diff options
Diffstat (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth')
10 files changed, 464 insertions, 458 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java index 241b43c9..d2365e4a 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java @@ -24,14 +24,22 @@ import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; + import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; import at.gv.egiz.eaaf.core.api.idp.auth.ISsoManager; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -46,11 +54,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; public abstract class AbstractAuthenticationManager implements IAuthenticationManager { private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationManager.class); @@ -73,14 +76,14 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa protected IRevisionLogger revisionsLogger; @Autowired(required = false) protected ISsoManager ssoManager; - @Autowired ModuleRegistration moduleRegistration; + @Autowired + ModuleRegistration moduleRegistration; /* * (non-Javadoc) * - * @see - * at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addParameterNameToWhiteList(java.lang - * .String) + * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager# + * addParameterNameToWhiteList(java.lang .String) */ @Override public final void addParameterNameToWhiteList(final String httpReqParam) { @@ -93,9 +96,8 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa /* * (non-Javadoc) * - * @see - * at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang. - * String) + * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager# + * addHeaderNameToWhiteList(java.lang. String) */ @Override public final void addHeaderNameToWhiteList(final String httpReqParam) { @@ -108,9 +110,8 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa /* * (non-Javadoc) * - * @see - * at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang. - * String) + * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager# + * addHeaderNameToWhiteList(java.lang. String) */ @Override public final boolean doAuthentication(final HttpServletRequest httpReq, @@ -124,7 +125,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa } // load OA configuration from pending request - final IspConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); // set logging context and log unique OA identifier to revision log TransactionIdUtils.setServiceProviderId(oaParam.getUniqueIdentifier()); @@ -137,7 +138,6 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa throw new NoPassivAuthenticationException(); } - // check Single Sign-On functionality if SSOManager is available boolean isValidSsoSession = false; if (ssoManager != null) { @@ -149,16 +149,15 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa isValidSsoSession = ssoManager.checkAndValidateSsoSession(pendingReq, httpReq, httpResp) && pendingReq.needSingleSignOnFunctionality(); - } // check if session is already authenticated - // boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, + // boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) + // pendingReq, // isValidSSOSession); // boolean isSessionAuthenticated = isValidSSOSession && // StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier()); - // force new authentication authentication process if (pendingReq.forceAuth()) { startAuthenticationProcess(httpReq, (RequestImpl) pendingReq); @@ -169,7 +168,6 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa sendSingleSignOnConsentsEvaluation((RequestImpl) pendingReq); return false; - } else if (pendingReq.isPassiv()) { if (isValidSsoSession && StringUtils.isNotEmpty(pendingReq.getInternalSsoSessionIdentifier())) { @@ -207,7 +205,6 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa log.debug("Close session. Remove pending request ... "); requestStoreage.removePendingRequest(pendingReq.getPendingRequestId()); - if (ssoManager != null) { try { log.trace("'SSOManager' active. Search for active SSO sessions ... "); @@ -229,11 +226,11 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa /** * Populate process execution context and start process engine. * - * @param httpReq http request + * @param httpReq http request * @param pendingReq current pending request * @throws ServletException In case of a servlet error - * @throws IOException In case of an IO error - * @throws EaafException In case of EAAF processing error + * @throws IOException In case of an IO error + * @throws EaafException In case of EAAF processing error */ private void startAuthenticationProcess(final HttpServletRequest httpReq, final RequestImpl pendingReq) throws EaafException { @@ -245,15 +242,15 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa final ExecutionContext executionContext = new ExecutionContextImpl(); // set oaIdentifeir - executionContext.put(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID, + executionContext.put(EaafConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID, pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); // add X509 SSL client certificate if exist if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) { log.debug("Find SSL-client-certificate on request --> Add it to context"); - executionContext.put(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, + executionContext.put(EaafConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, (X509Certificate[]) httpReq.getAttribute("javax.servlet.request.X509Certificate")); - pendingReq.setRawDataToTransaction(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, + pendingReq.setRawDataToTransaction(EaafConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, httpReq.getAttribute("javax.servlet.request.X509Certificate")); } @@ -287,8 +284,6 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa } } - - // populate more IDP specific information to execution context populateExecutionContext(executionContext, pendingReq, httpReq); @@ -301,8 +296,8 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa * Add additional parameters into context of process-engine. * * @param executionContext Process-engine context - * @param pendingReq Current pending request - * @param httpReq http request + * @param pendingReq Current pending request + * @param httpReq http request * * @throws EaafException In case of an error */ @@ -314,8 +309,8 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa * * @param pendingReq current pending request * @throws ServletException In case of a servlet error - * @throws IOException In case of an IO error - * @throws EaafException In case of a EAAF processing error + * @throws IOException