error("CertificateValidation has an interal Error.", e); - } - - - finally { - ConfigurationDBUtils.closeSession(); - } - } - - -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +///* +// * Copyright 2003 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// */ +// +// +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import iaik.x509.X509Certificate; +// +//import java.io.IOException; +//import java.util.Map; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.apache.commons.fileupload.FileUploadException; +//import org.apache.commons.lang.StringEscapeUtils; +// +//import at.gv.egovernment.moa.id.auth.AuthenticationServer; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask; +//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +//import at.gv.egovernment.moa.id.util.ServletUtils; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.spss.util.CertificateUtils; +// +///** +// * Servlet requested for getting the foreign eID +// * provided by the security layer implementation. +// * Utilizes the {@link AuthenticationServer}. +// * @deprecated Use {@link VerifyCertificateTask} instead. +// * +// */ +//public class VerifyCertificateServlet extends AuthServlet { +// +// /** +// * +// */ +// private static final long serialVersionUID = -4110159749768152538L; +// +///** +// * Constructor for VerifyCertificateServlet. +// */ +// public VerifyCertificateServlet() { +// super(); +// } +// +// /** +// * GET requested by security layer implementation to verify +// * that data URL resource is available. +// * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) +// */ +// protected void doGet(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// +// Logger.debug("GET VerifyCertificateServlet"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// } +// +// /** +// * Gets the signer certificate from the InfoboxReadRequest and +// * responds with a new +// * CreateXMLSignatureRequest. +// *
    +// * Request parameters: +// *
      +// *
    • MOASessionID: ID of associated authentication session
    • +// *
    • XMLResponse: <InfoboxReadResponse>
    • +// *
    +// * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) +// */ +// protected void doPost(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// +// Logger.debug("POST VerifyCertificateServlet"); +// +// Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// String pendingRequestID = null; +// +// Map parameters; +// try +// { +// parameters = getParameters(req); +// } catch (FileUploadException e) +// { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// } +// String sessionID = req.getParameter(PARAM_SESSIONID); +// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +// +// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); +// +// AuthenticationSession session = null; +// try { +// // check parameter +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); +// +// session = AuthenticationServer.getSession(sessionID); +// +// //change MOASessionID +// sessionID = AuthenticationSessionStoreage.changeSessionID(session); +// +// X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); +// if (cert == null) { +// Logger.error("Certificate could not be read."); +// throw new AuthenticationException("auth.14", null); +// } +// +// boolean useMandate = session.getUseMandate(); +// +// +// if (useMandate) { +// +// // verify certificate for OrganWalter +// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// } catch (MOADatabaseException e) { +// throw new MOAIDException("session store error", null); +// } +// +// ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); +// +// } +// else { +// +// +// String countrycode = CertificateUtils.getIssuerCountry(cert); +// if (countrycode != null) { +// if (countrycode.compareToIgnoreCase("AT") == 0) { +// Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode."); +// throw new AuthenticationException("auth.22", null); +// } +// } +// +// // Foreign Identities Modus +// String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert); +// // build dataurl (to the GetForeignIDSerlvet) +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_GET_FOREIGN_ID, +// session.getSessionID()); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// } catch (MOADatabaseException e) { +// throw new MOAIDException("session store error", null); +// } +// +// ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); +// +// Logger.debug("Send CreateXMLSignatureRequest to BKU"); +// } +// } +// catch (MOAIDException ex) { +// handleError(null, ex, req, resp, pendingRequestID); +// +// } catch (Exception e) { +// Logger.error("CertificateValidation has an interal Error.", e); +// } +// +// +// finally { +// ConfigurationDBUtils.closeSession(); +// } +// } +// +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index b8e57ed43..75559534b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,278 +1,278 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet requested for verifying the identity link - * provided by the security layer implementation. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @deprecated Use {@link VerifyIdentityLinkTask} instead. - */ -public class VerifyIdentityLinkServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = -7074476974026049958L; - -/** - * Constructor for VerifyIdentityLinkServlet. - */ - public VerifyIdentityLinkServlet() { - super(); - } - - /** - * GET requested by security layer implementation to verify - * that data URL resource is available. - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET VerifyIdentityLink"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - } - - /** - * Verifies the identity link and responds with a new - * CreateXMLSignatureRequest or a new - * InfoboxReadRequest (in case of a foreign eID card). - *
    - * Request parameters: - *
      - *
    • MOASessionID: ID of associated authentication session
    • - *
    • XMLResponse: <InfoboxReadResponse>
    • - *
    - * Response: - *
      - *
    • Content type: "text/xml"
    • - *
    • Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
    • - *
    • Error status: 500 - *
    - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("POST VerifyIdentityLink"); - - Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); - - Map parameters; - String pendingRequestID = null; - - try - { - parameters = getParameters(req); - - } catch (Exception e) - { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new IOException(e.getMessage()); - } - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - - try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); - - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); - - Logger.debug(createXMLSignatureRequestOrRedirect); - - - if (createXMLSignatureRequestOrRedirect == null) { - // no identity link found - - boolean useMandate = session.getUseMandate(); - if (useMandate) { - Logger.error("Online-Mandate Mode for foreign citizencs not supported."); - throw new AuthenticationException("auth.13", null); - } - - try { - - Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); - - // create the InfoboxReadRequest to get the certificate - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl (to the VerifyCertificateSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); - - - ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - - - } - catch(Exception e) { - handleError(null, e, req, resp, pendingRequestID); - } - - } - else { - boolean useMandate = session.getUseMandate(); - - if (useMandate) { // Mandate modus - // read certificate and set dataurl to - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - - - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); - - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); - //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - - } - else { - Logger.info("Normal"); - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - AuthConfigurationProvider authConf = AuthConfigurationProvider - .getInstance(); - - createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() - .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); - - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); - } - } - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - Logger.info("No valid MOA session found. Authentification process is abourted."); - throw new AuthenticationException("auth.20", null); - } - } - catch (ParseException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (Exception e) { - Logger.error("IdentityLinkValidation has an interal Error.", e); - } - - finally { - ConfigurationDBUtils.closeSession(); - } - } - -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +///* +// * Copyright 2003 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// */ +// +// +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import java.io.IOException; +//import java.util.Map; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.apache.commons.lang.StringEscapeUtils; +// +//import at.gv.egovernment.moa.id.auth.AuthenticationServer; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +//import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.ParseException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask; +//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +//import at.gv.egovernment.moa.id.util.ServletUtils; +//import at.gv.egovernment.moa.logging.Logger; +// +///** +// * Servlet requested for verifying the identity link +// * provided by the security layer implementation. +// * Utilizes the {@link AuthenticationServer}. +// * +// * @author Paul Ivancsics +// * @version $Id$ +// * @deprecated Use {@link VerifyIdentityLinkTask} instead. +// */ +//public class VerifyIdentityLinkServlet extends AuthServlet { +// +// /** +// * +// */ +// private static final long serialVersionUID = -7074476974026049958L; +// +///** +// * Constructor for VerifyIdentityLinkServlet. +// */ +// public VerifyIdentityLinkServlet() { +// super(); +// } +// +// /** +// * GET requested by security layer implementation to verify +// * that data URL resource is available. +// * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) +// */ +// protected void doGet(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// +// Logger.debug("GET VerifyIdentityLink"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// } +// +// /** +// * Verifies the identity link and responds with a new +// * CreateXMLSignatureRequest or a new +// * InfoboxReadRequest (in case of a foreign eID card). +// *
    +// * Request parameters: +// *
      +// *
    • MOASessionID: ID of associated authentication session
    • +// *
    • XMLResponse: <InfoboxReadResponse>
    • +// *
    +// * Response: +// *
      +// *
    • Content type: "text/xml"
    • +// *
    • Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
    • +// *
    • Error status: 500 +// *
    +// * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) +// */ +// protected void doPost(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// +// Logger.debug("POST VerifyIdentityLink"); +// +// Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); +// +// Map parameters; +// String pendingRequestID = null; +// +// try +// { +// parameters = getParameters(req); +// +// } catch (Exception e) +// { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// } +// String sessionID = req.getParameter(PARAM_SESSIONID); +// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +// +// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// +// try { +// // check parameter +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); +// +// +// AuthenticationSession session = AuthenticationServer.getSession(sessionID); +// +// //change MOASessionID +// sessionID = AuthenticationSessionStoreage.changeSessionID(session); +// +// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); +// +// Logger.debug(createXMLSignatureRequestOrRedirect); +// +// +// if (createXMLSignatureRequestOrRedirect == null) { +// // no identity link found +// +// boolean useMandate = session.getUseMandate(); +// if (useMandate) { +// Logger.error("Online-Mandate Mode for foreign citizencs not supported."); +// throw new AuthenticationException("auth.13", null); +// } +// +// try { +// +// Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); +// +// // create the InfoboxReadRequest to get the certificate +// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); +// +// // build dataurl (to the VerifyCertificateSerlvet) +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_VERIFY_CERTIFICATE, +// session.getSessionID()); +// +// +// ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// +// +// } +// catch(Exception