/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.data;
import iaik.x509.X509Certificate;
import java.io.IOException;
import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
* Session data to be stored between AuthenticationServer
API
* calls.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class AuthenticationSession implements Serializable {
/**
*
*/
private static final long serialVersionUID = 1L;
public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK
+ "+";
/**
* session ID
*/
private String sessionID;
/**
* "Geschäftsbereich" the online application belongs to; maybe
* null
if the online application is a business application
*/
private String target;
/**
* Friendly name for the target, if target is configured via MOA-ID
* configuration
*/
private String targetFriendlyName;
/**
* SourceID
*/
private String sourceID;
/**
* public online application URL requested
*/
private String oaURLRequested;
/**
* public online application URL prefix
*/
private String oaPublicURLPrefix;
/**
* URL of MOA ID authentication component
*/
private String authURL;
/**
* HTML template URL
*/
private String templateURL;
/**
* URL of the BKU
*/
private String bkuURL;
/**
* Indicates whether the corresponding online application is a business
* service or not
*/
private boolean businessService;
//Store Mandate
/**
* Use mandate
*/
private boolean useMandate;
private boolean isOW = false;
/**
* STORK
*/
private String ccc;
/**
*
* Mandate element
*/
private MISMandate mandate;
/**
* Reference value for mandate
* bussiness service for the assertion
*/
private String mandateReferenceValue;
/**
* SessionID for MIS
*/
private String misSessionID;
//store Identitylink
/**
* identity link read from smartcard
*/
private IdentityLink identityLink;
/**
* timestamp logging when identity link has been received
*/
private Date timestampIdentityLink;
//store Authblock
/**
* authentication block to be signed by the user
*/
private String authBlock;
/**
* The issuing time of the AUTH-Block SAML assertion.
*/
private String issueInstant;
//Signer certificate
/**
* Signer certificate of the foreign citizen or for mandate mode
*/
//private X509Certificate signerCertificate;
private byte[] signerCertificate;
/**
* SAML attributes from an extended infobox validation to be appended to the
* SAML assertion delivered to the final online application.
*/
private List extendedSAMLAttributesOA;
/**
* The boolean value for either a target or a wbPK is provided as SAML
* Attribute in the SAML Assertion or not.
*/
private boolean samlAttributeGebeORwbpk;
/**
* SAML attributes from an extended infobox validation to be appended to the
* SAML assertion of the AUTHBlock.
*/
private List extendedSAMLAttributesAUTH;
/**
* If infobox validators are needed after signing, they can be stored in
* this list.
*/
private List infoboxValidators;
/**
* The register and number in the register parameter in case of a business
* service application.
*/
private String domainIdentifier;
/**
* This string contains all identifiers of infoboxes, the online application
* is configured to accept. The infobox identifiers are comma separated.
*/
private String pushInfobox;
/**
* The STORK AuthRequest to be sent to the C-PEPS
*/
private STORKAuthnRequest storkAuthnRequest;
//private AuthenticationData authData;
//protocol selection
private String action;
private String modul;
private boolean authenticated;
private boolean authenticatedUsed = false;
private boolean ssoRequested = false;
// /**
// * Indicates if target from configuration is used or not
// */
// private boolean useTargetFromConfig;
// /**
// * Authentication data for the assertion
// */
// private AuthenticationData assertionAuthData;
//
// /**
// * Persondata for the assertion
// */
// private String assertionPrPerson;
//
// /**
// * Authblock for the assertion
// */
// private String assertionAuthBlock;
//
// /**
// * Identitylink assertion for the (MOA) assertion
// */
// private String assertionIlAssertion;
//
// /**
// * Signer certificate (base64 encoded) for the assertion
// */
// private String assertionSignerCertificateBase64;
//
// /**
// * bussiness service for the assertion
// */
// boolean assertionBusinessService;
//
// /**
// * timestamp logging when authentication session has been created
// */
// private Date timestampStart;
// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
private boolean isForeigner;
// private String requestedProtocolURL = null;
public String getModul() {
return modul;
}
public void setModul(String modul) {
this.modul = modul;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
// public AuthenticationData getAuthData() {
// return authData;
// }
//
// public void setAuthData(AuthenticationData authData) {
// this.authData = authData;
// }
public boolean isAuthenticatedUsed() {
return authenticatedUsed;
}
public void setAuthenticatedUsed(boolean authenticatedUsed) {
this.authenticatedUsed = authenticatedUsed;
}
public boolean isAuthenticated() {
return authenticated;
}
public void setAuthenticated(boolean authenticated) {
this.authenticated = authenticated;
}
// public String getRequestedProtocolURL() {
// return requestedProtocolURL;
// }
//
// public void setRequestedProtocolURL(String requestedProtocolURL) {
// this.requestedProtocolURL = requestedProtocolURL;
// }
/**
* Constructor for AuthenticationSession.
