Commit 79e21961 authored by Tobias Assmann's avatar Tobias Assmann
Browse files

#1 add result params to refresh action, back to ssl in edge router

parent 6e07a2b5
version: "3.4"
services:
# facade:
# image: "traefik:v2.0"
# container_name: "reqesidta_facade"
# labels:
# - "traefik.enable=true"
# # catchall and the middleware used for global http to http redirect
# - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
# - "traefik.http.routers.http-catchall.entrypoints=web"
# - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# command: --providers.docker=true
# --providers.docker.exposedbydefault=false
# --entryPoints.web.address=:80
# --entryPoints.web-secure.address=:443
# --entryPoints.traefik.address=:8080
# --api.insecure=true
# --log.level=debug
# ports:
# - "80:80"
# - "443:443"
# # The Web UI (enabled by --api.insecure=true)
# - "8080:8080"
# networks:
# - reqesidta_net
# volumes:
# # So that Traefik can listen to the Docker events
# - /var/run/docker.sock:/var/run/docker.sock
facade:
image: "traefik:v2.0"
container_name: "reqesidta_facade"
labels:
- "traefik.enable=true"
# catchall and the middleware used for global http to http redirect
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
command: --providers.docker=true
--providers.docker.exposedbydefault=false
--entryPoints.web.address=:80
--entryPoints.web-secure.address=:443
--entryPoints.traefik.address=:8080
--api.insecure=true
--log.level=debug
ports:
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
# see http://localhost:8080/dashboard/
- "8080:8080"
networks:
- reqesidta_net
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
poseidas:
image: "reqesidta/poseidas"
container_name: "reqesidta_poseidas"
# labels:
# - "traefik.enable=true"
# - "traefik.http.services.poseidas.loadbalancer.server.port=8443"
# - "traefik.http.routers.poseidas.rule=PathPrefix(`/POSeIDAS/eidas-middleware/paosreciever`)"
# - "traefik.http.routers.poseidas.entrypoints=web-secure"
# - "traefik.http.routers.poseidas.tls=true"
labels:
- "traefik.enable=true"
- "traefik.http.services.poseidas.loadbalancer.server.port=8443"
- "traefik.http.routers.poseidas.rule=PathPrefix(`/POSeIDAS/eidas-middleware/paosreciever`)"
- "traefik.http.routers.poseidas.entrypoints=web-secure"
- "traefik.http.routers.poseidas.tls=true"
build:
context: ./poseidas
args:
......@@ -45,7 +46,7 @@ services:
environment:
- JAVA_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005
ports:
- "127.0.0.1:8443:8443"
#- "127.0.0.1:8443:8443"
- "127.0.0.1:5005:5005" # Java Debug Port
networks:
reqesidta_net:
......@@ -68,8 +69,8 @@ services:
depends_on:
- postgres
# DEPRECATED
links:
- postgres
# links:
# - postgres
environment:
# Format: jdbc:postgresql://hostname:port/database
DATABASE_JDBC_URL: jdbc:postgresql://postgres:5432/ejbca
......@@ -97,12 +98,12 @@ services:
ssa:
image: "reqesidta/ssa"
container_name: "reqesidta_ssa"
# labels:
# - "traefik.enable=true"
# - "traefik.http.services.ssa.loadbalancer.server.port=8080"
# - "traefik.http.routers.ssa.rule=PathPrefix(`/ssa-server`)"
# - "traefik.http.routers.ssa.entrypoints=web-secure"
# - "traefik.http.routers.ssa.tls=true"
labels:
- "traefik.enable=true"
- "traefik.http.services.ssa.loadbalancer.server.port=8080"
- "traefik.http.routers.ssa.rule=PathPrefix(`/ssa-server`)"
- "traefik.http.routers.ssa.entrypoints=web-secure"
- "traefik.http.routers.ssa.tls=true"
build:
context: ./ssa
depends_on:
......@@ -110,7 +111,7 @@ services:
- ejbca
command: /opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0 --debug 0.0.0.0:9797
ports:
- "127.0.0.1:28080:8080"
# - "127.0.0.1:28080:8080"
#- "127.0.0.1:29990:9990"
- "127.0.0.1:9797:9797" # Java Debug Port
volumes:
......
# Server settings
server.port = 8443
#server.ssl.enabled = false
server.ssl.enabled = false
poseidas.admin.username = admin
# Password: testtest
......
