/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.advancedlogging; import java.security.MessageDigest; import java.util.Arrays; import java.util.Date; import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ @Service("MOAReversionLogger") public class MOAReversionLogger { @Autowired protected AuthConfiguration authConfig; public static final String NAT_PERSON = "nat"; public static final String JUR_PERSON = "jur"; private static final List defaultEventCodes = Arrays.asList( MOAIDEventConstants.SESSION_CREATED, MOAIDEventConstants.SESSION_DESTROYED, MOAIDEventConstants.SESSION_ERROR, MOAIDEventConstants.TRANSACTION_CREATED, MOAIDEventConstants.TRANSACTION_DESTROYED, MOAIDEventConstants.TRANSACTION_ERROR, MOAIDEventConstants.TRANSACTION_IP, MOAIDEventConstants.AUTHPROTOCOL_TYPE, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED, MOAIDEventConstants.AUTHPROCESS_START, MOAIDEventConstants.AUTHPROCESS_FINISHED, MOAIDEventConstants.AUTHPROCESS_BKU_URL, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED, MOAIDEventConstants.AUTHPROCESS_SSO, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID ); public void logEvent(IOAAuthParameters oaConfig, int eventCode, String message) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); } public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, int eventCode) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); } public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, int eventCode, String message) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier() )); } /** * @param sessionCreated * @param uniqueSessionIdentifier */ public void logEvent(int eventCode, String message) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); } /** * @param sessionCreated * @param uniqueSessionIdentifier */ public void logEvent(String sessionID, String transactionID, int eventCode, String message) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); } /** * @param sessionCreated * @param uniqueSessionIdentifier */ public void logEvent(String sessionID, String transactionID, int eventCode) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); } /** * @param errorRequest * @param transactionError */ public void logEvent(IRequest pendingRequest, int eventCode) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); } public void logEvent(IRequest pendingRequest, int eventCode, String message) { logEvent(pendingRequest.getOnlineApplicationConfiguration(), pendingRequest, eventCode, message); } public void logMandateEventSet(IRequest pendingReq, IMISMandate mandate) { if (MiscUtil.isNotEmpty(mandate.getOWbPK())) logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, mandate.getOWbPK()); if (MiscUtil.isNotEmpty(mandate.getProfRep())) logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE, mandate.getProfRep()); Mandate jaxBMandate = mandate.getMandateJaxB(); if (jaxBMandate != null) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, jaxBMandate.getAnnotation()); if (jaxBMandate.getMandator().getCorporateBody() != null) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, JUR_PERSON); try { String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId(); logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID, jurBaseID); } catch (Throwable e) { Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e); } } else { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, NAT_PERSON); logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, buildPersonInformationHash( jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(), jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth())); } } } /** * @param pendingReq * @param identityLink */ public void logPersonalInformationEvent(IRequest pendingReq, IIdentityLink identityLink) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, buildPersonInformationHash( identityLink.getGivenName(), identityLink.getFamilyName(), identityLink.getDateOfBirth() )); } private List selectOASpecificEventCodes(IOAAuthParameters oaConfig) { List OASpecificEventCodes = null; if (oaConfig != null && oaConfig.getReversionsLoggingEventCodes() != null) OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); else OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); return OASpecificEventCodes; } public String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) { // {"hash":"hashvalue","salt":"testSalt"} // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"} String salt = "default"; String inputData = "{\"person\":{\"givenname\":\"" + givenName + "\",\"familyname\":\"" + familyName + "\",\"dateofbirth\":\"" + dateofBirth +"\"},\"salt\":\"" + salt +"\"}"; MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); byte[] hash = md.digest(inputData.getBytes("UTF-8")); String hashBase64 = Base64Utils.encode(hash); return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}"; } catch (Throwable e) { Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e); return null; } } public List getDefaulttReversionsLoggingEventCodes() { List configuredDefaultEventCodes = authConfig.getDefaultRevisionsLogEventCodes(); if (configuredDefaultEventCodes != null) return configuredDefaultEventCodes; return defaultEventCodes; } }