/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.data;
import iaik.x509.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
* Session data to be stored between AuthenticationServer API
* calls.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class AuthenticationSession {
private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK
+ "+";
/**
* session ID
*/
private String sessionID;
/**
* "Geschäftsbereich" the online application belongs to; maybe
* null if the online application is a business application
*/
private String target;
/**
* Friendly name for the target, if target is configured via MOA-ID
* configuration
*/
private String targetFriendlyName;
/**
* SourceID
*/
private String sourceID;
/**
* Indicates if target from configuration is used or not
*/
private boolean useTargetFromConfig;
/**
* public online application URL requested
*/
private String oaURLRequested;
/**
* public online application URL prefix
*/
private String oaPublicURLPrefix;
/**
* URL of MOA ID authentication component
*/
private String authURL;
/**
* HTML template URL
*/
private String templateURL;
/**
* URL of the BKU
*/
private String bkuURL;
/**
* Use mandate
*/
private boolean useMandate;
/**
* Reference value for mandate
*/
private String mandateReferenceValue;
/**
* Authentication data for the assertion
*/
private AuthenticationData assertionAuthData;
/**
* Persondata for the assertion
*/
private String assertionPrPerson;
/**
* Authblock for the assertion
*/
private String assertionAuthBlock;
/**
* Identitylink assertion for the (MOA) assertion
*/
private String assertionIlAssertion;
/**
* Signer certificate (base64 encoded) for the assertion
*/
private String assertionSignerCertificateBase64;
/**
* bussiness service for the assertion
*/
boolean assertionBusinessService;
/**
* SessionID for MIS
*/
private String misSessionID;
/**
* identity link read from smartcard
*/
private IdentityLink identityLink;
/**
* authentication block to be signed by the user
*/
private String authBlock;
/**
* timestamp logging when authentication session has been created
*/
private Date timestampStart;
/**
* timestamp logging when identity link has been received
*/
private Date timestampIdentityLink;
/**
* Indicates whether the corresponding online application is a business
* service or not
*/
private boolean businessService;
/**
* Signer certificate of the foreign citizen or for mandate mode
*/
private X509Certificate signerCertificate;
/**
* SAML attributes from an extended infobox validation to be appended to the
* SAML assertion delivered to the final online application.
*/
private List extendedSAMLAttributesOA;
/**
* The boolean value for either a target or a wbPK is provided as SAML
* Attribute in the SAML Assertion or not.
*/
private boolean samlAttributeGebeORwbpk;
/**
* SAML attributes from an extended infobox validation to be appended to the
* SAML assertion of the AUTHBlock.
*/
private List extendedSAMLAttributesAUTH;
/**
* The issuing time of the AUTH-Block SAML assertion.
*/
private String issueInstant;
/**
* If infobox validators are needed after signing, they can be stored in
* this list.
*/
private List infoboxValidators;
/**
* The register and number in the register parameter in case of a business
* service application.
*/
private String domainIdentifier;
/**
* This string contains all identifiers of infoboxes, the online application
* is configured to accept. The infobox identifiers are comma separated.
*/
private String pushInfobox;
/**
* The STORK AuthRequest to be sent to the C-PEPS
*/
private STORKAuthnRequest storkAuthnRequest;
private AuthenticationData authData;
private String mandateData;
private String modul;
public String getModul() {
return modul;
}
public void setModul(String modul) {
this.modul = modul;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
private String action;
public String getMandateData() {
return mandateData;
}
public void setMandateData(String mandateData) {
this.mandateData = mandateData;
}
public AuthenticationData getAuthData() {
return authData;
}
public void setAuthData(AuthenticationData authData) {
this.authData = authData;
}
private CreateXMLSignatureResponse XMLCreateSignatureResponse;
private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
private String requestedProtocolURL = null;
private boolean authenticated;
private boolean authenticatedUsed = false;
public boolean isAuthenticatedUsed() {
return authenticatedUsed;
}
public void setAuthenticatedUsed(boolean authenticatedUsed) {
this.authenticatedUsed = authenticatedUsed;
}
public boolean isAuthenticated() {
return authenticated;
}
public void setAuthenticated(boolean authenticated) {
this.authenticated = authenticated;
}
public String getRequestedProtocolURL() {
return requestedProtocolURL;
}
public void setRequestedProtocolURL(String requestedProtocolURL) {
this.requestedProtocolURL = requestedProtocolURL;
}
/**
* Constructor for AuthenticationSession.
*
* @param id
* Session ID
*/
public AuthenticationSession(String id) {
sessionID = id;
setTimestampStart();
infoboxValidators = new ArrayList();
}
public X509Certificate getSignerCertificate() {
return signerCertificate;
}
public void setSignerCertificate(X509Certificate signerCertificate) {
this.signerCertificate = signerCertificate;
}
/**
* Returns the identityLink.
