/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; import java.io.Serializable; import java.net.MalformedURLException; import java.net.URL; import java.util.Collection; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.metadata.provider.MetadataProvider; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; public abstract class RequestImpl implements IRequest, Serializable{ public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP"; public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country"; public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA"; private static final long serialVersionUID = 1L; private String module = null; private String action = null; private String requestID; private String processInstanceId; private String ssoMoaSessionId; private String uniqueTransactionIdentifer; private String uniqueSessionIdentifer; private String oaURL; private String authURL = null; private IOAAuthParameters OAConfiguration = null; private boolean passiv = false; private boolean force = false; private boolean needSSO = false; private boolean isAbortedByUser = false; //every request needs authentication by default private boolean needAuthentication = true; //every request is not authenticated by default private boolean isAuthenticated = false; private Map genericDataStorage = new HashMap(); private IAuthenticationSession moaSSOSessionContainer = null; /** * @throws ConfigurationException * */ public final void initialize(HttpServletRequest req) throws ConfigurationException { //set requestID requestID = Random.nextLongRandom(); //set unique transaction identifier for logging uniqueTransactionIdentifer = Random.nextLongRandom(); TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); //initialize session object genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date()); genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom()); //check if End-Point is valid String authURLString = HTTPUtils.extractAuthURLFromRequest(req); URL authURL; try { authURL = new URL(authURLString); } catch (MalformedURLException e) { Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); throw new ConfigurationException("1299", null, e); } AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); List configuredPublicURLPrefix = config.getPublicURLPrefix(); if (!config.isVirtualIDPsEnabled()) { Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); this.authURL = configuredPublicURLPrefix.get(0); } else { Logger.debug("Extract AuthenticationServiceURL: " + authURLString); URL resultURL = null; for (String el : configuredPublicURLPrefix) { try { URL configuredURL = new URL(el); //get Ports from URL int configPort = configuredURL.getPort(); if (configPort == -1) configPort = configuredURL.getDefaultPort(); int authURLPort = authURL.getPort(); if (authURLPort == -1) authURLPort = authURL.getDefaultPort(); //check AuthURL against ConfigurationURL if (configuredURL.getHost().equals(authURL.getHost()) && configPort == authURLPort && configuredURL.getPath().equals(authURL.getPath())) { Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + " for authURL: " + authURLString); resultURL = configuredURL; } } catch (MalformedURLException e) { Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); } } if (resultURL == null) { Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); throw new ConfigurationException("config.25", new Object[]{authURLString}); } else { this.authURL = resultURL.toExternalForm(); } } //set unique session identifier String uniqueID = (String) req.getAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER); if (MiscUtil.isNotEmpty(uniqueID)) uniqueSessionIdentifer = uniqueID; else Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!"); //set requester's IP address try { setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr()); } catch (SessionDataStorageException e) { Logger.warn("Can not store remote IP address to 'pendingRequest' during an exception." , e); } } /** * This method map the protocol specific requested attributes to PVP 2.1 attributes. * * @return List of PVP 2.1 attribute names with maps all protocol specific attributes */ public abstract Collection getRequestedAttributes(MetadataProvider metadataProvider); public void setOAURL(String value) { oaURL = value; } public String getOAURL() { return oaURL; } public boolean isPassiv() { return passiv; } public boolean forceAuth() { return force; } public void setPassiv(boolean passiv) { this.passiv = passiv; } public void setForce(boolean force) { this.force = force; } public String requestedAction() { return action; } public void setAction(String action) { this.action = action; } /** * @return the module */ public String requestedModule() { return module; } /** * @param module the module to set */ public void setModule(String module) { this.module = module; } public void setRequestID(String id) { this.requestID = id; } public String getRequestID() { return requestID; } public String getInternalSSOSessionIdentifier() { return this.ssoMoaSessionId; } /** * Set the internal SSO session identifier, which associated with this pending request * * @param internalSSOSessionId */ public void setInternalSSOSessionIdentifier(String internalSSOSessionId) { this.ssoMoaSessionId = internalSSOSessionId; } public IAuthenticationSession getMOASession() { //if SSO session information are set, use this if (moaSSOSessionContainer != null) return moaSSOSessionContainer; else return new AuthenticationSessionWrapper(genericDataStorage); } public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) { if (ssoSession instanceof AuthenticationSession) { moaSSOSessionContainer = ssoSession; } else throw new IllegalStateException("Session information can only be populated with SSO information from database"); } public IOAAuthParameters getOnlineApplicationConfiguration() { return this.OAConfiguration; } public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) { this.OAConfiguration = oaConfig; } public String getUniqueTransactionIdentifier() { return this.uniqueTransactionIdentifer; } public String getUniqueSessionIdentifier() { return this.uniqueSessionIdentifer; } public String getProcessInstanceId() { return this.processInstanceId; } public void setUniqueTransactionIdentifier(String id) { this.uniqueTransactionIdentifer = id; } public void setUniqueSessionIdentifier(String id) { this.uniqueSessionIdentifer = id; } public void setProcessInstanceId(String id) { this.processInstanceId = id; } /** * @return the authURL */ public String getAuthURL() { return authURL; } public String getAuthURLWithOutSlash() { if (authURL.endsWith("/")) return authURL.substring(0, authURL.length()-1); else return authURL; } /** * @return the needAuthentication */ public boolean isNeedAuthentication() { return needAuthentication; } /** * @param needAuthentication the needAuthentication to set */ public void setNeedAuthentication(boolean needAuthentication) { this.needAuthentication = needAuthentication; } /** * @return the isAuthenticated */ public boolean isAuthenticated() { return isAuthenticated; } /** * @param isAuthenticated the isAuthenticated to set */ public void setAuthenticated(boolean isAuthenticated) { this.isAuthenticated = isAuthenticated; } public boolean needSingleSignOnFunctionality() { return needSSO; } public void setNeedSingleSignOnFunctionality(boolean needSSO) { this.needSSO = needSSO; } public boolean isAbortedByUser() { return this.isAbortedByUser; } public void setAbortedByUser(boolean isAborted) { this.isAbortedByUser = isAborted; } public Object getGenericData(String key) { if (MiscUtil.isNotEmpty(key)) { return genericDataStorage.get(key); } Logger.warn("Can not load generic request-data with key='null'"); return null; } public T getGenericData(String key, final Class clazz) { if (MiscUtil.isNotEmpty(key)) { Object data = genericDataStorage.get(key); if (data == null) return null; try { @SuppressWarnings("unchecked") T test = (T) data; return test; } catch (Exception e) { Logger.warn("Generic request-data object can not be casted to requested type", e); return null; } } Logger.warn("Can not load generic request-data with key='null'"); return null; } public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { if (MiscUtil.isEmpty(key)) { Logger.warn("Generic request-data can not be stored with a 'null' key"); throw new SessionDataStorageException("Generic request-data can not be stored with a 'null' key", null); } if (object != null) { if (!Serializable.class.isInstance(object)) { Logger.warn("Generic request-data can only store objects which implements the 'Seralizable' interface"); throw new SessionDataStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null); } } if (genericDataStorage.containsKey(key)) Logger.debug("Overwrite generic request-data with key:" + key); else Logger.trace("Add generic request-data with key:" + key + " to session."); genericDataStorage.put(key, object); } }