/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import java.math.BigInteger; import java.security.PrivateKey; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHPublicKeySpec; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; /** * @author tlenz * */ @Component("InitializeRestoreSSOSessionTask") public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; @Autowired SSOContainerUtils ssoTransferUtils; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { //create first step of SSO Transfer GUI String authURL = HTTPUtils.extractAuthURLFromRequest(request); if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). contains(authURL)) { Logger.warn("Requested URL is not allowed.");; response.sendError(500, "Requested URL is not allowed."); } //use predefined parameters BigInteger prime = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_PRIME_BASE64, false)); BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false)); DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024); Pair dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG()); String nonce = Random.nextLongRandom(); GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF()); //store DH params and nonce to pending-request SSOTransferContainer container = new SSOTransferContainer(); container.setDhParams(dhKeyIDP); pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container); pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce); //store pending-request requestStoreage.storePendingRequest(pendingReq); //set flag executionContext.put("sessionRestoreFinished", false); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { Logger.error(this.getClass().getName() + " has an interal Error.", e); throw new TaskExecutionException(pendingReq, this.getClass().getName() + " has an interal Error.", e); } } }