*
* @return IdentityLink
*/
public IdentityLink getIdentityLink() {
return identityLink;
}
/**
* Returns the sessionID.
*
* @return String
*/
public String getSessionID() {
return sessionID;
}
/**
* Sets the identityLink.
*
* @param identityLink
* The identityLink to set
*/
public void setIdentityLink(IdentityLink identityLink) {
this.identityLink = identityLink;
}
/**
* Sets the sessionID.
*
* @param sessionId
* The sessionID to set
*/
public void setSessionID(String sessionId) {
this.sessionID = sessionId;
}
/**
* Returns the oaURLRequested.
*
* @return String
*/
public String getOAURLRequested() {
return oaURLRequested;
}
/**
* Returns the oaURLRequested.
*
* @return String
*/
public String getPublicOAURLPrefix() {
return oaPublicURLPrefix;
}
/**
* Returns the BKU URL.
*
* @return String
*/
public String getBkuURL() {
return bkuURL;
}
/**
* Returns the target.
*
* @return String
*/
public String getTarget() {
return target;
}
/**
* Returns the sourceID.
*
* @return String
*/
public String getSourceID() {
return sourceID;
}
/**
* Returns the target friendly name.
*
* @return String
*/
public String getTargetFriendlyName() {
return targetFriendlyName;
}
/**
* Sets the oaURLRequested.
*
* @param oaURLRequested
* The oaURLRequested to set
*/
public void setOAURLRequested(String oaURLRequested) {
this.oaURLRequested = oaURLRequested;
}
/**
* Sets the oaPublicURLPrefix
*
* @param oaPublicURLPrefix
* The oaPublicURLPrefix to set
*/
public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
this.oaPublicURLPrefix = oaPublicURLPrefix;
}
/**
* Sets the bkuURL
*
* @param bkuURL
* The BKU URL to set
*/
public void setBkuURL(String bkuURL) {
this.bkuURL = bkuURL;
}
/**
* Sets the target. If the target includes the target prefix, the prefix
* will be stripped off.
*
* @param target
* The target to set
*/
public void setTarget(String target) {
if (target != null && target.startsWith(TARGET_PREFIX_)) {
// If target starts with prefix "urn:publicid:gv.at:cdid+"; remove
// prefix
this.target = target.substring(TARGET_PREFIX_.length());
Logger.debug("Target prefix stripped off; resulting target: "
+ this.target);
} else {
this.target = target;
}
}
/**
* Sets the sourceID
*
* @param sourceID
* The sourceID to set
*/
public void setSourceID(String sourceID) {
this.sourceID = sourceID;
}
/**
* Sets the target. If the target includes the target prefix, the prefix
* will be stripped off.
*
* @param target
* The target to set
*/
public void setTargetFriendlyName(String targetFriendlyName) {
this.targetFriendlyName = targetFriendlyName;
}
/**
* Returns the authURL.
*
* @return String
*/
public String getAuthURL() {
return authURL;
}
/**
* Sets the authURL.
*
* @param authURL
* The authURL to set
*/
public void setAuthURL(String authURL) {
this.authURL = authURL;
}
/**
* Returns the authBlock.
*
* @return String
*/
public String getAuthBlock() {
return authBlock;
}
/**
* Sets the authBlock.
*
* @param authBlock
* The authBlock to set
*/
public void setAuthBlock(String authBlock) {
this.authBlock = authBlock;
}
/**
* Returns the timestampIdentityLink.
*
* @return Date
*/
public Date getTimestampIdentityLink() {
return timestampIdentityLink;
}
/**
* Returns the businessService.
*
* @return true if the corresponding online application is a
* business application, otherwise false
*/
public boolean getBusinessService() {
return businessService;
}
/**
* Sets the businessService variable.
*
* @param businessService
* the value for setting the businessService variable.
*/
public void setBusinessService(boolean businessService) {
this.businessService = businessService;
}
/**
* Returns the timestampStart.
*
* @return Date
*/
public Date getTimestampStart() {
return timestampStart;
}
/**
* Sets the current date as timestampIdentityLink.
*/
public void setTimestampIdentityLink() {
timestampIdentityLink = new Date();
}
/**
* Sets the current date as timestampStart.
*/
public void setTimestampStart() {
timestampStart = new Date();
}
/**
* @return template URL
*/
public String getTemplateURL() {
return templateURL;
}
/**
* @param string
* the template URL
*/
public void setTemplateURL(String string) {
templateURL = string;
}
/**
* Returns the SAML Attributes to be appended to the AUTHBlock. Maybe
* null.
*
* @return The SAML Attributes to be appended to the AUTHBlock. Maybe
* null.