e) { +// handleError(null, e, req, resp, pendingRequestID); +// } +// +// } +// else { +// boolean useMandate = session.getUseMandate(); +// +// if (useMandate) { // Mandate modus +// // read certificate and set dataurl to +// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); +// +// +// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); +// +// // build dataurl (to the GetForeignIDSerlvet) +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_VERIFY_CERTIFICATE, +// session.getSessionID()); +// +// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); +// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// +// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); +// ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// +// } +// else { +// Logger.info("Normal"); +// +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// AuthConfigurationProvider authConf = AuthConfigurationProvider +// .getInstance(); +// +// createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() +// .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, +// authConf, oaParam); +// +// ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); +// } +// } +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// Logger.info("No valid MOA session found. Authentification process is abourted."); +// throw new AuthenticationException("auth.20", null); +// } +// } +// catch (ParseException ex) { +// handleError(null, ex, req, resp, pendingRequestID); +// +// } catch (MOAIDException ex) { +// handleError(null, ex, req, resp, pendingRequestID); +// +// } catch (Exception e) { +// Logger.error("IdentityLinkValidation has an interal Error.", e); +// } +// +// finally { +// ConfigurationDBUtils.closeSession(); +// } +// } +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index a2e8bab9b..e9019ded4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -36,6 +36,8 @@ package at.gv.egovernment.moa.id.config; +import java.io.Serializable; + import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; @@ -45,8 +47,10 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; * * @author Harald Bratko */ -public class OAParameter { +public class OAParameter implements Serializable { + private static final long serialVersionUID = 1L; + public OAParameter() { } public OAParameter(OnlineApplication oa) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index c336eb316..56cd36dcd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -165,4 +165,6 @@ public interface IOAAuthParameters { */ boolean isPerformLocalAuthenticationOnInterfederationError(); + public List getReversionsLoggingEventCodes(); + } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 933dddb31..451dedc31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -55,6 +55,7 @@ import java.util.Map; import org.apache.commons.lang.SerializationUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -630,4 +631,14 @@ public PrivateKey getBPKDecBpkDecryptionKey() { } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ +@Override +public List getReversionsLoggingEventCodes() { + // TODO !!!!! + return MOAReversionLogger.getInstance().getDefaulttReversionsLoggingEventCodes(); +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index e576522bf..928515758 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -398,4 +398,13 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam // TODO Auto-generated method stub return false; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ + @Override + public List getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index fa564d046..6893a794a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -30,6 +30,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; @@ -130,7 +132,8 @@ public class DispatcherServlet extends AuthServlet{ } if (errorRequest != null) { - RequestStorage.removePendingRequest(pendingRequestID); + RequestStorage.removePendingRequest(pendingRequestID); + MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR); try { IModulInfo handlingModule = ModulStorage @@ -271,18 +274,22 @@ public class DispatcherServlet extends AuthServlet{ return; } } else { - try { - //set transactionID to Logger - protocolRequestID = Random.nextRandom(); - + try { //load unique session identifier with SSO-sessionID uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); if (MiscUtil.isEmpty(uniqueSessionIdentifier)) uniqueSessionIdentifier = Random.nextRandom(); - - TransactionIDUtils.setTransactionId(protocolRequestID); TransactionIDUtils.setSessionId(uniqueSessionIdentifier); - + + //set transactionID to Logger + protocolRequestID = Random.nextRandom(); + TransactionIDUtils.setTransactionId(protocolRequestID); + + //log information for security and process reversion + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier); + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID); + MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.SESSION_IP, req.getRemoteAddr()); + protocolRequest = info.preProcess(req, resp, action); //request is a valid interfederation response @@ -396,8 +403,7 @@ public class DispatcherServlet extends AuthServlet{ boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); - if (needAuthentication) { - + if (needAuthentication) { //check if interfederation IDP is requested ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest); @@ -409,6 +415,9 @@ public class DispatcherServlet extends AuthServlet{ Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), + protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); + AuthenticationSessionStoreage.destroySession(correspondingMOASession); ssomanager.deleteSSOSessionID(req, resp); } @@ -439,6 +448,10 @@ public class DispatcherServlet extends AuthServlet{ boolean tryperform = authmanager.tryPerformAuthentication( req, resp); + if (tryperform) + MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), + protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED); + if (protocolRequest.forceAuth()) { if (!tryperform) { authmanager.doAuthentication(req, resp, @@ -448,12 +461,15 @@ public class DispatcherServlet extends AuthServlet{ } else if (protocolRequest.isPassiv()) { if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { // Passive authentication ok! + // Is authenticated .. proceed + } else { throw new NoPassivAuthenticationException(); } } else { if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { - // Is authenticated .. proceed + // Is authenticated .. proceed + } else { // Start authentication! authmanager.doAuthentication(req, resp, @@ -463,10 +479,12 @@ public class DispatcherServlet extends AuthServlet{ } if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension - { - + { if (useSSOOA && isValidSSOSession) { - + + MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), + protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO); + moasessionID = ssomanager.getMOASession(ssoId); moasession = AuthenticationSessionStoreage.getSession(moasessionID); @@ -531,6 +549,7 @@ public class DispatcherServlet extends AuthServlet{ } else { authmanager.performOnlyIDPLogOut(req, resp, moasessionID); + } //Advanced statistic logging @@ -550,6 +569,10 @@ public class DispatcherServlet extends AuthServlet{ } + //log transaction_destroy to reversionslog + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID); + + } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); @@ -560,13 +583,14 @@ public class DispatcherServlet extends AuthServlet{ handleErrorNoRedirect(e.getMessage(), e, req, resp); } - + finally { ConfigurationDBUtils.closeSession(); Logger.trace("Clossing Dispatcher processing loop"); TransactionIDUtils.removeTransactionId(); - TransactionIDUtils.removeSessionId(); + TransactionIDUtils.removeSessionId(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index cbfdfc36b..d3e9b5120 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -61,10 +61,13 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -148,7 +151,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { authSession.setAuthenticatedUsed(true); AuthenticationSessionStoreage.storeSession(authSession); - + return true; // got authenticated } } @@ -335,6 +338,10 @@ public class AuthenticationManager implements MOAIDAuthConstants { authSession.setAuthenticated(false); //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); AuthenticationSessionStoreage.destroySession(moaSessionID); @@ -351,13 +358,17 @@ public class AuthenticationManager implements MOAIDAuthConstants { HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { - Logger.info("Starting authentication ..."); + Logger.info("Starting authentication ..."); + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_START); if (MiscUtil.isEmpty(target.getRequestedIDP())) { perfomLocalAuthentication(request, response, target); } else { Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ..."); + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION); buildPVP21AuthenticationRequest(request, response, target); } @@ -370,7 +381,10 @@ public class AuthenticationManager implements MOAIDAuthConstants { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), target.requestedAction(), target.getRequestID(), oaParam, AuthConfigurationProvider.getInstance().getPublicURLPrefix()); - + + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); out.print(form); @@ -592,6 +606,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { executionContext.put("useMandate", moasession.getUseMandate()); executionContext.put("bkuURL", moasession.getBkuURL()); executionContext.put(PARAM_SESSIONID, moasession.getSessionID()); + executionContext.put("pendingRequestID", target.getRequestID()); // create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); @@ -620,6 +635,9 @@ public class AuthenticationManager implements MOAIDAuthConstants { processEngine.start(processInstanceId); } else { + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); + //load Parameters from OnlineApplicationConfiguration OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(target.getOAURL()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 7fe933695..8f3ed9fdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -27,6 +27,7 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; public interface IRequest { @@ -45,6 +46,7 @@ public interface IRequest { public String getRequestedIDP(); public MOAResponse getInterfederationResponse(); public List getRequestedAttributes(); + public IOAAuthParameters getOnlineApplicationConfiguration(); //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 77256c897..26fb7bd29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -27,6 +27,7 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; public abstract class RequestImpl implements IRequest, Serializable{ @@ -42,6 +43,7 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String target = null; private String requestID; private String sessionIdentifier; + private IOAAuthParameters OAConfiguration = null; //MOA-ID interfederation private String requestedIDP = null; @@ -158,4 +160,13 @@ public abstract class RequestImpl implements IRequest, Serializable{ } + public IOAAuthParameters getOnlineApplicationConfiguration() { + return this.OAConfiguration; + + } + + public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) { + this.OAConfiguration = oaConfig; + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 4c70ce995..562113920 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,6 +30,8 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -61,8 +63,10 @@ class OAuth20AuthAction implements IAction { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); - String code = Random.nextRandom(); + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); + String code = Random.nextRandom(); + try { String accessToken = UUID.randomUUID().toString(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index c47e366a1..5a4655b42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -152,13 +152,15 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()) - .getoAuth20Config(); + OAAuthParameter oaConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()); + OAOAUTH20 oAuthConfig = oaConfig.getoAuth20Config(); if (!this.getClientID().equals(oAuthConfig.getOAuthClientId()) || !this.getRedirectUri().equals(oAuthConfig.getOAuthRedirectUri())) { throw new OAuth20AccessDeniedException(); } + + this.setOnlineApplicationConfiguration(oaConfig); } catch (ConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 944da38d0..2238a25e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,6 +26,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.IAuthData; @@ -51,6 +53,8 @@ class OAuth20TokenAction