In case of an IO error + * @throws EaafException In case of a EAAF processing error */ private void sendSingleSignOnConsentsEvaluation(final RequestImpl pendingReq) throws EaafException { @@ -333,11 +328,10 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa } - /** * Select a specific process and starting process engine. * - * @param pendingReq current pending request + * @param pendingReq current pending request * @param executionContext current context for process-engine * @throws EaafException In case of an process-engine error */ @@ -345,7 +339,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa final ExecutionContext executionContext) throws EaafException { try { // put pending-request ID on execurtionContext - executionContext.put(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID, + executionContext.put(EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID, pendingReq.getPendingRequestId()); // create process instance @@ -354,7 +348,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa if (processDefinitionId == null) { log.warn("No suitable process found for PendingReqId " + pendingReq.getPendingRequestId()); - throw new EaafException("process.02", new Object[] {pendingReq.getPendingRequestId()}); + throw new EaafException("process.02", new Object[] { pendingReq.getPendingRequestId() }); } @@ -383,7 +377,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa } throw new EaafException("process.01", - new Object[] {pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId()}, e); + new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId() }, e); } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java index 1afa879f..0834aa7c 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java @@ -19,6 +19,12 @@ package at.gv.egiz.eaaf.core.impl.idp.auth; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.idp.process.ProcessInstanceStoreDao; @@ -29,11 +35,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; @Service("RequestStorage") public class RequestStorage implements IRequestStorage { @@ -155,8 +156,8 @@ public class RequestStorage implements IRequestStorage { * (non-Javadoc) * * @see - * at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa. - * id.moduls.IRequest) + * at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv + * .egovernment.moa. id.moduls.IRequest) */ @Override public String changePendingRequestID(final IRequest pendingRequest) throws EaafException { @@ -169,13 +170,13 @@ public class RequestStorage implements IRequestStorage { .getPendingRequestIdWithOutChecks(pendingRequest.getPendingRequestId()); } catch (final PendingReqIdValidationException e) { - // it's no problem, because it must be valid before when pending-request was loaded and we + // it's no problem, because it must be valid before when pending-request was + // loaded and we // change it now oldInternalRequestID = e.getInvalidInternalPendingReqId(); } - // generate new pendingReqId and get internalPendingReqId final String newRequestID = pendingReqIdGenerationStrategy.generateExternalPendingRequestId(); log.debug("Change pendingRequestID from " + pendingRequest.getPendingRequestId() + " to " @@ -189,11 +190,10 @@ public class RequestStorage implements IRequestStorage { } catch (final PendingReqIdValidationException e) { throw new EaafException("internal.99", - new Object[] {"Generate invalid pendingRequestId. Something looks WRONG"}, e); + new Object[] { "Generate invalid pendingRequestId. Something looks WRONG" }, e); } - // change Key in cache transactionStorage.changeKey(oldInternalRequestID, newInternalPendingRequestId, pendingRequest); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index b12658f5..f5c687f1 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -25,14 +25,26 @@ import java.io.InputStream; import java.util.ArrayList; import java.util.Collection; import java.util.Map.Entry; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; +import org.springframework.util.Base64Utils; +import org.w3c.dom.DOMException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; @@ -47,17 +59,6 @@ import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.lang.NonNull; -import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; -import org.w3c.dom.DOMException; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { private static final Logger log = @@ -83,7 +84,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati pendingReq.getSessionData(AuthProcessDataWrapper.class); try { - if (authProcessData.isEIDProcess()) { + if (authProcessData.isEidProcess()) { log.debug("Building AuthData from new E-ID information ... "); authData = getAuthDataInstance(pendingReq); Assert.notNull(authData, "AuthData is null"); @@ -107,7 +108,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } catch (XPathException | DOMException | EaafException e) { log.warn("Can not build authentication data from auth. process information"); - throw new EaafAuthenticationException("builder.11", new Object[] {e.getMessage()}, e); + throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e); } @@ -127,8 +128,8 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati protected abstract IAuthData getAuthDataInstance(IRequest pendingReq) throws EaafException; /** - * Build service-specific AuthData by using information from E-ID This builder uses vSZ, MDS and - * Consent as input information. + * Build service-specific AuthData by using information from E-ID This builder + * uses vSZ, MDS and Consent as input information. * * @param pendingReq current pendingRequest * @return {@link IAuthData} but never <code>null</code> @@ -137,13 +138,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati protected abstract void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException; - /** * Add generic E-ID information into already existing AuthData. * - * @param authData AuthData object - * @param authProcessData Authentication information holder from current pending request - * @param pendingReq current pending request + * @param authData AuthData object + * @param authProcessData Authentication information holder from current pending + * request + * @param pendingReq current pending request */ private void buildInternalAuthDataGeneric(@NonNull final IAuthData authData, @NonNull final IAuthProcessDataContainer authProcessData, @@ -164,7 +165,8 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // TODO: check if it is needed // if (authProcessData.getGenericSessionDataStorage() != null && // !authProcessData.getGenericSessionDataStorage().isEmpty()) - // includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet(); + // includedToGenericAuthData = + // authProcessData.getGenericSessionDataStorage().keySet(); // else includedToGenericAuthData = new ArrayList<>(); @@ -178,31 +180,28 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // #################################################### // set MDS and vSZ internalAuthData.setFamilyName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); internalAuthData.setGivenName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.GIVEN_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, String.class)); internalAuthData.setDateOfBirth(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.BIRTHDATE_NAME, String.class)); internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession( - ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); + ExtendedPvpAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession( - ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); + ExtendedPvpAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); // #################################################### // set QAA level setQaaLevel(internalAuthData, authProcessData); - // #################################################### // set isForeigner flag setFlagForeigner(internalAuthData, authProcessData); - // #################################################### // set citizen country-code setCitizenCountryCode(internalAuthData, authProcessData); - // set generic authProcessData to authdata for (final Entry<String, Object> el : authProcessData.getGenericSessionDataStorage() .entrySet()) { @@ -220,33 +219,33 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } - } /** * Parse citzen country-code into AuthData. * - * @param authData Current authentication data - * @param authProcessData Authentication information holder from current pending request + * @param authData Current authentication data + * @param authProcessData Authentication information holder from current pending + * request */ private void setCitizenCountryCode(final AuthenticationData authData, final IAuthProcessDataContainer authProcessData) { - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); final String pvpCccAttr = authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); if (StringUtils.isNotEmpty(pvpCccAttr)) { authData.setCiticenCountryCode(pvpCccAttr); - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); } else { if (authData.isForeigner()) { - //TODO: + // TODO: log.warn("Foreign citizen country NOT set yet!"); } else { authData.setCiticenCountryCode(basicConfig.getBasicConfiguration( IConfigurationWithSP.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE, - EAAFConstants.COUNTRYCODE_AUSTRIA)); + EaafConstants.COUNTRYCODE_AUSTRIA)); } } @@ -256,28 +255,29 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati /** * parse QAA Level into AuthData. * - * @param authData current authentication data - * @param authProcessData Authentication information holder from current pending request - * @param pendingReq current pending request + * @param authData current authentication data + * @param authProcessData Authentication information holder from current pending + * request + * @param pendingReq current pending request */ private void setQaaLevel(@NonNull final AuthenticationData authData, @NonNull final IAuthProcessDataContainer authProcessData) { - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); String currentLoA = null; - if (StringUtils.isNotEmpty(authProcessData.getQAALevel())) { - currentLoA = authProcessData.getQAALevel(); + if (StringUtils.isNotEmpty(authProcessData.getQaaLevel())) { + currentLoA = authProcessData.getQaaLevel(); } else { currentLoA = authProcessData.getGenericDataFromSession( - PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); if (StringUtils.isNotEmpty(currentLoA)) { log.debug( - "Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "Find PVP-Attr '" + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA + " --> Parse QAA-Level from that attribute."); } } if (StringUtils.isNotEmpty(currentLoA)) { - if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { + if (currentLoA.startsWith(EaafConstants.EIDAS_LOA_PREFIX)) { authData.setEidasLoa(currentLoA); } else { @@ -285,20 +285,19 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } } else { - log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW); - authData.setEidasLoa(EAAFConstants.EIDAS_LOA_LOW); + log.info("No QAA level found. Set to default level " + EaafConstants.EIDAS_LOA_LOW); + authData.setEidasLoa(EaafConstants.EIDAS_LOA_LOW); } } - private void setFlagForeigner(final AuthenticationData authData, final IAuthProcessDataContainer authProcessData) { // TODO: change to new eIDAS-token attribute identifier if (authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME + .getGenericDataFromSession(PvpAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME + " --> Set 'isForeigner' flag to TRUE"); authData.setForeigner(true); @@ -309,8 +308,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } /** - * Build authentication data by using information from citizen-card or mobile-phone signature This - * builder uses IdentityLink, AuthBlock, full MIS mandate as input information. + * Build authentication data by using information from citizen-card or + * mobile-phone signature This builder uses IdentityLink, AuthBlock, full MIS + * mandate as input information. * * @param pendingReq current pendingRequest * @return {@link IAuthData} but never <code>null</code> @@ -340,7 +340,6 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setBaseIdTransferRestrication( pendingReq.getServiceProviderConfiguration().hasBaseIdTransferRestriction()); - // #################################################### // parse user info's from identityLink IIdentityLink idlFromPvpAttr = null; @@ -351,10 +350,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } else { // identityLink is not direct in MOASession final String pvpAttrIdl = authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); + .getGenericDataFromSession(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); // find PVP-Attr. which contains the IdentityLink if (StringUtils.isNotEmpty(pvpAttrIdl)) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME + " --> Parse basic user info's from that attribute."); InputStream idlStream = null; try { @@ -373,7 +372,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } finally { try { - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME); if (idlStream != null) { idlStream.close(); } @@ -390,28 +389,28 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati log.debug( "No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes."); authData.setFamilyName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); authData.setGivenName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.GIVEN_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, String.class)); authData.setDateOfBirth(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.BIRTHDATE_NAME, String.class)); authData.setIdentificationValue(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME, String.class)); authData.setIdentificationType(authProcessData.getGenericDataFromSession( - PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class)); + PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class)); // remove corresponding keys from genericSessionData if exists - includedToGenericAuthData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.BIRTHDATE_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); } } if (authData.getIdentificationType() != null - && !authData.getIdentificationType().equals(EAAFConstants.URN_PREFIX_BASEID)) { + && !authData.getIdentificationType().equals(EaafConstants.URN_PREFIX_BASEID)) { log.trace("IdentificationType is not a baseID --> clear it. "); authData.setBpk(authData.getIdentificationValue()); authData.setBpkType(authData.getIdentificationType()); @@ -420,22 +419,18 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setIdentificationType(null); } - // #################################################### // set QAA level setQaaLevel(authData, authProcessData); - // #################################################### // set isForeigner flag setFlagForeigner(authData, authProcessData); - // #################################################### // set citizen country-code setCitizenCountryCode(authData, authProcessData); - // #################################################### // set bPK and IdentityLink final String pvpBpkValue = getBpkValueFromPvpAttribute(authProcessData); @@ -449,12 +444,12 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati log.info( "Can not build authData, because moaSession include no bPK, encrypted bPK or baseID"); throw new EaafBuilderException("builder.08", - new Object[] {"No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME}, - "No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); + new Object[] { "No " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME }, + "No " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); } @@ -513,10 +508,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati "Can not build authData, because moaSession include no valid bPK, encrypted bPK or sourceID"); throw new EaafBuilderException("builder.13", new Object[] { - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()}, - "No valid " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier() }, + "No valid " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); } } @@ -536,7 +531,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati @Deprecated protected abstract Pair<String, String> getEncryptedBpkFromPvpAttribute( IAuthProcessDataContainer authProcessDataContainer, AuthenticationData authData, - IspConfiguration spConfig) throws EaafBuilderException; + ISpConfiguration spConfig) throws EaafBuilderException; // request baseId from SRZ @Deprecated @@ -546,13 +541,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati @Deprecated protected Pair<String, String> buildOAspecificbPK(final IRequest pendingReq, final AuthenticationData authData) throws EaafBuilderException { - final IspConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); final String baseID = authData.getIdentificationValue(); final String baseIdType = authData.getIdentificationType(); Pair<String, String> sectorSpecId = null; - if (EAAFConstants.URN_PREFIX_BASEID.equals(baseIdType)) { + if (EaafConstants.URN_PREFIX_BASEID.equals(baseIdType)) { // SAML1 legacy target parameter work-around final String spTargetId = oaParam.getAreaSpecificTargetIdentifier(); log.debug("Use OA target identifier '" + spTargetId + "' from configuration"); @@ -575,7 +570,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } @Deprecated - protected IIdentityLink buildOAspecificIdentityLink(final IspConfiguration spConfig, + protected IIdentityLink buildOAspecificIdentityLink(final ISpConfiguration spConfig, final IIdentityLink idl, final String bpk, final String bpkType) throws EaafConfigurationException, XPathException, DOMException, EaafParserException { if (spConfig.hasBaseIdTransferRestriction()) { @@ -607,10 +602,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * * @param oaParam Service-Provider configuration, never null * @param bpkType bPK-Type to check - * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false + * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise + * false */ @Deprecated - protected boolean matchsReceivedBpkToOnlineApplication(final IspConfiguration oaParam, + protected boolean matchsReceivedBpkToOnlineApplication(final ISpConfiguration oaParam, final String bpkType) { return oaParam.getAreaSpecificTargetIdentifier().equals(bpkType); @@ -619,9 +615,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati /** * Parse information from an IdentityLink into AuthData object. * - * @param authData current authentication data - * @param identityLink User's identityLink - * @param includedGenericSessionData Generic AuthSession Data from PVP attributes + * @param authData current authentication data + * @param identityLink User's identityLink + * @param includedGenericSessionData Generic AuthSession Data from PVP + * attributes */ @Deprecated private void parseBasicUserInfosFromIdl(final AuthenticationData authData, @@ -631,10 +628,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati /* * GivenNames and FamilyNames with simple Apostrophe were escaped with ' in - * IdentityLinkParser since 5 years. This feature was bug-fix for an SL1.0 AuthBlock problem. - * However, the authentication attributes (SAML2, eIDAS, OpenID-Connect) also includes this - * escaped values, but there it is not neccesary. We fix this problem in 3.4.3, but the fix can - * be deactivated for dependency reasons. + * IdentityLinkParser since 5 years. This feature was bug-fix for an SL1.0 + * AuthBlock problem. However, the authentication attributes (SAML2, eIDAS, + * OpenID-Connect) also includes this escaped values, but there it is not + * neccesary. We fix this problem in 3.4.3, but the fix can be deactivated for + * dependency reasons. */ if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { @@ -649,35 +647,37 