/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.advancedlogging; import java.security.MessageDigest; import java.util.Arrays; import java.util.Date; import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ @Service("MOAReversionLogger") public class MOAReversionLogger implements IRevisionLogger { @Autowired protected AuthConfiguration authConfig; public static final String NAT_PERSON = "nat"; public static final String JUR_PERSON = "jur"; private static final List defaultEventCodes = Arrays.asList( MOAIDEventConstants.SESSION_CREATED, MOAIDEventConstants.SESSION_DESTROYED, MOAIDEventConstants.SESSION_ERROR, MOAIDEventConstants.TRANSACTION_CREATED, MOAIDEventConstants.TRANSACTION_DESTROYED, MOAIDEventConstants.TRANSACTION_ERROR, MOAIDEventConstants.TRANSACTION_IP, IRevisionLogger.AUTHPROTOCOL_TYPE, PVPEventConstants.AUTHPROTOCOL_PVP_METADATA, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED, MOAIDEventConstants.AUTHPROCESS_START, MOAIDEventConstants.AUTHPROCESS_FINISHED, MOAIDEventConstants.AUTHPROCESS_BKU_URL, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED, MOAIDEventConstants.AUTHPROCESS_SSO, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID ); /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, int, java.lang.String) */ @Override public void logEvent(ISPConfiguration oaConfig, int eventCode, String message) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int) */ public void logEvent(ISPConfiguration oaConfig, IRequest pendingRequest, int eventCode) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String) */ public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, int eventCode, String message) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier() )); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(int, java.lang.String) */ @Override public void logEvent(int eventCode, String message) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(java.lang.String, java.lang.String, int, java.lang.String) */ @Override public void logEvent(String sessionID, String transactionID, int eventCode, String message) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(java.lang.String, java.lang.String, int) */ @Override public void logEvent(String sessionID, String transactionID, int eventCode) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egiz.eaaf.core.api.IRequest, int) */ @Override public void logEvent(IRequest pendingRequest, int eventCode) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String) */ @Override public void logEvent(IRequest pendingRequest, int eventCode, String message) { logEvent(pendingRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class), pendingRequest, eventCode, message); } public void logMandateEventSet(IRequest pendingReq, IMISMandate mandate) { if (MiscUtil.isNotEmpty(mandate.getOWbPK())) logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, mandate.getOWbPK()); if (MiscUtil.isNotEmpty(mandate.getProfRep())) logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE, mandate.getProfRep()); Mandate jaxBMandate = mandate.getMandateJaxB(); if (jaxBMandate != null) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, jaxBMandate.getAnnotation()); if (jaxBMandate.getMandator().getCorporateBody() != null) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, JUR_PERSON); try { String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId(); logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID, jurBaseID); } catch (Throwable e) { Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e); } } else { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, NAT_PERSON); logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, buildPersonInformationHash( jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(), jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth())); } } } /** * @param pendingReq * @param identityLink */ public void logPersonalInformationEvent(IRequest pendingReq, IIdentityLink identityLink) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, buildPersonInformationHash( identityLink.getGivenName(), identityLink.getFamilyName(), identityLink.getDateOfBirth() )); } private List selectOASpecificEventCodes(ISPConfiguration oaConfig) { List OASpecificEventCodes = null; if (oaConfig != null && oaConfig instanceof IOAAuthParameters && ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null) { OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes(); } else OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); return OASpecificEventCodes; } public String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) { // {"hash":"hashvalue","salt":"testSalt"} // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"} String salt = "default"; String inputData = "{\"person\":{\"givenname\":\"" + givenName + "\",\"familyname\":\"" + familyName + "\",\"dateofbirth\":\"" + dateofBirth +"\"},\"salt\":\"" + salt +"\"}"; MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); byte[] hash = md.digest(inputData.getBytes("UTF-8")); String hashBase64 = Base64Utils.encode(hash); return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}"; } catch (Throwable e) { Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e); return null; } } public List getDefaulttReversionsLoggingEventCodes() { List configuredDefaultEventCodes = authConfig.getDefaultRevisionsLogEventCodes(); if (configuredDefaultEventCodes != null) return configuredDefaultEventCodes; return defaultEventCodes; } }