implements IAction { try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); + try { Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 3c90a5773..50240b37b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -31,6 +31,7 @@ import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -121,8 +122,8 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()) - .getoAuth20Config(); + OAAuthParameter oaConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()); + OAOAUTH20 oAuthConfig = oaConfig.getoAuth20Config(); if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())) { throw new OAuth20AccessDeniedException(); @@ -132,6 +133,8 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { throw new OAuth20AccessDeniedException(); } + this.setOnlineApplicationConfiguration(oaConfig); + } catch (ConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 0a8a6a581..1b187d82e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -64,6 +64,8 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.data.IAuthData; @@ -85,6 +87,8 @@ public class MetadataAction implements IAction { HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { try { + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); + EntitiesDescriptor idpEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 045db3f45..fbbc4b817 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -57,6 +57,8 @@ import org.opensaml.xml.signature.SignableXMLObject; import java.util.Arrays; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; @@ -253,12 +255,16 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); if (obj instanceof RequestImpl) { RequestImpl iReqSP = (RequestImpl) obj; + + MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); if ( processedMsg != null ) { iReqSP.setInterfederationResponse(processedMsg); + MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); + Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() + ". Switch to original transaction with ID " + iReqSP.getRequestID()); TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); @@ -467,11 +473,15 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String oaURL = metadata.getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); - config.setOAURL(oaURL); - config.setBinding(msg.getRequestBinding()); + config.setOAURL(oaURL); + config.setOnlineApplicationConfiguration(oa); + config.setBinding(msg.getRequestBinding()); + + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO); } else if (inMsg instanceof MOAResponse && @@ -546,8 +556,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { PVPTargetConfiguration config = new PVPTargetConfiguration(); config.setRequest(moaRequest); config.setOAURL(moaRequest.getEntityID()); + config.setOnlineApplicationConfiguration(oa); config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); + return config; } @@ -634,11 +647,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String oaURL = moaRequest.getEntityMetadata().getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); PVPTargetConfiguration config = new PVPTargetConfiguration(); config.setOAURL(oaURL); + config.setOnlineApplicationConfiguration(oa); config.setBinding(consumerService.getBinding()); config.setRequest(moaRequest); config.setConsumerURL(consumerService.getLocation()); @@ -646,7 +661,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { //parse AuthRequest config.setPassiv(authReq.isPassive()); config.setForce(authReq.isForceAuthn()); - + + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); + return config; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 9934c339d..4c30a1148 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -155,8 +155,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { throw new InvalidProtocolRequestException("auth.00", new Object[] { null }); } - + config.setOnlineApplicationConfiguration(oaParam); config.setSourceID(sourceID); + if (MiscUtil.isNotEmpty(target)) config.setTarget(target); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 57531992d..1ef08464f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -192,6 +192,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); else { + STORK2Request.setOnlineApplicationConfiguration(oaParam); if (oaParam.isSTORKPVPGateway()) { if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) { Logger.info("Received request for STORK->PVP gateway. " + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 1edb8d1f3..8e42f0df7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -48,6 +48,12 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; import java.io.Serializable; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; public class MISMandate implements Serializable{ @@ -91,6 +97,28 @@ public class MISMandate implements Serializable{ public byte[] getMandate() { return mandate; } + + public Element getMandateDOM() { + try { + byte[] byteMandate = mandate; + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + + } + catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } + + public Mandate getMandateJaxB() { + Element domMandate = getMandateDOM(); + if (domMandate != null) + return MandateBuilder.buildMandate(domMandate); + + return null; + } + public void setMandate(byte[] mandate) { this.mandate = mandate; } diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index 021ee62cf..940f9c3f4 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -8,6 +8,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -20,6 +22,8 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -79,6 +83,11 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { AuthenticationSession moasession = AuthenticationServer.getSession(sessionID); pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + IRequest pendingReq = RequestStorage.getPendingRequest( + (String) executionContext.get("pendingRequestID")); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, moasession.getCcc()); + if (StringUtils.isEmpty(moasession.getCcc())) { // illegal state; task should not have been executed without a selected country throw new AuthenticationException("stork.22", new Object[] { sessionID }); @@ -97,6 +106,9 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc()); AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED); + } catch (MOAIDException ex) { throw new TaskExecutionException(ex.getMessage(), ex); -- cgit v1.2.3