Merge branch 'develop'

Author: priitr

doc/Configuration.md

@@ -6,7 +6,7 @@
     <groupId>ee.ria.tara</groupId>
     <artifactId>tara-server</artifactId>
     <packaging>war</packaging>
-    <version>1.1.2</version>
+    <version>1.1.3</version>
 
     <properties>
         <cas.version>5.1.9</cas.version>
@@ -151,6 +151,12 @@
             <artifactId>cas-server-core</artifactId>
             <version>${cas.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apereo.cas</groupId>
+            <artifactId>cas-server-core-audit</artifactId>
+            <version>${cas.version}</version>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-aspects</artifactId>

pom.xml

@@ -16,6 +16,13 @@ public final class Constants {
     public static final String ERROR_MESSAGE = "TARA_ERROR_MESSAGE";
     public static final String CREDENTIAL = "credential";
 
+    public static final String CAS_SERVICE_ATTRIBUTE_NAME = "service";
+
     public static final String SMART_ID_VERIFICATION_CODE = "smartIdVerificationCode";
     public static final String SMART_ID_AUTHENTICATION_SESSION = "smartIdAuthenticationSession";
+
+    public static final String MESSAGE_KEY_GENERAL_ERROR = "message.general.error";
+
+    public static final String MDC_ATTRIBUTE_REQUEST_ID = "requestId";
+    public static final String MDC_ATTRIBUTE_SESSION_ID = "sessionId";
 }

src/main/java/ee/ria/sso/Constants.java

@@ -0,0 +1,25 @@
+package ee.ria.sso.authentication;
+
+public class AuthenticationFailedException extends RuntimeException {
+
+    private final String errorMessageKey;
+
+    public AuthenticationFailedException(String errorMessageKey, String exceptionMessage) {
+        super(exceptionMessage);
+        this.errorMessageKey = errorMessageKey;
+    }
+
+    public AuthenticationFailedException(String errorMessageKey, String exceptionMessage, Throwable cause) {
+        super(exceptionMessage, cause);
+        this.errorMessageKey = errorMessageKey;
+    }
+
+    public String getErrorMessageKey() {
+        return errorMessageKey;
+    }
+
+    public String getErrorMessageKeyOrDefault(String defaultMesageKey) {
+        return (errorMessageKey != null) ? errorMessageKey : defaultMesageKey;
+    }
+
+}

src/main/java/ee/ria/sso/authentication/AuthenticationFailedException.java

@@ -34,6 +34,8 @@ public boolean supports(Credential credential) {
      * RESTRICTED METHODS
      */
 
+    // TODO: this class extracts attributes from TaraCredential and inserts them into a map
+
     @Override
     protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
         final Map<String, Object> map = new LinkedHashMap<>();

src/main/java/ee/ria/sso/authentication/TaraAuthenticationHandler.java

@@ -2,7 +2,6 @@
 
 import ee.ria.sso.authentication.AuthenticationType;
 import ee.ria.sso.authentication.LevelOfAssurance;
-import ee.ria.sso.model.AuthenticationResult;
 import org.apereo.cas.authentication.Credential;
 
 /**
@@ -24,33 +23,6 @@ public TaraCredential() {
         this.type = AuthenticationType.Default;
     }
 
-    public TaraCredential(String principalCode, String firstName, String lastName) {
-        this.type = AuthenticationType.IDCard;
-        this.principalCode = principalCode;
-        this.firstName = firstName;
-        this.lastName = lastName;
-
-    }
-
-    public TaraCredential(String principalCode, String firstName, String lastName, String mobileNumber) {
-        this.type = AuthenticationType.MobileID;
-        this.principalCode = principalCode;
-        this.firstName = firstName;
-        this.lastName = lastName;
-        this.mobileNumber = mobileNumber;
-    }
-
-    public TaraCredential(AuthenticationResult authResult) {
-        this.type = AuthenticationType.eIDAS;
-        this.principalCode = getFormattedPersonIdentifier(authResult.getAttributes().get("PersonIdentifier"));
-        this.firstName = authResult.getAttributes().get("FirstName");
-        this.lastName = authResult.getAttributes().get("FamilyName");
-        this.dateOfBirth = authResult.getAttributes().get("DateOfBirth");
-
-        String loa = authResult.getLevelOfAssurance();
-        if (loa != null) this.levelOfAssurance = LevelOfAssurance.findByFormalName(loa);
-    }
-
     // TODO refacto needed: use specific credentials for each auth impl
     public TaraCredential(AuthenticationType authenticationType, String principalCode, String firstName, String lastName) {
         this.type = authenticationType;
@@ -138,8 +110,17 @@ public void setLevelOfAssurance(LevelOfAssurance levelOfAssurance) {
         this.levelOfAssurance = levelOfAssurance;
     }
 
-    private String getFormattedPersonIdentifier(String personIdentifier) {
-        String[] parts = personIdentifier.split("/");
-        return parts[0] + parts[2];
+    @Override
+    public String toString() {
+        return "TaraCredential{" +
+                "type=" + type +
+                ", principalCode='" + principalCode + '\'' +
+                ", firstName='" + firstName + '\'' +
+                ", lastName='" + lastName + '\'' +
+                ", mobileNumber='" + mobileNumber + '\'' +
+                ", country='" + country + '\'' +
+                ", dateOfBirth='" + dateOfBirth + '\'' +
+                ", levelOfAssurance=" + levelOfAssurance +
+                '}';
     }
 }

src/main/java/ee/ria/sso/authentication/credential/TaraCredential.java

@@ -7,8 +7,6 @@
 import org.apereo.cas.authentication.principal.Principal;
 import org.apereo.cas.authentication.principal.PrincipalFactory;
 
-import ee.ria.sso.authentication.TaraAuthenticationException;
-
 /**
  * Created by Janar Rahumeel (CGI Estonia)
  */

src/main/java/ee/ria/sso/authentication/principal/TaraPrincipalFactory.java

@@ -1,31 +1,17 @@
 package ee.ria.sso.config;
 
-import com.nortal.banklink.authentication.AuthLink;
-import com.nortal.banklink.authentication.AuthLinkManager;
-import com.nortal.banklink.authentication.link.AuthLinkManagerImpl;
-import com.nortal.banklink.authentication.link.standard.IPizzaStandardAuthInfoParser;
-import com.nortal.banklink.authentication.link.standard.IPizzaStandardAuthLink;
-import com.nortal.banklink.link.BankLinkConfig;
 import ee.ria.sso.InsecureTrustManager;
-import ee.ria.sso.authentication.BankEnum;
-import ee.ria.sso.service.banklink.HttpSessionNonceManager;
 import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang3.text.WordUtils;
 import org.apereo.cas.util.AsciiArtUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.*;
-import org.springframework.core.io.ResourceLoader;
-import org.springframework.util.Assert;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
 import javax.annotation.PostConstruct;
-import javax.annotation.Resource;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import java.security.*;
-import java.security.cert.Certificate;
-import java.util.Arrays;
 
 /**
  * @author Janar Rahumeel (CGI Estonia)

src/main/java/ee/ria/sso/common/AbstractService.java

@@ -0,0 +1,91 @@
+package ee.ria.sso.config;
+
+import ee.ria.sso.logging.IncidentLoggingMDCServletFilter;
+import ee.ria.sso.logging.RequestContextAsFirstParameterResourceResolver;
+import org.apereo.cas.audit.spi.DefaultDelegatingAuditTrailManager;
+import org.apereo.cas.audit.spi.DelegatingAuditTrailManager;
+import org.apereo.cas.audit.spi.config.CasCoreAuditConfiguration;
+import org.apereo.cas.configuration.CasConfigurationProperties;
+import org.apereo.inspektr.audit.AuditActionContext;
+import org.apereo.inspektr.audit.spi.AuditResourceResolver;
+import org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager;
+import org.hjson.JsonObject;
+import org.hjson.Stringify;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+@Configuration
+@EnableConfigurationProperties(CasConfigurationProperties.class)
+public class TaraLoggingConfiguration {
+
+    @Autowired
+    private CasConfigurationProperties casProperties;
+
+    @Bean
+    public DelegatingAuditTrailManager auditTrailManager() {
+        final TaraSlf4jLoggingAuditTrailManager mgmr = new TaraSlf4jLoggingAuditTrailManager();
+        mgmr.setUseSingleLine(casProperties.getAudit().isUseSingleLine());
+        mgmr.setEntrySeparator(casProperties.getAudit().getSinglelineSeparator());
+        mgmr.setAuditFormat(casProperties.getAudit().getAuditFormat());
+        return new DefaultDelegatingAuditTrailManager(mgmr);
+    }
+
+    @Bean
+    public Map<String, AuditResourceResolver> auditResourceResolverMap() {
+        final Map<String, AuditResourceResolver> map = new CasCoreAuditConfiguration().auditResourceResolverMap();
+        map.put("TARA_AUTHENTICATION_RESOURCE_RESOLVER", new RequestContextAsFirstParameterResourceResolver());
+        return map;
+    }
+
+    @Bean
+    public FilterRegistrationBean incidentLoggingMDCServletFilter() {
+        final Map<String, String> initParams = new HashMap<>();
+        final FilterRegistrationBean bean = new FilterRegistrationBean();
+        bean.setFilter(new IncidentLoggingMDCServletFilter());
+        bean.setUrlPatterns(Collections.singleton("/*"));
+        bean.setInitParameters(initParams);
+        bean.setName("incidentLoggingMDCServletFilter");
+        bean.setOrder(Ordered.HIGHEST_PRECEDENCE + 1);
+        return bean;
+    }
+
+    private class TaraSlf4jLoggingAuditTrailManager extends Slf4jLoggingAuditTrailManager {
+
+        private final Logger log = LoggerFactory.getLogger("auditLog");
+        private final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss,SSSZ");
+
+        public void record(final AuditActionContext auditActionContext) {
+
+            if (casProperties.getAudit().getAuditFormat() == AuditFormats.JSON)
+                log.info(getJsonObjectForAudit(auditActionContext).toString(Stringify.PLAIN));
+            else
+                log.info(toString(auditActionContext));
+        }
+
+        @Override
+        protected JsonObject getJsonObjectForAudit(final AuditActionContext auditActionContext) {
+            final JsonObject jsonObject = new JsonObject()
+                    .add("action", auditActionContext.getActionPerformed())
+                    .add("who", auditActionContext.getPrincipal())
+                    .add("what", auditActionContext.getResourceOperatedUpon())
+                    .add("when", dateTimeFormatter.format(auditActionContext.getWhenActionWasPerformed().toInstant().atZone(ZoneId.systemDefault())))
+                    .add("clientIpAddress", auditActionContext.getClientIpAddress())
+                    .add("serverIpAddress", auditActionContext.getServerIpAddress())
+                    .add("application", auditActionContext.getApplicationCode());
+            return jsonObject;
+        }
+    }
+}