*/
public List getExtendedSAMLAttributesAUTH() {
return extendedSAMLAttributesAUTH;
}
/**
* Sets the SAML Attributes to be appended to the AUTHBlock.
*
* @param extendedSAMLAttributesAUTH
* The SAML Attributes to be appended to the AUTHBlock.
*/
public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) {
this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
}
/**
* Returns the SAML Attributes to be appended to the SAML assertion
* delivered to the online application. Maybe null.
*
* @return The SAML Attributes to be appended to the SAML assertion
* delivered to the online application
*/
public List getExtendedSAMLAttributesOA() {
return extendedSAMLAttributesOA;
}
/**
* Sets the SAML Attributes to be appended to the SAML assertion delivered
* to the online application.
*
* @param extendedSAMLAttributesOA
* The SAML Attributes to be appended to the SAML assertion
* delivered to the online application.
*/
public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) {
this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
}
/**
* Returns the boolean value for either a target or a wbPK is provided as
* SAML Attribute in the SAML Assertion or not.
*
* @return true either a target or a wbPK is provided as SAML Attribute in
* the SAML Assertion or false if not.
*/
public boolean getSAMLAttributeGebeORwbpk() {
return this.samlAttributeGebeORwbpk;
}
/**
* Sets the boolean value for either a target or a wbPK is provided as SAML
* Attribute in the SAML Assertion or not.
*
* @param samlAttributeGebeORwbpk
* The boolean for value either a target or wbPK is provided as
* SAML Attribute in the SAML Assertion or not.
*/
public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
}
/**
* Returns the issuing time of the AUTH-Block SAML assertion.
*
* @return The issuing time of the AUTH-Block SAML assertion.
*/
public String getIssueInstant() {
return issueInstant;
}
/**
* Sets the issuing time of the AUTH-Block SAML assertion.
*
* @param issueInstant
* The issueInstant to set.
*/
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
/**
* Returns the iterator to the stored infobox validators.
*
* @return Iterator
*/
public Iterator getInfoboxValidatorIterator() {
if (infoboxValidators == null)
return null;
return infoboxValidators.iterator();
}
/**
* Adds an infobox validator class to the stored infobox validators.
*
* @param infoboxIdentifier
* the identifier of the infobox the validator belongs to
* @param infoboxFriendlyName
* the friendly name of the infobox
* @param infoboxValidator
* the infobox validator to add
*/
public Iterator addInfoboxValidator(String infoboxIdentifier,
String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
if (infoboxValidators == null)
infoboxValidators = new ArrayList();
Vector v = new Vector(3);
v.add(infoboxIdentifier);
v.add(infoboxFriendlyName);
v.add(infoboxValidator);
infoboxValidators.add(v);
return infoboxValidators.iterator();
}
/**
* Tests for pending input events of the infobox validators.
*
* @return true if a validator has a form to show
*/
public boolean isValidatorInputPending() {
boolean result = false;
Iterator iter = getInfoboxValidatorIterator();
if (iter != null) {
while (!result && iter.hasNext()) {
Vector infoboxValidatorVector = (Vector) iter.next();
InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
.get(2);
if (!ParepUtils.isEmpty(infoboxvalidator.getForm()))
result = true;
}
}
return result;
}
/**
* Returns the first pending infobox validator.
*
* @return the infobox validator class
*/
public InfoboxValidator getFirstPendingValidator() {
Iterator iter = getInfoboxValidatorIterator();
if (iter != null) {
while (iter.hasNext()) {
Vector infoboxValidatorVector = (Vector) iter.next();
InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
.get(2);
String form = infoboxvalidator.getForm();
if (!ParepUtils.isEmpty(form))
return infoboxvalidator;
}
}
return null;
}
/**
* Returns the input form of the first pending infobox validator input
* processor.
*
* @return the form to show
*/
public String getFirstValidatorInputForm() {
Iterator iter = getInfoboxValidatorIterator();
if (iter != null) {
while (iter.hasNext()) {
Vector infoboxValidatorVector = (Vector) iter.next();
InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
.get(2);
String form = infoboxvalidator.getForm();
if (!ParepUtils.isEmpty(form))
return form;
}
}
return null;
}
/**
* Returns domain identifier (the register and number in the register
* parameter). null in the case of not a business service.
*
* @return the domainIdentifier
*/
public String getDomainIdentifier() {
return domainIdentifier;
}
/**
* Sets the register and number in the register parameter if the application
* is a business service. If the domain identifier includes the
* registerAndOrdNr prefix, the prefix will be stripped off.
*
* @param domainIdentifier
* the domain identifier to set
*/
public void setDomainIdentifier(String domainIdentifier) {
if (domainIdentifier != null
&& domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
// If domainIdentifier starts with prefix
// "urn:publicid:gv.at:wbpk+"; remove this prefix
this.domainIdentifier = domainIdentifier
.substring(REGISTERANDORDNR_PREFIX_.length());
Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ this.domainIdentifier);
} else {
this.domainIdentifier = domainIdentifier;
}
}
/**
* Gets all identifiers of infoboxes, the online application is configured
* to accept. The infobox identifiers are comma separated.
*
* @return the string containing infobox identifiers
*/
public String getPushInfobox() {
if (pushInfobox == null)
return "";
return pushInfobox;
}
/**
* @param pushInfobox
* the infobox identifiers to set (comma separated)
*/
public void setPushInfobox(String pushInfobox) {
this.pushInfobox = pushInfobox;
}
/**
*
* @param useMandate
* indicates if mandate is used or not
*/
public void setUseMandate(String useMandate) {
if (useMandate.compareToIgnoreCase("true") == 0)
this.useMandate = true;
else
this.useMandate = false;
}
/**
* Returns if mandate is used or not
*
* @return
*/
public boolean getUseMandate() {
return this.useMandate;
}
/**
*
* @param useTargetFromConfig
* indicates if target from config is used or not
*/
public void setUseTargetFromConfig(boolean useTargetFromConfig) {
this.useTargetFromConfig = useTargetFromConfig;
}
/**
* Returns if target is used from mandate or not
*
* @return
*/
public boolean getUseTargetFromConfig() {
return this.useTargetFromConfig;
}
/**
*
* @param misSessionID
* indicates the MIS session ID
*/
public void setMISSessionID(String misSessionID) {
this.misSessionID = misSessionID;
}
/**
* Returns the MIS session ID
*
* @return
*/
public String getMISSessionID() {
return this.misSessionID;
}
/**
* @return the assertionAuthData
*/
public AuthenticationData getAssertionAuthData() {
return assertionAuthData;
}
/**
* @param assertionAuthData
* the assertionAuthData to set
*/
public void setAssertionAuthData(AuthenticationData assertionAuthData) {
this.assertionAuthData = assertionAuthData;
}
/**
* @return the assertionPrPerson
*/
public String getAssertionPrPerson() {
return assertionPrPerson;
}
/**
* @param assertionPrPerson
* the assertionPrPerson to set
*/
public void setAssertionPrPerson(String assertionPrPerson) {
this.assertionPrPerson = assertionPrPerson;
}
/**
* @return the assertionAuthBlock
*/
public String getAssertionAuthBlock() {
return assertionAuthBlock;
}
/**
* @param assertionAuthBlock
* the assertionAuthBlock to set
*/
public void setAssertionAuthBlock(String assertionAuthBlock) {
this.assertionAuthBlock = assertionAuthBlock;
}
/**
* @return the assertionIlAssertion
*/
public String getAssertionIlAssertion() {
return assertionIlAssertion;
}
/**
* @param assertionIlAssertion
* the assertionIlAssertion to set
*/
public void setAssertionIlAssertion(String assertionIlAssertion) {
this.assertionIlAssertion = assertionIlAssertion;
}
/**
* @return the assertionSignerCertificateBase64
*/
public String getAssertionSignerCertificateBase64() {
return assertionSignerCertificateBase64;
}
/**
* @param assertionSignerCertificateBase64
* the assertionSignerCertificateBase64 to set
*/
public void setAssertionSignerCertificateBase64(
String assertionSignerCertificateBase64) {
this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
}
/**
* @return the assertionBusinessService
*/
public boolean getAssertionBusinessService() {
return assertionBusinessService;
}
/**
* @param assertionBusinessService
* the assertionBusinessService to set
*/
public void setAssertionBusinessService(boolean assertionBusinessService) {
this.assertionBusinessService = assertionBusinessService;
}
/**
* @return the mandateReferenceValue
*/
public String getMandateReferenceValue() {
return mandateReferenceValue;
}
/**
* @param mandateReferenceValue
* the mandateReferenceValue to set
*/
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
/**
* Gets the STORK SAML AuthnRequest
*
* @return STORK SAML AuthnRequest
*/
public STORKAuthnRequest getStorkAuthnRequest() {
return storkAuthnRequest;
}
/**
* Sets the STORK SAML AuthnRequest
*
* @param storkAuthnRequest
* STORK SAML AuthnRequest
*/
public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
this.storkAuthnRequest = storkAuthnRequest;
}
public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
return XMLCreateSignatureResponse;
}
public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
XMLCreateSignatureResponse = xMLCreateSignatureResponse;
}
public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
return XMLVerifySignatureResponse;
}
public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
XMLVerifySignatureResponse = xMLVerifySignatureResponse;
}
}