package reqesidta.ssa.api;
import java.util.Optional;
import java.util.UUID;
import javax.inject.Inject;
import javax.ws.rs.GET;
......@@ -9,6 +8,8 @@ import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.xml.bind.JAXBElement;
......@@ -16,8 +17,6 @@ import javax.xml.bind.JAXBElement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import de.bund.bsi.eid.GetResultResponseType;
import de.bund.bsi.eid.GetServerInfoResponseType;
import de.bund.bsi.eid.UseIDResponseType;
import reqesidta.ssa.config.SSAConfig;
import reqesidta.ssa.eid.EID_Client;
......@@ -40,19 +39,24 @@ public class EidService {
@Inject private SessionStore sessionStore;
@Inject private EID_Client eidClient;
/**
* curl -v -k -X GET -s https://docker.reqesidta.de/ssa-server/eid/tctoken/YOUR_SESSION_ID
* @param sessionId
* @return
*/
@GET
@Produces(MediaType.TEXT_XML)
@Path("/tctoken/{sessionId}")
public JAXBElement<TCTokenType> tcToken(@PathParam("sessionId") String sessionId) {
log.debug("tctoken got sessionId:"+sessionId);
Session session = this.readSession(sessionId);
byte[] documentHash = (byte[])session.get(Session.KEY_DOCUMENT_HASH).get();
byte[] documentHash = (byte[])session.get(Session.KEY_CLIENT_DOCUMENT_HASH).get();
// get stuff from eID useID
UseIDResponseType useID_return = eidClient.useId(documentHash);
String eidSessionIdString = useID_return.getPSK().getID();
session.set(Session.KEY_EID_SERVER_SESSIONID, useID_return.getSession().getID());
// replace session for user with new session using sessionID from eID server
session = sessionStore.copySession(session, eidSessionIdString);
session = sessionStore.replaceSession(session, eidSessionIdString);
// build response
TCTokenType tcToken = new TCTokenType();
tcToken.setServerAddress(useID_return.getECardServerAddress());
......@@ -70,16 +74,31 @@ public class EidService {
return new ObjectFactory().createTCTokenType(tcToken);
}
/**
* curl -k -v -X GET -s https://docker.reqesidta.de/ssa-server/eid/refresh/YOUR_SESSION_ID?ResultMajor=ok
* @param sessionId
* @return
*/
@GET
@Path("/refresh/{sessionId}")
public Response refresh(@PathParam("sessionId") String sessionId) {
public Response refresh(
@PathParam("sessionId") String sessionId,
@QueryParam("ResultMajor") String resMajor,
@QueryParam("ResultMinor") String resMinor) {
log.debug("refresh got sessionId:"+sessionId);
Session session = this.readSession(sessionId);
if (!resMajor.equals("ok")) {
log.info("refresh got ResultMajor:"+resMajor);
log.info("refresh got ResultMinor:"+resMinor);
log.info("refresh removing session due to error param ... ");
sessionStore.removeSession(sessionId);
// throw an "Failed Dependency" status back
throw new WebApplicationException(424);
}
byte[] eidSessionId = (byte[])session.get(Session.KEY_EID_SERVER_SESSIONID).get();
GetResultResponseType getResponseType = eidClient.getResult(eidSessionId);
//TODO what to save in session?
eidClient.getResult(eidSessionId);
// replace session for user with new session ID
session = sessionStore.copySession(session, UUID.randomUUID().toString());
session = sessionStore.replaceSession(session, null);
return Response.ok(session.getId()).build();
}
......
......@@ -51,6 +51,11 @@ public class SsaService {
this.jsonb = JsonbBuilder.create(config);
}
/**
* curl -L -k -X POST -H "Content-Type: application/json" --data '{"sig-alg":"SHA256WITHDSA","doc-hash":"SGVsbG8gV29ybGQK"}' http://docker.reqesidta.de/ssa-server/ssa/start
* @param reqAsJson
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
......@@ -62,8 +67,8 @@ public class SsaService {
throw new BadRequestException();
}
Session session = sessionStore.getNewSession();
session.set(Session.KEY_SIGNATURE_ALGORITHM, req.signatureAlgorithm);
session.set(Session.KEY_DOCUMENT_HASH, req.documentHash);
session.set(Session.KEY_CLIENT_SIGNATURE_ALGORITHM, req.signatureAlgorithm);
session.set(Session.KEY_CLIENT_DOCUMENT_HASH, req.documentHash);
InitResponse response = new InitResponse();
response.tcTokenUrl = this.config.getBaseUrl()+"/eid/tctoken/"+session.getId();
String respAsJson = jsonb.toJson(response);
......
......@@ -14,8 +14,8 @@ public class Session {
private Instant lastAccess = Instant.now();
private final Map<String, Object> map;
public final static String KEY_SIGNATURE_ALGORITHM = "sig-alg";
public final static String KEY_DOCUMENT_HASH = "doc-hash";
public final static String KEY_CLIENT_SIGNATURE_ALGORITHM = "sig-alg";
public final static String KEY_CLIENT_DOCUMENT_HASH = "doc-hash";
public final static String KEY_EID_SERVER_SESSIONID = "eid-sessionid";
Session(String ID) {
......
......@@ -49,7 +49,17 @@ public class SessionStore {
return s;
}
public synchronized Session copySession(Session session, String id) {
/**
* Replace the given session in session store with a new session
* with old content and new id.
* @param session
* @param id if null is given an id is generated
* @return
*/
public synchronized Session replaceSession(Session session, String id) {
if (id == null) {
id = UUID.randomUUID().toString();
}
Session s = session.copy(id);
this.storage.put(id, s);
this.storage.remove(session.getId());
......
ssa-config {
sessionMaxAge: 60,
sessionCheckAgeInterval: 30,
baseUrl: "http://ssa.docker.reqesidta.de:28080/ssa-server"
eidUrl: "https://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
baseUrl: "https://docker.reqesidta.de/ssa-server"
eidUrl: "http://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
ca-config: {
caName: 'dummy-caName',
cmpAlias: 'dummy-cmp-alias',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment