From bba86def6a69726671838ebdacb918d3ede5de16 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 13 Jun 2013 13:19:38 +0200 Subject: + cleanup MOAIDSession class + update authentication process to use new MOAIDSession class + move MOAIDSession to Hibernate Database + activate Mandates for SAML1 !!Stork authentication not tested!! --- .../moa/id/auth/AuthenticationServer.java | 270 +++++++----- .../AuthenticationDataAssertionBuilder.java | 1 - .../moa/id/auth/data/AuthenticationSession.java | 465 +++++++++++---------- .../id/auth/data/ExtendedSAMLAttributeImpl.java | 9 +- .../egovernment/moa/id/auth/data/IdentityLink.java | 6 +- .../moa/id/auth/servlet/GetForeignIDServlet.java | 10 + .../id/auth/servlet/GetMISSessionIDServlet.java | 41 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 9 + .../auth/servlet/ProcessValidatorInputServlet.java | 12 +- .../servlet/VerifyAuthenticationBlockServlet.java | 20 +- .../id/config/auth/AuthConfigurationProvider.java | 2 + .../moa/id/moduls/AuthenticationManager.java | 71 +++- .../moa/id/moduls/AuthenticationSessionStore.java | 84 ---- .../protocols/saml1/SAML1AuthenticationServer.java | 142 +++++-- .../moa/id/storage/AssertionStorage.java | 30 +- .../id/storage/AuthenticationSessionStoreage.java | 242 +++++++++++ .../gv/egovernment/moa/id/commons/db/DBUtils.java | 36 +- .../moa/id/commons/db/HibernateUtil.java | 19 +- .../moa/id/commons/db/dao/AssertionStore.java | 13 +- .../src/main/resources/hibernate.cfg.xml | 1 + 20 files changed, 970 insertions(+), 513 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9ffd72cda..911920e83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; +import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -32,7 +33,7 @@ import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; +//import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; @@ -103,6 +104,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -113,8 +115,8 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore; import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -152,7 +154,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** single instance */ private static AuthenticationServer instance; /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); + //private static Map sessionStore = new HashMap(); /** * time out in milliseconds used by {@link cleanup} for session store @@ -269,6 +271,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthURL(authURL); session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); String bkuSelectionType = AuthConfigurationProvider.getInstance() @@ -498,6 +508,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { pushInfobox = verifyInfoboxParameters.getPushInfobox(); session.setPushInfobox(pushInfobox); } + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(oaParam.getSlVersion12()); String certInfoDataURL = new DataURLBuilder() @@ -641,8 +659,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam .getProvideStammzahl()); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + + return returnvalue; } /** @@ -673,7 +700,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String verifyCertificate(String sessionID, X509Certificate certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { + ValidateException, ServiceException, MOAIDException{ if (isEmpty(sessionID)) throw new AuthenticationException("auth.10", new Object[] { @@ -693,8 +720,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, authConf, oaParam, isOW); + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + } + + + return returnvalue; } /** @@ -716,11 +752,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <CreateXMLSignatureRequest> */ - public void verifyMandate(String sessionID, MISMandate mandate) + public void verifyMandate(AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); @@ -731,7 +767,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -758,6 +794,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // set extended SAML attributes if provideMandatorData is true setExtendedSAMLAttributeForMandates(session, mandate, oaParam .getBusinessService(), oaParam.getProvideStammzahl()); + + //AuthenticationSessionStoreage.storeSession(session); + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -985,7 +1024,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); /* * if (session.getTimestampIdentityLink() != null) throw new * AuthenticationException("auth.01", new Object[] { sessionID }); @@ -1099,6 +1138,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session); + + return authBlock; } @@ -1806,18 +1847,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlock(String sessionID, + public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses @@ -1930,24 +1973,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC, false); + //set Authblock + session.setAuthData(authData); + + //set signer certificate + session.setSignerCertificate(vsresp.getX509certificate()); + if (session.getUseMandate()) { // mandate mode + // session.setAssertionAuthBlock(assertionAuthBlock) - - // set signer certificate - session.setSignerCertificate(vsresp.getX509certificate()); - return null; } else { - session.setAuthData(authData); + session.setAuthenticatedUsed(false); session.setAuthenticated(true); - session.setXMLVerifySignatureResponse(vsresp); + //TODO: check if this element is needed!!! + //session.setXMLVerifySignatureResponse(vsresp); + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2015,15 +2066,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(String sessionID, + public String verifyAuthenticationBlockMandate(AuthenticationSession session, Element mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); @@ -2089,7 +2141,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds authentication data and stores it together with a SAML // artifact - AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, + + // TODO: Check, if this element is in use!!!! + //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, // vsresp, // replacementIdentityLink); @@ -2143,13 +2197,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - session.setAuthData(authData); + //TODO: Check, if this element is in use!!! + //session.setAuthData(authData); + session.setMandateData(mandateData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2305,20 +2365,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); + +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); + AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC, true); session.setAuthData(authData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); - session.setXMLVerifySignatureResponse(vsresp); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); + //TODO: check, if it element is in use!!!! + //session.setXMLVerifySignatureResponse(vsresp); + + //session is implicit stored in changeSessionID!!