/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ /* * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ * Unless required by applicable law or agreed to in writing, software distributed under the Licence * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. This product combines work with different licenses. See the "NOTICE" text file for * details on the various modules and licenses. The "NOTICE" text file is part of the distribution. * Any derivative works that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.data; import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Map.Entry; import org.apache.commons.collections4.map.HashedMap; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; /** * * Serializable implementation of the {@link IAuthenticationSession} interface, which could be stored into a * AuthenticationSession database * * @author Thomas Lenz * */ public class AuthenticationSession implements Serializable, IAuthenticationSession, AuthProzessDataConstants { /** * */ private static final long serialVersionUID = 1L; public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** * session ID */ private String sessionID; private Date sessionCreated = null; /** * URL of the BKU */ private String bkuURL; // Store Mandate /** * Use mandate */ private boolean useMandates; private boolean isOW = false; /** * * Mandate element */ private IMISMandate mandate; /** * Reference value for mandate bussiness service for the assertion */ private String mandateReferenceValue; /** * SessionID for MIS */ private String misSessionID; // store Identitylink /** * identity link read from smartcard */ private IIdentityLink identityLink; /** * authentication block to be signed by the user */ private String authBlock; private String authBlockTokken; /** * The issuing time of the AUTH-Block SAML assertion. */ private String issueInstant; /** * Signer certificate of the foreign citizen or for mandate mode */ private byte[] signerCertificate; /** * SAML attributes from an extended infobox validation to be appended to the SAML assertion * delivered to the final online application. */ private List extendedSAMLAttributesOA; /** * The boolean value for either a target or a wbPK is provided as SAML Attribute in the SAML * Assertion or not. */ private boolean samlAttributeGebeORwbpk; /** * SAML attributes from an extended infobox validation to be appended to the SAML assertion of * the AUTHBlock. */ private List extendedSAMLAttributesAUTH; private boolean authenticated; private String QAALevel = null; private IVerifiyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; private Map genericSessionDataStorate = new HashedMap(); /** * Constructor for AuthenticationSession. * * @param id * Session ID */ public AuthenticationSession(String id, Date created) { sessionID = id; sessionCreated = created; } /** * @param id * @param now * @param moaSession */ public AuthenticationSession(String id, Date now, IAuthenticationSession moaSession) { sessionID = id; sessionCreated = now; authBlock = moaSession.getAuthBlock(); authBlockTokken = moaSession.getAuthBlockTokken(); authenticated = moaSession.isAuthenticated(); bkuURL = moaSession.getBkuURL(); extendedSAMLAttributesAUTH = moaSession.getExtendedSAMLAttributesAUTH(); extendedSAMLAttributesOA = moaSession.getExtendedSAMLAttributesOA(); genericSessionDataStorate = moaSession.getGenericSessionDataStorage(); identityLink = moaSession.getIdentityLink(); isForeigner = moaSession.isForeigner(); isOW = moaSession.isOW(); issueInstant = moaSession.getIssueInstant(); mandate = moaSession.getMISMandate(); mandateReferenceValue = moaSession.getMandateReferenceValue(); misSessionID = moaSession.getMISSessionID(); QAALevel = moaSession.getQAALevel(); samlAttributeGebeORwbpk = moaSession.getSAMLAttributeGebeORwbpk(); sessionCreated = moaSession.getSessionCreated(); signerCertificate = moaSession.getEncodedSignerCertificate(); useMandates = moaSession.isMandateUsed(); XMLVerifySignatureResponse = moaSession.getXMLVerifySignatureResponse(); //TODO: implement session construction from existing eID information } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() */ @Override public boolean isAuthenticated() { return authenticated; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) */ @Override public void setAuthenticated(boolean authenticated) { this.authenticated = authenticated; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() */ @Override public X509Certificate getSignerCertificate() { if (signerCertificate != null && signerCertificate.length > 0) { try { return new X509Certificate(signerCertificate); } catch (CertificateException e) { Logger.warn("Signer certificate can not be loaded from session database!", e); } } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() */ @Override public byte[] getEncodedSignerCertificate() { return this.signerCertificate; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate) */ @Override public void setSignerCertificate(X509Certificate signerCertificate) { try { this.signerCertificate = signerCertificate.getEncoded(); } catch (CertificateEncodingException e) { Logger.warn("Signer certificate can not be stored to session database!", e); } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() */ @Override public IIdentityLink getIdentityLink() { return identityLink; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() */ @Override public String getSSOSessionID() { return sessionID; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) */ @Override public void setIdentityLink(IIdentityLink identityLink) { this.identityLink = identityLink; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) */ @Override public void setSSOSessionID(String sessionId) { this.sessionID = sessionId; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() */ @Override public String getBkuURL() { return bkuURL; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) */ @Override public void setBkuURL(String bkuURL) { this.bkuURL = bkuURL; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock() */ @Override public String getAuthBlock() { return authBlock; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String) */ @Override public void setAuthBlock(String authBlock) { this.authBlock = authBlock; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH() */ @Override public List getExtendedSAMLAttributesAUTH() { if (extendedSAMLAttributesAUTH == null) extendedSAMLAttributesAUTH = new ArrayList(); return extendedSAMLAttributesAUTH; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List) */ @Override public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA() */ @Override public List getExtendedSAMLAttributesOA() { return extendedSAMLAttributesOA; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List) */ @Override public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk() */ @Override public boolean getSAMLAttributeGebeORwbpk() { return this.samlAttributeGebeORwbpk; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean) */ @Override public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() */ @Override public String getIssueInstant() { return issueInstant; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) */ @Override public void setIssueInstant(String issueInstant) { this.issueInstant = issueInstant; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String) */ @Override public void setUseMandate(String useMandate) { if (useMandate.compareToIgnoreCase("true") == 0) this.useMandates = true; else this.useMandates = false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) */ @Override public void setUseMandates(boolean useMandates) { this.useMandates = useMandates; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() */ @Override public boolean isMandateUsed() { return this.useMandates; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String) */ @Override public void setMISSessionID(String misSessionID) { this.misSessionID = misSessionID; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID() */ @Override public String getMISSessionID() { return this.misSessionID; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue() */ @Override public String getMandateReferenceValue() { return mandateReferenceValue; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String) */ @Override public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() */ @Override public boolean isForeigner() { return isForeigner; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) */ @Override public void setForeigner(boolean isForeigner) { this.isForeigner = isForeigner; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse() */ @Override public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() { return XMLVerifySignatureResponse; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse) */ @Override public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { XMLVerifySignatureResponse = xMLVerifySignatureResponse; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate() */ @Override public IMISMandate getMISMandate() { return mandate; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate) */ @Override public void setMISMandate(IMISMandate mandate) { this.mandate = mandate; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() */ @Override public boolean isOW() { return isOW; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) */ @Override public void setOW(boolean isOW) { this.isOW = isOW; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken() */ @Override public String getAuthBlockTokken() { return authBlockTokken; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String) */ @Override public void setAuthBlockTokken(String authBlockTokken) { this.authBlockTokken = authBlockTokken; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() */ @Override public String getQAALevel() { return QAALevel; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) */ @Override public void setQAALevel(String qAALevel) { QAALevel = qAALevel; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() */ @Override public Date getSessionCreated() { return sessionCreated; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() */ @Override public Map getGenericSessionDataStorage() { return genericSessionDataStorate; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) */ @Override public Object getGenericDataFromSession(String key) { if (MiscUtil.isNotEmpty(key)) { return genericSessionDataStorate.get(key); } Logger.warn("Can not load generic session-data with key='null'"); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) */ @Override public T getGenericDataFromSession(String key, final Class clazz) { if (MiscUtil.isNotEmpty(key)) { Object data = genericSessionDataStorate.get(key); if (data == null) return null; try { @SuppressWarnings("unchecked") T test = (T) data; return test; } catch (Exception e) { Logger.warn("Generic authentication-data object can not be casted to requsted type", e); return null; } } Logger.warn("Can not load generic session-data with key='null'"); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) */ @Override public void setGenericDataToSession(String key, Object object) throws EAAFStorageException { if (MiscUtil.isEmpty(key)) { Logger.warn("Generic session-data can not be stored with a 'null' key"); throw new EAAFStorageException("Generic session-data can not be stored with a 'null' key"); } if (object != null) { if (!Serializable.class.isInstance(object)) { Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface"); throw new EAAFStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface"); } } if (genericSessionDataStorate.containsKey(key)) Logger.debug("Overwrite generic session-data with key:" + key); else Logger.trace("Add generic session-data with key:" + key + " to session."); genericSessionDataStorate.put(key, object); } @Override public Map getKeyValueRepresentationFromAuthSession() { Map result = new HashMap(); result.put(FLAG_IS_AUTHENTICATED, isAuthenticated()); result.put(FLAG_IS_FOREIGNER, isForeigner()); result.put(FLAG_IS_ORGANWALTER, isOW()); result.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); result.put(FLAG_USE_MANDATE, isMandateUsed()); result.put(VALUE_AUTHBLOCK, getAuthBlock()); result.put(VALUE_AUTNBLOCKTOKKEN, getAuthBlockTokken()); result.put(VALUE_BKUURL, getBkuURL()); result.put(VALUE_EXTENTEDSAMLATTRAUTH, getExtendedSAMLAttributesAUTH()); result.put(VALUE_EXTENTEDSAMLATTROA, getExtendedSAMLAttributesOA()); result.put(VALUE_IDENTITYLINK, getIdentityLink()); result.put(VALUE_ISSUEINSTANT, getIssueInstant()); result.put(VALUE_MISMANDATE, getMISMandate()); result.put(VALUE_MISREFVALUE, getMandateReferenceValue()); result.put(VALUE_MISSESSIONID, getMISSessionID()); result.put(VALUE_QAALEVEL, getQAALevel()); result.put(VALUE_SIGNER_CERT, getSignerCertificate()); result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse()); for (Entry el : genericSessionDataStorate.entrySet()) result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); return Collections.unmodifiableMap(result); } }