*
* @param id
* Session ID
*/
public AuthenticationSession(String id) {
sessionID = id;
// setTimestampStart();
infoboxValidators = new ArrayList();
}
public X509Certificate getSignerCertificate(){
try {
return new X509Certificate(signerCertificate);
} catch (CertificateException e) {
Logger.warn("Signer certificate can not be loaded from session database!", e);
return null;
}
}
public byte[] getEncodedSignerCertificate() {
return this.signerCertificate;
}
public void setSignerCertificate(X509Certificate signerCertificate) {
try {
this.signerCertificate = signerCertificate.getEncoded();
} catch (CertificateEncodingException e) {
Logger.warn("Signer certificate can not be stored to session database!", e);
}
}
/**
* Returns the identityLink.
*
* @return IdentityLink
*/
public IdentityLink getIdentityLink() {
return identityLink;
}
/**
* Returns the sessionID.
*
* @return String
*/
public String getSessionID() {
return sessionID;
}
/**
* Sets the identityLink.
*
* @param identityLink
* The identityLink to set
*/
public void setIdentityLink(IdentityLink identityLink) {
this.identityLink = identityLink;
}
/**
* Sets the sessionID.
*
* @param sessionId
* The sessionID to set
*/
public void setSessionID(String sessionId) {
this.sessionID = sessionId;
}
/**
* Returns the oaURLRequested.
*
* @return String
*/
public String getOAURLRequested() {
return oaURLRequested;
}
/**
* Returns the oaURLRequested.
*
* @return String
*/
public String getPublicOAURLPrefix() {
return oaPublicURLPrefix;
}
/**
* Returns the BKU URL.
*
* @return String
*/
public String getBkuURL() {
return bkuURL;
}
/**
* Returns the target.
*
* @return String
*/
public String getTarget() {
return target;
}
/**
* Returns the sourceID.
*
* @return String
*/
public String getSourceID() {
return sourceID;
}
/**
* Returns the target friendly name.
*
* @return String
*/
public String getTargetFriendlyName() {
return targetFriendlyName;
}
/**
* Sets the oaURLRequested.
*
* @param oaURLRequested
* The oaURLRequested to set
*/
public void setOAURLRequested(String oaURLRequested) {
this.oaURLRequested = oaURLRequested;
}
/**
* Sets the oaPublicURLPrefix
*
* @param oaPublicURLPrefix
* The oaPublicURLPrefix to set
*/
public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
this.oaPublicURLPrefix = oaPublicURLPrefix;
}
/**
* Sets the bkuURL
*
* @param bkuURL
* The BKU URL to set
*/
public void setBkuURL(String bkuURL) {
this.bkuURL = bkuURL;
}
/**
* Sets the target. If the target includes the target prefix, the prefix
* will be stripped off.
*
* @param target
* The target to set
*/
public void setTarget(String target) {
if (target != null && target.startsWith(TARGET_PREFIX_)) {
// If target starts with prefix "urn:publicid:gv.at:cdid+"; remove
// prefix
this.target = target.substring(TARGET_PREFIX_.length());
Logger.debug("Target prefix stripped off; resulting target: "
+ this.target);
} else {
this.target = target;
}
}
/**
* Sets the sourceID
*
* @param sourceID
* The sourceID to set
*/
public void setSourceID(String sourceID) {
this.sourceID = sourceID;
}
/**
* Sets the target. If the target includes the target prefix, the prefix
* will be stripped off.
*
* @param target
* The target to set
*/
public void setTargetFriendlyName(String targetFriendlyName) {
this.targetFriendlyName = targetFriendlyName;
}
/**
* Returns the authURL.
*
* @return String
*/
public String getAuthURL() {
return authURL;
}
/**
* Sets the authURL.
*
* @param authURL
* The authURL to set
*/
public void setAuthURL(String authURL) {
this.authURL = authURL;
}
/**
* Returns the authBlock.
*
* @return String
*/
public String getAuthBlock() {
return authBlock;
}
/**
* Sets the authBlock.
*
* @param authBlock
* The authBlock to set
*/
public void setAuthBlock(String authBlock) {
this.authBlock = authBlock;
}
/**
* Returns the timestampIdentityLink.
*
* @return Date
*/
public Date getTimestampIdentityLink() {
return timestampIdentityLink;
}
/**
* Returns the businessService.
*
* @return true
if the corresponding online application is a
* business application, otherwise false
*/
public boolean getBusinessService() {
return businessService;
}
/**
* Sets the businessService variable.
*
* @param businessService
* the value for setting the businessService variable.
*/
public void setBusinessService(boolean businessService) {
this.businessService = businessService;
}
// /**
// * Returns the timestampStart.
// *
// * @return Date
// */
// public Date getTimestampStart() {
// return timestampStart;
// }
/**
* Sets the current date as timestampIdentityLink.
*/
public void setTimestampIdentityLink() {
timestampIdentityLink = new Date();
}
// /**
// * Sets the current date as timestampStart.
// */
// public void setTimestampStart() {
// timestampStart = new Date();
// }
/**
* @return template URL
*/
public String getTemplateURL() {
return templateURL;
}
/**
* @param string
* the template URL
*/
public void setTemplateURL(String string) {
templateURL = string;
}
/**
* Returns the SAML Attributes to be appended to the AUTHBlock. Maybe
* null
.
*
* @return The SAML Attributes to be appended to the AUTHBlock. Maybe
* null
.
*/
public List getExtendedSAMLAttributesAUTH() {
return extendedSAMLAttributesAUTH;
}
/**
* Sets the SAML Attributes to be appended to the AUTHBlock.
*
* @param extendedSAMLAttributesAUTH
* The SAML Attributes to be appended to the AUTHBlock.
*/
public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) {
this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
}
/**
* Returns the SAML Attributes to be appended to the SAML assertion
* delivered to the online application. Maybe null
.
*
* @return The SAML Attributes to be appended to the SAML assertion
* delivered to the online application
*/
public List getExtendedSAMLAttributesOA() {
return extendedSAMLAttributesOA;
}
/**
* Sets the SAML Attributes to be appended to the SAML assertion delivered
* to the online application.
*
* @param extendedSAMLAttributesOA
* The SAML Attributes to be appended to the SAML assertion
* delivered to the online application.
*/
public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) {
this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
}
/**
* Returns the boolean value for either a target or a wbPK is provided as
* SAML Attribute in the SAML Assertion or not.
*
* @return true either a target or a wbPK is provided as SAML Attribute in
* the SAML Assertion or false if not.
*/
public boolean getSAMLAttributeGebeORwbpk() {
return this.samlAttributeGebeORwbpk;
}
/**
* Sets the boolean value for either a target or a wbPK is provided as SAML
* Attribute in the SAML Assertion or not.
*
* @param samlAttributeGebeORwbpk
* The boolean for value either a target or wbPK is provided as
* SAML Attribute in the SAML Assertion or not.
*/
public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
}
/**
* Returns the issuing time of the AUTH-Block SAML assertion.
*
* @return The issuing time of the AUTH-Block SAML assertion.
*/
public String getIssueInstant() {
return issueInstant;
}
/**
* Sets the issuing time of the AUTH-Block SAML assertion.
*
* @param issueInstant
* The issueInstant to set.
*/
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
/**
* Returns the iterator to the stored infobox validators.
*
* @return Iterator
*/
public Iterator getInfoboxValidatorIterator() {
if (infoboxValidators == null)
return null;
return infoboxValidators.iterator();
}
/**
* Adds an infobox validator class to the stored infobox validators.
*
* @param infoboxIdentifier
* the identifier of the infobox the validator belongs to
* @param infoboxFriendlyName
* the friendly name of the infobox
* @param infoboxValidator
* the infobox validator to add
*/
public Iterator addInfoboxValidator(String infoboxIdentifier,
String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
if (infoboxValidators == null)
infoboxValidators = new ArrayList();
Vector v = new Vector(3);
v.add(infoboxIdentifier);
v.add(infoboxFriendlyName);
v.add(infoboxValidator);
infoboxValidators.add(v);
return infoboxValidators.iterator();
}
/**
* Tests for pending input events of the infobox validators.
*
* @return true if a validator has a form to show
*/
public boolean isValidatorInputPending() {
boolean result = false;
Iterator iter = getInfoboxValidatorIterator();
if (iter != null) {
while (!result && iter.hasNext()) {
Vector infoboxValidatorVector = (Vector) iter.next();
InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
.get(2);
if (!ParepUtils.isEmpty(infoboxvalidator.getForm()))
result = true;
}
}
return result;
}
/**
* Returns the first pending infobox validator.
*
* @return the infobox validator class
*/
public InfoboxValidator getFirstPendingValidator() {
Iterator iter = getInfoboxValidatorIterator();
if (iter != null) {
while (iter.hasNext()) {
Vector infoboxValidatorVector = (Vector) iter.next();
InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
.get(2);
String form = infoboxvalidator.getForm();
if (!ParepUtils.isEmpty(form))
return infoboxvalidator;
}
}
return null;
}
/**
* Returns the input form of the first pending infobox validator input
* processor.
*
* @return the form to show
*/
public String getFirstValidatorInputForm() {
Iterator iter = getInfoboxValidatorIterator();
if (iter != null) {
while (iter.hasNext()) {
Vector infoboxValidatorVector = (Vector) iter.next();
InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
.get(2);
String form = infoboxvalidator.getForm();
if (!ParepUtils.isEmpty(form))
return form;
}
}
return null;
}
/**
* Returns domain identifier (the register and number in the register
* parameter). null
in the case of not a business service.
*
* @return the domainIdentifier
*/
public String getDomainIdentifier() {
return domainIdentifier;
}
/**
* Sets the register and number in the register parameter if the application
* is a business service. If the domain identifier includes the
* registerAndOrdNr prefix, the prefix will be stripped off.
*
* @param domainIdentifier
* the domain identifier to set
*/
public void setDomainIdentifier(String domainIdentifier) {
if (domainIdentifier != null
&& domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
// If domainIdentifier starts with prefix
// "urn:publicid:gv.at:wbpk+"; remove this prefix
this.domainIdentifier = domainIdentifier
.substring(REGISTERANDORDNR_PREFIX_.length());
Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ this.domainIdentifier);
} else {
this.domainIdentifier = domainIdentifier;
}
}
/**
* Gets all identifiers of infoboxes, the online application is configured
* to accept. The infobox identifiers are comma separated.
*
* @return the string containing infobox identifiers
*/
public String getPushInfobox() {
if (pushInfobox == null)
return "";
return pushInfobox;
}
/**
* @param pushInfobox
* the infobox identifiers to set (comma separated)
*/
public void setPushInfobox(String pushInfobox) {
this.pushInfobox = pushInfobox;
}
/**
*
* @param useMandate
* indicates if mandate is used or not
*/
public void setUseMandate(String useMandate) {
if (useMandate.compareToIgnoreCase("true") == 0)
this.useMandate = true;
else
this.useMandate = false;
}
/**
* Returns if mandate is used or not
*
* @return
*/
public boolean getUseMandate() {
return this.useMandate;
}
// /**
// *
// * @param useTargetFromConfig
// * indicates if target from config is used or not
// */
// public void setUseTargetFromConfig(boolean useTargetFromConfig) {
// this.useTargetFromConfig = useTargetFromConfig;
//
// }
//
// /**
// * Returns if target is used from mandate or not
// *
// * @return
// */
// public boolean getUseTargetFromConfig() {
// return this.useTargetFromConfig;
// }
/**
*
* @param misSessionID
* indicates the MIS session ID
*/
public void setMISSessionID(String misSessionID) {
this.misSessionID = misSessionID;
}
/**
* Returns the MIS session ID
*
* @return
*/
public String getMISSessionID() {
return this.misSessionID;
}
// /**
// * @return the assertionAuthData
// */
// public AuthenticationData getAssertionAuthData() {
// return assertionAuthData;
// }
//
// /**
// * @param assertionAuthData
// * the assertionAuthData to set
// */
// public void setAssertionAuthData(AuthenticationData assertionAuthData) {
// this.assertionAuthData = assertionAuthData;
// }
//
// /**
// * @return the assertionPrPerson
// */
// public String getAssertionPrPerson() {
// return assertionPrPerson;
// }
//
// /**
// * @param assertionPrPerson
// * the assertionPrPerson to set
// */
// public void setAssertionPrPerson(String assertionPrPerson) {
// this.assertionPrPerson = assertionPrPerson;
// }
//
// /**
// * @return the assertionAuthBlock
// */
// public String getAssertionAuthBlock() {
// return assertionAuthBlock;
// }
//
// /**
// * @param assertionAuthBlock
// * the assertionAuthBlock to set
// */
// public void setAssertionAuthBlock(String assertionAuthBlock) {
// this.assertionAuthBlock = assertionAuthBlock;
// }
//
// /**
// * @return the assertionIlAssertion
// */
// public String getAssertionIlAssertion() {
// return assertionIlAssertion;
// }
//
// /**
// * @param assertionIlAssertion
// * the assertionIlAssertion to set
// */
// public void setAssertionIlAssertion(String assertionIlAssertion) {
// this.assertionIlAssertion = assertionIlAssertion;
// }
//
// /**
// * @return the assertionSignerCertificateBase64
// */
// public String getAssertionSignerCertificateBase64() {
// return assertionSignerCertificateBase64;
// }
//
// /**
// * @param assertionSignerCertificateBase64
// * the assertionSignerCertificateBase64 to set
// */
// public void setAssertionSignerCertificateBase64(
// String assertionSignerCertificateBase64) {
// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
// }
//
// /**
// * @return the assertionBusinessService
// */
// public boolean getAssertionBusinessService() {
// return assertionBusinessService;
// }
//
// /**
// * @param assertionBusinessService
// * the assertionBusinessService to set
// */
// public void setAssertionBusinessService(boolean assertionBusinessService) {
// this.assertionBusinessService = assertionBusinessService;
// }
/**
* @return the mandateReferenceValue
*/
public String getMandateReferenceValue() {
return mandateReferenceValue;
}
/**
* @param mandateReferenceValue
* the mandateReferenceValue to set
*/
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
/**
* Gets the STORK SAML AuthnRequest
*
* @return STORK SAML AuthnRequest
*/
public STORKAuthnRequest getStorkAuthnRequest() {
return storkAuthnRequest;
}
/**
* Sets the STORK SAML AuthnRequest
*
* @param storkAuthnRequest
* STORK SAML AuthnRequest
*/
public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
this.storkAuthnRequest = storkAuthnRequest;
}
public String getCcc() {
return ccc;
}
public void setCcc(String ccc) {
this.ccc = ccc;
}
// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
// return XMLCreateSignatureResponse;
// }
//
// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
// XMLCreateSignatureResponse = xMLCreateSignatureResponse;
// }
public boolean isForeigner() {
return isForeigner;
}
public void setForeigner(boolean isForeigner) {
this.isForeigner = isForeigner;
}
public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
return XMLVerifySignatureResponse;
}
public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
XMLVerifySignatureResponse = xMLVerifySignatureResponse;
}
public MISMandate getMISMandate() {
return mandate;
}
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
public Element getMandate() {
try {
byte[] byteMandate = mandate.getMandate();
String stringMandate = new String(byteMandate);
return DOMUtils.parseDocument(stringMandate, false,
null, null).getDocumentElement();
}catch (Throwable e) {
Logger.warn("Mandate content could not be generated from MISMandate.");
return null;
}
}
/**
* @return the ssoRequested
*/
//TODO: SSO only allowed without mandates, actually!!!!!!
public boolean isSsoRequested() {
return ssoRequested && !useMandate;
}
/**
* @param ssoRequested the ssoRequested to set
*/
public void setSsoRequested(boolean ssoRequested) {
this.ssoRequested = ssoRequested;
}
/**
* @return the isOW
*/
public boolean isOW() {
return isOW;
}
/**
* @param isOW the isOW to set
*/
public void setOW(boolean isOW) {
this.isOW = isOW;
}
}