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; + //TODO: regenerate MOASession ID! /* String samlAssertion = new AuthenticationDataAssertionBuilder().build( @@ -2379,8 +2446,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + boolean businessService = oaParam.getBusinessService(); authData.setMajorVersion(1); authData.setMinorVersion(0); @@ -2399,28 +2468,31 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); if (provideStammzahl) { authData.setIdentificationValue(identityLink .getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); + +// String prPerson = new PersonDataBuilder().build(identityLink, +// provideStammzahl); try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); +// String signerCertificateBase64 = ""; +// if (oaParam.getProvideCertifcate()) { +// X509Certificate signerCertificate = verifyXMLSigResp +// .getX509certificate(); +// if (signerCertificate != null) { +// signerCertificateBase64 = Base64Utils +// .encode(signerCertificate.getEncoded()); +// } else { +// Logger +// .info("\"provideCertificate\" is \"true\", but no signer certificate available"); +// } +// } +// authData.setSignerCertificate(signerCertificateBase64); + if(!isForeigner) { //we have Austrian citizen if (businessService) { @@ -2460,22 +2532,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); - } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; +// String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink +// .getSerializedSamlAssertion() +// : ""; +// if (!oaParam.getProvideStammzahl()) { +// ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink +// .getIdentificationValue(), ""); +// } +// String authBlock = oaParam.getProvideAuthBlock() ? session +// .getAuthBlock() : ""; - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); + + //TODO: check, if this elements are in use!!!! +// session.setAssertionAuthBlock(authBlock); +// session.setAssertionAuthData(authData); +// session.setAssertionBusinessService(businessService); +// session.setAssertionIlAssertion(ilAssertion); +// session.setAssertionPrPerson(prPerson); +// session.setAssertionSignerCertificateBase64(signerCertificateBase64); return authData; @@ -2498,20 +2572,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { private static AuthenticationSession newSession() throws AuthenticationException { - return AuthenticationSessionStore.createSession(); - - /* - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); + try { + return AuthenticationSessionStoreage.createSession(); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); } - return newSession;*/ } /** @@ -2525,12 +2591,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = AuthenticationSessionStore.getSession(id); + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + /*(AuthenticationSession) sessionStore .get(id);*/ - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[] { id }); + } } /** @@ -2538,20 +2611,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } + //clean AuthenticationSessionStore + //TODO: acutally the StartAuthentificaten timestamp is used!!!!! + //TODO: maybe change this to lastupdate timestamp. + AuthenticationSessionStoreage.clean(now, sessionTimeOut); + //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); assertionstore.clean(now, authDataTimeOut); @@ -2921,12 +2986,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - CertificateFactory cf; - X509Certificate cert = null; - cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate)cf.generateCertificate(is); - - return cert; + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + +// CertificateFactory cf; +// X509Certificate cert = null; +// cf = CertificateFactory.getInstance("X.509"); +// CertificateFactory +// cert = (X509Certificate)cf.generateCertificate(is); +// return cert; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 0742261a7..7137ce414 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes, boolean useCondition, int conditionLength) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 3e909ecd4..e023acafa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; +import java.io.Serializable; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; import java.util.Iterator; @@ -45,8 +48,13 @@ import eu.stork.mw.messages.saml.STORKAuthnRequest; * @author Paul Ivancsics * @version $Id$ */ -public class AuthenticationSession { +public class AuthenticationSession implements Serializable { + /** + * + */ + private static final long serialVersionUID = 1L; + private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; @@ -70,10 +78,7 @@ public class AuthenticationSession { * SourceID */ private String sourceID; - /** - * Indicates if target from configuration is used or not - */ - private boolean useTargetFromConfig; + /** * public online application URL requested */ @@ -96,6 +101,13 @@ public class AuthenticationSession { */ private String bkuURL; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; + + //Store Mandate /** * Use mandate */ @@ -106,66 +118,43 @@ public class AuthenticationSession { */ private String mandateReferenceValue; - /** - * Authentication data for the assertion - */ - private AuthenticationData assertionAuthData; - - /** - * Persondata for the assertion - */ - private String assertionPrPerson; - - /** - * Authblock for the assertion - */ - private String assertionAuthBlock; - - /** - * Identitylink assertion for the (MOA) assertion - */ - private String assertionIlAssertion; - - /** - * Signer certificate (base64 encoded) for the assertion - */ - private String assertionSignerCertificateBase64; - - /** - * bussiness service for the assertion - */ - boolean assertionBusinessService; - /** * SessionID for MIS */ private String misSessionID; + + private String mandateData; + + //store Identitylink /** * identity link read from smartcard */ private IdentityLink identityLink; - /** - * authentication block to be signed by the user - */ - private String authBlock; - /** - * timestamp logging when authentication session has been created - */ - private Date timestampStart; + /** * timestamp logging when identity link has been received */ private Date timestampIdentityLink; + + //store Authblock /** - * Indicates whether the corresponding online application is a business - * service or not + * authentication block to be signed by the user */ - private boolean businessService; + private String authBlock; + + /** + * The issuing time of the AUTH-Block SAML assertion. + */ + private String issueInstant; + //Signer certificate /** * Signer certificate of the foreign citizen or for mandate mode */ - private X509Certificate signerCertificate; + //private X509Certificate signerCertificate; + private byte[] signerCertificate; + + /** * SAML attributes from an extended infobox validation to be appended to the * SAML assertion delivered to the final online application. @@ -184,11 +173,8 @@ public class AuthenticationSession { */ private List extendedSAMLAttributesAUTH; - /** - * The issuing time of the AUTH-Block SAML assertion. - */ - private String issueInstant; - + + //TODO: check if it is in use! /** * If infobox validators are needed after signing, they can be stored in * this list. @@ -212,11 +198,61 @@ public class AuthenticationSession { */ private STORKAuthnRequest storkAuthnRequest; - private AuthenticationData authData; - private String mandateData; + private AuthenticationData authData; + + //protocol selection + private String action; private String modul; + + private boolean authenticated; + private boolean authenticatedUsed = false; + + +// /** +// * Indicates if target from configuration is used or not +// */ +// private boolean useTargetFromConfig; + +// /** +// * Authentication data for the assertion +// */ +// private AuthenticationData assertionAuthData; +// +// /** +// * Persondata for the assertion +// */ +// private String assertionPrPerson; +// +// /** +// * Authblock for the assertion +// */ +// private String assertionAuthBlock; +// +// /** +// * Identitylink assertion for the (MOA) assertion +// */ +// private String assertionIlAssertion; +// +// /** +// * Signer certificate (base64 encoded) for the assertion +// */ +// private String assertionSignerCertificateBase64; +// +// /** +// * bussiness service for the assertion +// */ +// boolean assertionBusinessService; +// +// /** +// * timestamp logging when authentication session has been created +// */ +// private Date timestampStart; +// private CreateXMLSignatureResponse XMLCreateSignatureResponse; +// private VerifyXMLSignatureResponse XMLVerifySignatureResponse; +// private String requestedProtocolURL = null; + public String getModul() { return modul; } @@ -232,8 +268,6 @@ public class AuthenticationSession { public void setAction(String action) { this.action = action; } - - private String action; public String getMandateData() { return mandateData; @@ -251,16 +285,6 @@ public class AuthenticationSession { this.authData = authData; } - private CreateXMLSignatureResponse XMLCreateSignatureResponse; - - private VerifyXMLSignatureResponse XMLVerifySignatureResponse; - - private String requestedProtocolURL = null; - - private boolean authenticated; - - private boolean authenticatedUsed = false; - public boolean isAuthenticatedUsed() { return authenticatedUsed; } @@ -278,13 +302,13 @@ public class AuthenticationSession { } - public String getRequestedProtocolURL() { - return requestedProtocolURL; - } - - public void setRequestedProtocolURL(String requestedProtocolURL) { - this.requestedProtocolURL = requestedProtocolURL; - } +// public String getRequestedProtocolURL() { +// return requestedProtocolURL; +// } +// +// public void setRequestedProtocolURL(String requestedProtocolURL) { +// this.requestedProtocolURL = requestedProtocolURL; +// } /** * Constructor for AuthenticationSession. @@ -294,16 +318,29 @@ public class AuthenticationSession { */ public AuthenticationSession(String id) { sessionID = id; - setTimestampStart(); +// setTimestampStart(); infoboxValidators = new ArrayList(); } - public X509Certificate getSignerCertificate() { - return signerCertificate; + public X509Certificate getSignerCertificate(){ + try { + return new X509Certificate(signerCertificate); + } catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + return null; + } + } + + public byte[] getEncodedSignerCertificate() { + return this.signerCertificate; } public void setSignerCertificate(X509Certificate signerCertificate) { - this.signerCertificate = signerCertificate; + try { + this.signerCertificate = signerCertificate.getEncoded(); + } catch (CertificateEncodingException e) { + Logger.warn("Signer certificate can not be stored to session database!", e); + } } /** @@ -535,14 +572,14 @@ public class AuthenticationSession { this.businessService = businessService; } - /** - * Returns the timestampStart. - * - * @return Date - */ - public Date getTimestampStart() { - return timestampStart; - } +// /** +// * Returns the timestampStart. +// * +// * @return Date +// */ +// public Date getTimestampStart() { +// return timestampStart; +// } /** * Sets the current date as timestampIdentityLink. @@ -551,12 +588,12 @@ public class AuthenticationSession { timestampIdentityLink = new Date(); } - /** - * Sets the current date as timestampStart. - */ - public void setTimestampStart() { - timestampStart = new Date(); - } +// /** +// * Sets the current date as timestampStart. +// */ +// public void setTimestampStart() { +// timestampStart = new Date(); +// } /** * @return template URL @@ -827,24 +864,24 @@ public class AuthenticationSession { return this.useMandate; } - /** - * - * @param useTargetFromConfig - * indicates if target from config is used or not - */ - public void setUseTargetFromConfig(boolean useTargetFromConfig) { - this.useTargetFromConfig = useTargetFromConfig; - - } - - /** - * Returns if target is used from mandate or not - * - * @return - */ - public boolean getUseTargetFromConfig() { - return this.useTargetFromConfig; - } +// /** +// * +// * @param useTargetFromConfig +// * indicates if target from config is used or not +// */ +// public void setUseTargetFromConfig(boolean useTargetFromConfig) { +// this.useTargetFromConfig = useTargetFromConfig; +// +// } +// +// /** +// * Returns if target is used from mandate or not +// * +// * @return +// */ +// public boolean getUseTargetFromConfig() { +// return this.useTargetFromConfig; +// } /** * @@ -864,96 +901,96 @@ public class AuthenticationSession { return this.misSessionID; } - /** - * @return the assertionAuthData - */ - public AuthenticationData getAssertionAuthData() { - return assertionAuthData; - } - - /** - * @param assertionAuthData - * the assertionAuthData to set - */ - public void setAssertionAuthData(AuthenticationData assertionAuthData) { - this.assertionAuthData = assertionAuthData; - } - - /** - * @return the assertionPrPerson - */ - public String getAssertionPrPerson() { - return assertionPrPerson; - } - - /** - * @param assertionPrPerson - * the assertionPrPerson to set - */ - public void setAssertionPrPerson(String assertionPrPerson) { - this.assertionPrPerson = assertionPrPerson; - } - - /** - * @return the assertionAuthBlock - */ - public String getAssertionAuthBlock() { - return assertionAuthBlock; - } - - /** - * @param assertionAuthBlock - * the assertionAuthBlock to set - */ - public void setAssertionAuthBlock(String assertionAuthBlock) { - this.assertionAuthBlock = assertionAuthBlock; - } - - /** - * @return the assertionIlAssertion - */ - public String getAssertionIlAssertion() { - return assertionIlAssertion; - } - - /** - * @param assertionIlAssertion - * the assertionIlAssertion to set - */ - public void setAssertionIlAssertion(String assertionIlAssertion) { - this.assertionIlAssertion = assertionIlAssertion; - } - - /** - * @return the assertionSignerCertificateBase64 - */ - public String getAssertionSignerCertificateBase64() { - return assertionSignerCertificateBase64; - } - - /** - * @param assertionSignerCertificateBase64 - * the assertionSignerCertificateBase64 to set - */ - public void setAssertionSignerCertificateBase64( - String assertionSignerCertificateBase64) { - this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; - } - - /** - * @return the assertionBusinessService - */ - public boolean getAssertionBusinessService() { - return assertionBusinessService; - } - - /** - * @param assertionBusinessService - * the assertionBusinessService to set - */ - public void setAssertionBusinessService(boolean assertionBusinessService) { - this.assertionBusinessService = assertionBusinessService; - } +// /** +// * @return the assertionAuthData +// */ +// public AuthenticationData getAssertionAuthData() { +// return assertionAuthData; +// } +// +// /** +// * @param assertionAuthData +// * the assertionAuthData to set +// */ +// public void setAssertionAuthData(AuthenticationData assertionAuthData) { +// this.assertionAuthData = assertionAuthData; +// } +// +// /** +// * @return the assertionPrPerson +// */ +// public String getAssertionPrPerson() { +// return assertionPrPerson; +// } +// +// /** +// * @param assertionPrPerson +// * the assertionPrPerson to set +// */ +// public void setAssertionPrPerson(String assertionPrPerson) { +// this.assertionPrPerson = assertionPrPerson; +// } +// +// /** +// * @return the assertionAuthBlock +// */ +// public String getAssertionAuthBlock() { +// return assertionAuthBlock; +// } +// +// /** +// * @param assertionAuthBlock +// * the assertionAuthBlock to set +// */ +// public void setAssertionAuthBlock(String assertionAuthBlock) { +// this.assertionAuthBlock = assertionAuthBlock; +// } +// +// /** +// * @return the assertionIlAssertion +// */ +// public String getAssertionIlAssertion() { +// return assertionIlAssertion; +// } +// +// /** +// * @param assertionIlAssertion +// * the assertionIlAssertion to set +// */ +// public void setAssertionIlAssertion(String assertionIlAssertion) { +// this.assertionIlAssertion = assertionIlAssertion; +// } +// +// /** +// * @return the assertionSignerCertificateBase64 +// */ +// public String getAssertionSignerCertificateBase64() { +// return assertionSignerCertificateBase64; +// } +// +// /** +// * @param assertionSignerCertificateBase64 +// * the assertionSignerCertificateBase64 to set +// */ +// public void setAssertionSignerCertificateBase64( +// String assertionSignerCertificateBase64) { +// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; +// } +// +// /** +// * @return the assertionBusinessService +// */ +// public boolean getAssertionBusinessService() { +// return assertionBusinessService; +// } +// +// /** +// * @param assertionBusinessService +// * the assertionBusinessService to set +// */ +// public void setAssertionBusinessService(boolean assertionBusinessService) { +// this.assertionBusinessService = assertionBusinessService; +// } /** * @return the mandateReferenceValue @@ -989,20 +1026,20 @@ public class AuthenticationSession { this.storkAuthnRequest = storkAuthnRequest; } - public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { - return XMLCreateSignatureResponse; - } - - public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { - XMLCreateSignatureResponse = xMLCreateSignatureResponse; - } - - public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { - return XMLVerifySignatureResponse; - } - - public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) { - XMLVerifySignatureResponse = xMLVerifySignatureResponse; - } +// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { +// return XMLCreateSignatureResponse; +// } +// +// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { +// XMLCreateSignatureResponse = xMLCreateSignatureResponse; +// } + +// public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { +// return XMLVerifySignatureResponse; +// } +// +// public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) { +// XMLVerifySignatureResponse = xMLVerifySignatureResponse; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index 276e6414c..7523d7eaf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -24,15 +24,22 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; + /** * This class contains SAML attributes to be appended to the SAML assertion delivered to * the Online application. * * @author Harald Bratko */ -public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute { +public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{ /** + * + */ + private static final long serialVersionUID = 1L; + +/** * The value of this SAML attribute. Must be either of type java.lang.String * or org.w3c.Element. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 0d11dc4f0..b03f23ce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; +import java.io.Serializable; import java.security.PublicKey; import javax.xml.transform.TransformerException; @@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink { +public class IdentityLink implements Serializable{ + + private static final long serialVersionUID = 1L; + /** * "identificationValue" is the translation of "Stammzahl". */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 6516e64b7..0a3b8dc3e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -49,8 +49,11 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; @@ -189,6 +192,13 @@ public class GetForeignIDServlet extends AuthServlet { } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setContentType("text/html"); resp.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 04fbc0588..a74635232 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -164,7 +165,7 @@ public class GetMISSessionIDServlet extends AuthServlet { // verify mandate signature - AuthenticationServer.getInstance().verifyMandate(sessionID, mandate); + AuthenticationServer.getInstance().verifyMandate(session, mandate); byte[] byteMandate = mandate.getMandate(); String stringMandate = new String(byteMandate); @@ -176,26 +177,32 @@ public class GetMISSessionIDServlet extends AuthServlet { String redirectURL = null; String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc); + AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(session, mandateDoc); if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); +// redirectURL = session.getOAURLRequested(); +// +// if (!session.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); +// } +// +// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); +// redirectURL = resp.encodeRedirectURL(redirectURL); + + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + + } + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4ec894d47..0b30022f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -23,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; @@ -209,6 +211,13 @@ public class PEPSConnectorServlet extends AuthServlet { } else { redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID()); } + + try { + AuthenticationSessionStoreage.storeSession(moaSession); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + response.setContentType("text/html"); response.setStatus(302); response.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index b5c57d5cf..f89460a83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -245,7 +247,15 @@ public class ProcessValidatorInputServlet extends AuthServlet { resp.setStatus(302); resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); - } + } + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f62428ea5..dc4361da5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -48,10 +48,12 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -158,11 +160,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + + String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); + if (samlArtifactBase64 == null) { //mandate Mode @@ -203,8 +205,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); - X509Certificate cert = session.getSignerCertificate(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + byte[] cert = session.getEncodedSignerCertificate(); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); String redirectMISGUI = misSessionID.getRedirectURL(); if (misSessionID == null) { @@ -214,6 +216,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { session.setMISSessionID(misSessionID.getSessiondId()); + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setStatus(302); resp.addHeader("Location", redirectMISGUI); Logger.debug("REDIRECT TO: " + redirectURL); @@ -233,7 +241,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } - + resp.setContentType("text/html"); resp.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index d1f44d55c..d1e3d809c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -44,6 +44,7 @@ import eu.stork.vidp.messages.common.STORKBootstrap; import at.gv.egovernment.moa.id.commons.db.HibernateUtil; import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -303,6 +304,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { synchronized (AuthConfigurationProvider.class) { Configuration hibernateConfig = new Configuration(); hibernateConfig.addAnnotatedClass(AssertionStore.class); + hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class); hibernateConfig.addProperties(props); HibernateUtil.initHibernate(hibernateConfig, props); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 3254927ed..21e431bf8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -11,6 +11,8 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -25,7 +27,12 @@ public class AuthenticationManager implements MOAIDAuthConstants { String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); if (sessionID != null) { - return AuthenticationSessionStore.getSession(sessionID); + try { + return AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return null; + } } return null; } @@ -50,15 +57,24 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); - - if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); - return false; - } +// AuthenticationSession authSession; +// try { +// authSession = AuthenticationSessionStoreage +// .getSession(moaSessionID); +// +// } catch (MOADatabaseException e) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// if(authSession == null) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// return authSession.isAuthenticated(); - return authSession.isAuthenticated(); + return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); } /** @@ -76,8 +92,14 @@ public class AuthenticationManager implements MOAIDAuthConstants { String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(sessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return false; + } + if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " @@ -111,18 +133,29 @@ public class AuthenticationManager implements MOAIDAuthConstants { return; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //TODO: delete session from Database!!! + //AuthenticationSessionStoreage.destroySession(moaSessionID); + + session.invalidate(); - if(authSession == null) { + } catch (MOADatabaseException e) { Logger.info("NO MOA Authentication data for ID " + moaSessionID); return; } - - authSession.setAuthenticated(false); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - AuthenticationSessionStore.destroySession(moaSessionID); - session.invalidate(); + } public static void doAuthentication(HttpServletRequest request, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java deleted file mode 100644 index e54bba10d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java +++ /dev/null @@ -1,84 +0,0 @@ -package at.gv.egovernment.moa.id.moduls; - -import java.util.HashMap; -import java.util.Iterator; -import java.util.Set; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; - -public class AuthenticationSessionStore { - - private static HashMap sessionStore = new HashMap(); - - public static boolean isAuthenticated(String moaSessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(moaSessionID)) { - return sessionStore.get(moaSessionID).isAuthenticated(); - } - } - return false; - } - - public static AuthenticationSession createSession() { - String id = Random.nextRandom(); - AuthenticationSession session = new AuthenticationSession(id); - synchronized (sessionStore) { - sessionStore.put(id, session); - } - return session; - } - - public static void destroySession(String moaSessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(moaSessionID)) { - sessionStore.remove(moaSessionID); - } - } - } - - public static void dumpSessionStore() { - synchronized (sessionStore) { - Set keys = sessionStore.keySet(); - Iterator keyIterator = keys.iterator(); - while(keyIterator.hasNext()) { - String key = keyIterator.next(); - AuthenticationSession session = sessionStore.get(key); - Logger.info("Key: " + key + " -> " + session.toString()); - } - } - } - - public static String changeSessionID(AuthenticationSession session) - throws AuthenticationException { - synchronized (sessionStore) { - if (sessionStore.containsKey(session.getSessionID())) { - AuthenticationSession theSession = sessionStore.get(session - .getSessionID()); - if (theSession != session) { - throw new AuthenticationException("TODO!", null); - } - - sessionStore.remove(session.getSessionID()); - String id = Random.nextRandom(); - session.setSessionID(id); - sessionStore.put(id, session); - return id; - } - } - throw new AuthenticationException("TODO!", null); - } - - public static AuthenticationSession getSession(String sessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(sessionID)) { - return sessionStore.get(sessionID); - } - } - Logger.info("No MOA Session with id: " + sessionID); - return null; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 9f47123ab..6a86eb4a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -1,7 +1,10 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import iaik.x509.X509Certificate; + import java.io.File; import java.io.IOException; +import java.security.cert.CertificateEncodingException; import java.util.Date; import at.gv.egovernment.moa.id.AuthenticationException; @@ -9,8 +12,10 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -20,6 +25,8 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.StringUtils; public class SAML1AuthenticationServer extends AuthenticationServer { @@ -101,40 +108,113 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // builds authentication data and stores it together with a SAML // artifact - AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), - useUTC, false); - - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, session.getAssertionPrPerson(), - session.getAssertionAuthBlock(), - session.getAssertionIlAssertion(), session.getBkuURL(), - session.getAssertionSignerCertificateBase64(), - session.getAssertionBusinessService(), - session.getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); + + //TODO: check, if this is correct!!!! + //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), + // useUTC, false); + AuthenticationData authData = session.getAuthData(); + + //TODO: check, if this is correct!!!! +// String samlAssertion = new AuthenticationDataAssertionBuilder().build( +// authData, session.getAssertionPrPerson(), +// session.getAssertionAuthBlock(), +// session.getAssertionIlAssertion(), session.getBkuURL(), +// session.getAssertionSignerCertificateBase64(), +// session.getAssertionBusinessService(), +// session.getExtendedSAMLAttributesOA(), useCondition, +// conditionLength); - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); + try { + + //set BASE64 encoded signer certificate + String signerCertificateBase64 = ""; + if (oaParam.getProvideCertifcate()) { + byte[] signerCertificate = session.getEncodedSignerCertificate(); + if (signerCertificate != null) { + + signerCertificateBase64 = Base64Utils + .encode(signerCertificate); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } } - - String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), session.getSessionID(), - session.getSourceID()); + + //set prPersion + boolean provideStammzahl = oaParam.getProvideStammzahl(); + String prPerson = new PersonDataBuilder().build(session.getIdentityLink(), + provideStammzahl); + + //set Authblock + String authBlock = oaParam.getProvideAuthBlock() ? session + .getAuthBlock() : ""; + + //set IdentityLink for assortion + String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink() + .getSerializedSamlAssertion() + : ""; + if (!oaParam.getProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink() + .getIdentificationValue(), ""); + } + + String samlAssertion; + + if (session.getUseMandate()) { + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( + authData, + prPerson, + session.getMandateData(), + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + + } else { + samlAssertion = new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + } + + authData.setSamlAssertion(samlAssertion); + + String assertionFile = AuthConfigurationProvider.getInstance() + .getGenericConfigurationParameter( + "AuthenticationServer.WriteAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) + try { + ParepUtils.saveStringToFile(samlAssertion, new File( + assertionFile)); + } catch (IOException e) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", e.toString() }, e); + } + + String samlArtifact = new SAMLArtifactBuilder().build( + session.getAuthURL(), session.getSessionID(), + session.getSourceID()); + + storeAuthenticationData(samlArtifact, authData); + + Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() + + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; - storeAuthenticationData(samlArtifact, authData); - - Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", ex.toString() }, ex); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java index 6692f61c5..adb0b15ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -84,12 +84,16 @@ public class AssertionStorage { public void clean(long now, long authDataTimeOut) { Date expioredate = new Date(now - authDataTimeOut); + List results; Session session = HibernateUtil.getCurrentSession(); - session.beginTransaction(); - Query query = session.getNamedQuery("getAssertionWithTimeOut"); - query.setTimestamp("timeout", expioredate); - List results = query.list(); - session.getTransaction().commit(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } if (results.size() != 0) { for(AssertionStore result : results) { @@ -127,13 +131,17 @@ public class AssertionStorage { MiscUtil.assertNotNull(artifact, "artifact"); Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); Session session = HibernateUtil.getCurrentSession(); - session.beginTransaction(); - Query query = session.getNamedQuery("getAssertionWithArtifact"); - query.setString("artifact", artifact); - List result = query.list(); + List result; - //send transaction - session.getTransaction().commit(); + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithArtifact"); + query.setString("artifact", artifact); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } Logger.trace("Found entries: " + result.size()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java new file mode 100644 index 000000000..5664b3b08 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -0,0 +1,242 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AuthenticationSessionStoreage { + + //private static HashMap sessionStore = new HashMap(); + + public static boolean isAuthenticated(String moaSessionID) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + return session.isAuthenticated(); + + } catch (MOADatabaseException e) { + return false; + } + } + + + public static AuthenticationSession createSession() throws MOADatabaseException { + String id = Random.nextRandom(); + AuthenticationSession session = new AuthenticationSession(id); + + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setCreated(new Date()); + dbsession.setUpdated(new Date()); + + dbsession.setSession(SerializationUtils.serialize(session)); + + //store AssertionStore element to Database + try { + HibernateUtil.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + id + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + } + + return session; + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setAuthenticated(session.isAuthenticated()); + dbsession.setSession(SerializationUtils.serialize(session)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + HibernateUtil.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + + + } + + public static void destroySession(String moaSessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID); + HibernateUtil.delete(dbsession); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be destroyed."); + throw new MOADatabaseException(e); + } + + + } + +// public static void dumpSessionStore() { +// synchronized (sessionStore) { +// Set keys = sessionStore.keySet(); +// Iterator keyIterator = keys.iterator(); +// while(keyIterator.hasNext()) { +// String key = keyIterator.next(); +// AuthenticationSession session = sessionStore.get(key); +// Logger.info("Key: " + key + " -> " + session.toString()); +// } +// } +// } + + public static String changeSessionID(AuthenticationSession session) + throws AuthenticationException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + + String id = Random.nextRandom(); + session.setSessionID(id); + + dbsession.setSessionid(id); + dbsession.setAuthenticated(session.isAuthenticated()); + dbsession.setSession(SerializationUtils.serialize(session)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + HibernateUtil.saveOrUpdate(dbsession); + + return id; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("TODO!", null); + } + + + + + +// synchronized (sessionStore) { +// if (sessionStore.containsKey(session.getSessionID())) { +// AuthenticationSession theSession = sessionStore.get(session +// .getSessionID()); +// if (theSession != session) { +// throw new AuthenticationException("TODO!", null); +// } +// +// sessionStore.remove(session.getSessionID()); +// String id = Random.nextRandom(); +// session.setSessionID(id); +// sessionStore.put(id, session); +// return id; +// } +// } +// throw new AuthenticationException("TODO!", null); + } + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(dbsession.getSession()); + + return session; + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + return null; + + } catch (Throwable e) { + Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static void clean(long now, long authDataTimeOut) { + Date expioredate = new Date(now - authDataTimeOut); + + List results; + Session session = HibernateUtil.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + HibernateUtil.delete(result); + Logger.info("Remove Assertion with Artifact=" + result.getSessionid() + + " after assertion timeout."); + + } catch (HibernateException e){ + Logger.warn("Assertion with Artifact=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + @SuppressWarnings("rawtypes") + private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { + MiscUtil.assertNotNull(sessionID, "artifact"); + Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); + Session session = HibernateUtil.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + return (AuthenticatedSessionStore) result.get(0); + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java index aab0b281d..1111618d6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java @@ -11,23 +11,23 @@ import at.gv.egovernment.moa.util.MiscUtil; public class DBUtils { - @SuppressWarnings("rawtypes") - public static AssertionStore getAssertion(String artifact) { - MiscUtil.assertNotNull(artifact, "artifact"); - Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); - - Session session = HibernateUtil.getCurrentSession(); - session.beginTransaction(); - Query query = session.getNamedQuery("getAssertionWithArtifact"); - query.setString("artifact", artifact); - List result = query.list(); - Logger.trace("Found entries: " + result.size()); - - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - return (AssertionStore) result.get(0); - } +// @SuppressWarnings("rawtypes") +// public static AssertionStore getAssertion(String artifact) { +// MiscUtil.assertNotNull(artifact, "artifact"); +// Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); +// +// Session session = HibernateUtil.getCurrentSession(); +// session.beginTransaction(); +// Query query = session.getNamedQuery("getAssertionWithArtifact"); +// query.setString("artifact", artifact); +// List result = query.list(); +// Logger.trace("Found entries: " + result.size()); +// +// if (result.size() == 0) { +// Logger.trace("No entries found."); +// return null; +// } +// return (AssertionStore) result.get(0); +// } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java index 59398c922..1fa5a20fd 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java @@ -128,9 +128,12 @@ public final class HibernateUtil { Transaction tx = null; try { Session session = HibernateUtil.getCurrentSession(); - tx = session.beginTransaction(); - session.saveOrUpdate(dbo); - tx.commit(); + + synchronized (session) { + tx = session.beginTransaction(); + session.saveOrUpdate(dbo); + tx.commit(); + } return true; } catch(HibernateException e) { @@ -144,9 +147,13 @@ public final class HibernateUtil { Transaction tx = null; try { Session session = HibernateUtil.getCurrentSession(); - tx = session.beginTransaction(); - session.delete(dbo); - tx.commit(); + + synchronized (session) { + tx = session.beginTransaction(); + session.delete(dbo); + tx.commit(); + } + return true; } catch(HibernateException e) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java index 9dff193d6..b7b8c24f6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java @@ -18,7 +18,8 @@ import org.hibernate.annotations.NamedQuery; @DynamicUpdate(value=true) @Table(name = "assertionstore") @NamedQueries({ - @NamedQuery(name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact") + @NamedQuery(name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact"), + @NamedQuery(name="getAssertionWithTimeOut", query = "select assertionstore from AssertionStore assertionstore where assertionstore.timestamp < :timeout") }) public class AssertionStore implements Serializable{ @@ -35,9 +36,11 @@ public class AssertionStore implements Serializable{ @Column(name = "assertion", nullable=false) @Lob private byte [] assertion; - @Column(name = "datetime", nullable=false) - Date datatime; + @Column(name = "timestamp", nullable=false) + Date timestamp; + + public String getArtifact() { return artifact; } @@ -63,11 +66,11 @@ public class AssertionStore implements Serializable{ } public Date getDatatime() { - return datatime; + return timestamp; } public void setDatatime(Date datatime) { - this.datatime = datatime; + this.timestamp = datatime; } diff --git a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml index 32dd7d9f6..707d5cc61 100644 --- a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml +++ b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml @@ -7,5 +7,6 @@ + \ No newline at end of file -- cgit v1.2.3