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setDateOfBirth(identityLink.getDateOfBirth()); - // remove corresponding keys from genericSessionData if exists - includedGenericSessionData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.BIRTHDATE_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); } /** - * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in MOASession as 'GenericData'. <br> + * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in MOASession as + * 'GenericData'. <br> * * <pre> * <code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code> * </pre> * * @param session MOASession, but never null - * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists + * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no + * attribute exists */ @Deprecated private String getBpkValueFromPvpAttribute(final IAuthProcessDataContainer session) { String pvpBpkValueAttr = - session.getGenericDataFromSession(PVPAttributeDefinitions.BPK_NAME, String.class); + session.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME, String.class); if (StringUtils.isNotEmpty(pvpBpkValueAttr)) { - // fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations + // fix a wrong bPK-value prefix, which was used in some PVP Standardportal + // implementations if (pvpBpkValueAttr.startsWith("bPK:")) { - log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME + log.warn("Attribute " + PvpAttributeDefinitions.BPK_NAME + " contains a not standardize prefix! Staring attribute value correction process ..."); pvpBpkValueAttr = pvpBpkValueAttr.substring("bPK:".length()); @@ -685,18 +685,16 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati final String[] spitted = pvpBpkValueAttr.split(":"); if (spitted.length == 2) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME); + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME); return spitted[1]; - - } else if (spitted.length > 2) { - log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME + log.warn("Attribute " + PvpAttributeDefinitions.BPK_NAME + " has a wrong encoding and can NOT be USED!" + " Value:" + pvpBpkValueAttr); return null; } else { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " without prefix. Use it as it is"); return spitted[0]; @@ -708,49 +706,52 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } /** - * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in - * MOASession as 'GenericData'. <br> + * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could + * be exist in MOASession as 'GenericData'. <br> * * <pre> * <code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code> * </pre> * * @param session MOASession, but never null - * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute - * exists + * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if + * no attribute exists */ @Deprecated private String getBpkTypeFromPvpAttribute(final IAuthProcessDataContainer session) { final String pvpBpkTypeAttr = session.getGenericDataFromSession( - PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) { - // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations + // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal + // implementations // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) { - // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting + // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " + // Starting // attribute value correction ... "); // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); // // } log.debug( - "Find PVP-Attr: " + PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); + "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); return pvpBpkTypeAttr; } return null; - /* - * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME', because - * the prefix of BPK_NAME attribute contains the postfix of the bPKType + * INFO: This code could be used to extract the bPKType from + * 'PVPConstants.BPK_NAME', because the prefix of BPK_NAME attribute contains + * the postfix of the bPKType * - * Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER' PVP - * attributes + * Now, all PVP Standardportals should be able to send + * 'EID_SECTOR_FOR_IDENTIFIER' PVP attributes */ - // String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, + // String pvpbPKValueAttr = + // session.getGenericDataFromSession(PVPConstants.BPK_NAME, // String.class); // String[] spitted = pvpbPKValueAttr.split(":"); // if (MiscUtil.isEmpty(authData.getBPKType())) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index 60c08253..a613bd56 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -16,8 +16,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.idp.auth.builder; import java.security.InvalidKeyException; @@ -27,22 +25,26 @@ import java.security.PrivateKey; import java.security.PublicKey; import java.text.SimpleDateFormat; import java.util.Date; + import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.impl.data.Pair; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; + /** * Builder for the bPK, as defined in - * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> version - * <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. + * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> + * version <code>1.0.1</code> from + * <code>"reference.e-government.gv.at"</code>. * */ public class BpkBuilder { @@ -51,58 +53,60 @@ public class BpkBuilder { /** * Calculates an area specific unique person-identifier from a baseID. * - * @param baseID baseId from user but never null - * @param targetIdentifier target identifier for area specific identifier calculation but never - * null - * @return Pair consists of (unique person identifier for this target, targetArea) but never null + * @param baseID baseId from user but never null + * @param targetIdentifier target identifier for area specific identifier + * calculation but never null + * @return Pair consists of (unique person identifier for this target, + * targetArea) but never null * @throws EaafBuilderException if some input data are not valid */ public static Pair<String, String> generateAreaSpecificPersonIdentifier(final String baseID, final String targetIdentifier) throws EaafBuilderException { - return generateAreaSpecificPersonIdentifier(baseID, EAAFConstants.URN_PREFIX_BASEID, + return generateAreaSpecificPersonIdentifier(baseID, EaafConstants.URN_PREFIX_BASEID, targetIdentifier); } /** - * Calculates an area specific unique person-identifier from an unique identifier with a specific - * type. + * Calculates an area specific unique person-identifier from an unique + * identifier with a specific type. * - * @param baseID baseId from user but never null - * @param baseIdType Type of the baseID but never null - * @param targetIdentifier target identifier for area specific identifier calculation but never - * null - * @return Pair consists of (unique person identifier for this target, targetArea) but never null + * @param baseID baseId from user but never null + * @param baseIdType Type of the baseID but never null + * @param targetIdentifier target identifier for area specific identifier + * calculation but never null + * @return Pair consists of (unique person identifier for this target, + * targetArea) but never null * @throws EaafBuilderException if some input data are not valid */ public static Pair<String, String> generateAreaSpecificPersonIdentifier(final String baseID, final String baseIdType, final String targetIdentifier) throws EaafBuilderException { if (StringUtils.isEmpty(baseID)) { - throw new EaafBuilderException("builder.00", new Object[] {"baseID is empty or null"}, + throw new EaafBuilderException("builder.00", new Object[] { "baseID is empty or null" }, "BaseId is empty or null"); } if (StringUtils.isEmpty(baseIdType)) { throw new EaafBuilderException("builder.00", - new Object[] {"the type of baseID is empty or null"}, "Type of baseId is empty or null"); + new Object[] { "the type of baseID is empty or null" }, "Type of baseId is empty or null"); } if (StringUtils.isEmpty(targetIdentifier)) { throw new EaafBuilderException("builder.00", - new Object[] {"SP specific target identifier is empty or null"}, + new Object[] { "SP specific target identifier is empty or null" }, "SP specific target identifier is empty or null"); } - if (baseIdType.equals(EAAFConstants.URN_PREFIX_BASEID)) { + if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) { log.trace("Find baseID. Starting unique identifier caluclation for this target"); - if (targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_CDID) - || targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_WBPK)) { + if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID) + || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); - } else if (targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) { + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { log.trace("Calculate eIDAS identifier for target: " + targetIdentifier); final String[] splittedTarget = targetIdentifier.split("\\+"); final String cititzenCountryCode = splittedTarget[1]; @@ -114,15 +118,14 @@ public class BpkBuilder { } return buildEidasIdentifer(baseID, baseIdType, cititzenCountryCode, eidasOutboundCountry); - } else { throw new EaafBuilderException("builder.00", - new Object[] {"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"}, + new Object[] { "Target identifier: " + targetIdentifier + " is NOT allowed or unknown" }, "Target identifier: " + targetIdentifier + " is NOT allowed or unknown"); } } else { - log.trace("BaseID is not of type " + EAAFConstants.URN_PREFIX_BASEID + log.trace("BaseID is not of type " + EaafConstants.URN_PREFIX_BASEID + ". Check type against requested target ..."); if (baseIdType.equals(targetIdentifier)) { log.debug("Unique identifier is already area specific. Is nothing todo"); @@ -132,8 +135,8 @@ public class BpkBuilder { log.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!"); throw new EaafBuilderException("builder.00", - new Object[] {"Get unique identifier for target: " + baseIdType + " but target: " - + targetIdentifier + " is required"}, + new Object[] { "Get unique identifier for target: " + baseIdType + " but target: " + + targetIdentifier + " is required" }, "Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"); @@ -141,14 +144,15 @@ public class BpkBuilder { } } - /** * Builds the eIDAS from the given parameters. * - * @param baseId baseID of the citizen - * @param baseIdType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs ID - * @param destinationCountry CountryCode of that country, which receives the eIDAs ID + * @param baseId baseID of the citizen + * @param baseIdType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs + * ID + * @param destinationCountry CountryCode of that country, which receives the + * eIDAs ID * * @return Pair eIDAs/bPKType in a BASE64 encoding * @throws EaafBuilderException if some input data are not valid @@ -160,8 +164,8 @@ public class BpkBuilder { String bpkType = null; // check if we have been called by public sector application - if (baseIdType.startsWith(EAAFConstants.URN_PREFIX_BASEID)) { - bpkType = EAAFConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; + if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { + bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; log.debug("Building eIDAS identification from: [identValue]+" + bpkType); bpk = calculatebPKwbPK(baseId + "+" + bpkType); @@ -173,9 +177,9 @@ public class BpkBuilder { if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) || StringUtils.isEmpty(destinationCountry)) { throw new EaafBuilderException("builder.00", - new Object[] {"eIDAS-ID", + new Object[] { "eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry}, + + destinationCountry + ", Ursprungsland=" + sourceCountry }, "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry); } @@ -189,8 +193,8 @@ public class BpkBuilder { /** * Create an encrypted bPK. * - * @param bpk unencrypted bPK - * @param target bPK target + * @param bpk unencrypted bPK + * @param target bPK target * @param publicKey Public-Key used for encryption * @return encrypted bPK * @throws EaafBuilderException In case of an error @@ -198,8 +202,8 @@ public class BpkBuilder { public static String encryptBpk(final String bpk, String target, final PublicKey publicKey) throws EaafBuilderException { final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); - if (target.startsWith(EAAFConstants.URN_PREFIX_CDID)) { - target = target.substring(EAAFConstants.URN_PREFIX_CDID.length()); + if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) { + target = target.substring(EaafConstants.URN_PREFIX_CDID.length()); } final String input = @@ -210,8 +214,8 @@ public class BpkBuilder { final byte[] inputBytes = input.getBytes("ISO-8859-1"); result = encrypt(inputBytes, publicKey); return new String(Base64Utils.encode(result), "ISO-8859-1").replaceAll("\r\n", ""); - // return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", ""); - + // return new String(Base64Utils.encode(result, + // "ISO-8859-1")).replaceAll("\r\n", ""); } catch (final Exception e) { throw new EaafBuilderException("bPK encryption FAILED", null, e.getMessage(), e); @@ -223,8 +227,8 @@ public class BpkBuilder { * Decrypt an encrypted bPK. * * @param encryptedBpk encrypted bPK - * @param target bPK target - * @param privateKey private-key for decryption + * @param target bPK target + * @param privateKey private-key for decryption * @return bPK * @throws EaafBuilderException In case of an error */ @@ -232,7 +236,8 @@ public class BpkBuilder { final PrivateKey privateKey) throws EaafBuilderException { String decryptedString; try { - // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1"); + // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, + // "ISO-8859-1"); final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1")); final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); decryptedString = new String(decryptedBytes, "ISO-8859-1"); @@ -247,8 +252,8 @@ public class BpkBuilder { tmp = tmp.substring(tmp.indexOf("::") + 2); final String bPK = tmp.substring(0, tmp.indexOf("::")); - if (target.startsWith(EAAFConstants.URN_PREFIX_CDID + "+")) { - target = target.substring((EAAFConstants.URN_PREFIX_CDID + "+").length()); + if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) { + target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length()); } if (target.equals(sector)) { @@ -268,7 +273,7 @@ public class BpkBuilder { return hashBase64; } catch (final Exception ex) { - throw new EaafBuilderException("builder.00", new Object[] {"bPK/wbPK", ex.toString()}, + throw new EaafBuilderException("builder.00", new Object[] { "bPK/wbPK", ex.toString() }, ex.getMessage(), ex); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 7c143ca2..a6017789 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -1,4 +1,4 @@ -/******************************************************************************* +/* * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * @@ -15,24 +15,23 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.gv.egiz.eaaf.core.impl.idp.auth.data; import java.util.Date; import java.util.HashMap; import java.util.Map; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EaafAuthProcessDataConstants { @@ -48,7 +47,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() */ @Override public String getIssueInstant() { @@ -59,7 +59,8 @@ public class AuthProcessDataWrapper * (non-Javadoc) * * @see - * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant( + * java.lang.String) */ @Override public void setIssueInstant(final String issueInstant) { @@ -70,7 +71,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() */ @Override public boolean isAuthenticated() { @@ -78,11 +80,12 @@ public class AuthProcessDataWrapper } - /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated( + * boolean) */ @Override public void setAuthenticated(final boolean authenticated) { @@ -93,7 +96,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() */ @Override public IIdentityLink getIdentityLink() { @@ -101,13 +105,12 @@ public class AuthProcessDataWrapper } - /* * (non-Javadoc) * * @see - * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa - * .id.auth.data.IdentityLink) + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at. + * gv.egovernment.moa .id.auth.data.IdentityLink) */ @Override public void setIdentityLink(final IIdentityLink identityLink) { @@ -118,7 +121,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() */ @Override public boolean isMandateUsed() { @@ -128,7 +132,9 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates( + * boolean) */ @Override public void setUseMandates(final boolean useMandates) { @@ -142,18 +148,20 @@ public class AuthProcessDataWrapper * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() */ @Override - public String getQAALevel() { + public String getQaaLevel() { return wrapStringObject(VALUE_QAALEVEL, null, String.class); } /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java. + * lang.String) */ @Override - public void setQAALevel(final String qAALevel) { - authProcessData.put(VALUE_QAALEVEL, qAALevel); + public void setQaaLevel(final String qaaLevel) { + authProcessData.put(VALUE_QAALEVEL, qaaLevel); } @@ -170,7 +178,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner( + * boolean) */ @Override public void setForeigner(final boolean isForeigner) { @@ -200,12 +209,12 @@ public class AuthProcessDataWrapper } @Override - public boolean isEIDProcess() { + public boolean isEidProcess() { return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); } @Override - public void setEIDProcess(final boolean value) { + public void setEidProcess(final boolean value) { authProcessData.put(FLAG_IS_NEW_EID_PROCESS, value); } @@ -213,22 +222,24 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() + * @see + * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() */ @Override public Date getSessionCreated() { - return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class); + return wrapStringObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class); } /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession# + * getGenericSessionDataStorage() */ @Override public Map<String, Object> getGenericSessionDataStorage() { final Map<String, Object> result = new HashMap<>(); - for (final Map.Entry<String,Object> el : authProcessData.entrySet()) { + for (final Map.Entry<String, Object> el : authProcessData.entrySet()) { if (el.getKey().startsWith(GENERIC_PREFIX)) { result.put(el.getKey().substring(GENERIC_PREFIX.length()), el.getValue()); } @@ -241,9 +252,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang. - * String) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession# + * getGenericDataFromSession(java.lang. String) */ @Override public Object getGenericDataFromSession(final String key) { @@ -253,9 +263,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang. - * String, java.lang.Class) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession# + * getGenericDataFromSession(java.lang. String, java.lang.Class) */ @Override public <T> T getGenericDataFromSession(final String key, final Class<T> clazz) { @@ -265,9 +274,8 @@ public class AuthProcessDataWrapper /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang. - * String, java.lang.Object) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession# + * setGenericDataToSession(java.lang. String, java.lang.Object) */ @Override public void setGenericDataToSession(final String key, final Object object) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java index a1faa0a4..ee1037a1 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java @@ -1,22 +1,5 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between - * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European - * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in - * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software distributed under the Licence - * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the Licence for the specific language governing permissions and limitations under - * the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text file for details on the - * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative - * works that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ /* - * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between + * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European @@ -31,7 +14,7 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. - */ +*/ package at.gv.egiz.eaaf.core.impl.idp.auth.data; @@ -40,16 +23,20 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.Serializable; import java.security.PublicKey; + import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.w3c.dom.Element; - /** - * Data contained in an identity link issued by BMI, relevant to the MOA ID component. <br> - * <code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>. + * Data contained in an identity link issued by BMI, relevant to the MOA ID + * component. <br> + * <code>"IdentityLink"</code> is the translation of + * <code>"Personenbindung"</code>. * * @author Paul Ivancsics * @version $Id$ @@ -59,41 +46,44 @@ public class IdentityLink implements Serializable, IIdentityLink { private static final long serialVersionUID = 1L; /** - * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. + * <code>"identificationValue"</code> is the translation of + * <code>"Stammzahl"</code>. */ private String identificationValue; /** - * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. + * <code>"identificationType"</code> type of the identificationValue in the + * IdentityLink. */ private String identificationType; /** - * first name + * first name. */ private String givenName; /** - * family name + * family name. */ private String familyName; /** - * date of birth + * date of birth. */ private String dateOfBirth; /** - * the original saml:Assertion-Element + * the original saml:Assertion-Element. */ private transient Element samlAssertion; /** - * the serializes saml:Assertion + * the serializes saml:Assertion. */ private String serializedSamlAssertion; /** * Element - * /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person + * /saml:Assertion/saml:AttributeStatement/saml:Subject + * /saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person. */ private transient Element prPerson = null; /** - * we need for each dsig:Reference Element all transformation elements + * we need for each dsig:Reference Element all transformation elements. */ private transient Element[] dsigReferenceTransforms = null; @@ -103,14 +93,15 @@ public class IdentityLink implements Serializable, IIdentityLink { private String issueInstant; /** - * we need all public keys stored in the identity link + * we need all public keys stored in the identity link. */ private PublicKey[] publicKey; /** - * Constructor for IdentityLink + * Constructor for IdentityLink. */ - public IdentityLink() {} + public IdentityLink() { + } /* * (non-Javadoc) @@ -157,7 +148,8 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() */ @Override public String getIdentificationValue() { @@ -177,7 +169,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang. + * String) */ @Override public void setDateOfBirth(final String dateOfBirth) { @@ -187,7 +181,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang. + * String) */ @Override public void setFamilyName(final String familyName) { @@ -197,7 +193,8 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang. + * String) */ @Override public void setGivenName(final String givenName) { @@ -207,7 +204,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java. + * lang.String) */ @Override public void setIdentificationValue(final String identificationValue) { @@ -217,7 +216,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java. + * lang.String) */ @Override public void setIdentificationType(final String identificationType) { @@ -248,7 +249,8 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() */ @Override public String getSerializedSamlAssertion() { @@ -258,7 +260,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom + * .Element) */ @Override public void setSamlAssertion(final Element samlAssertion) @@ -270,7 +274,8 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() */ @Override public Element[] getDsigReferenceTransforms() { @@ -287,8 +292,8 @@ public class IdentityLink implements Serializable, IIdentityLink { * (non-Javadoc) * * @see - * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element - * []) + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms( + * org.w3c.dom.Element []) */ @Override public void setDsigReferenceTransforms(final Element[] dsigReferenceTransforms) { @@ -317,7 +322,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security. + * PublicKey[]) */ @Override public void setPublicKey(final PublicKey[] publicKey) { @@ -346,7 +353,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom. + * Element) */ @Override public void setPrPerson(final Element prPerson) { @@ -366,7 +375,9 @@ public class IdentityLink implements Serializable, IIdentityLink { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang. + * String) */ @Override public void setIssueInstant(final String issueInstant) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java index 220469d3..acb877c2 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java @@ -1,22 +1,5 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between - * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European - * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in - * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software distributed under the Licence - * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the Licence for the specific language governing permissions and limitations under - * the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text file for details on the - * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative - * works that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ /* - * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between + * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European @@ -31,7 +14,7 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. - */ +*/ package at.gv.egiz.eaaf.core.impl.idp.auth.data; @@ -40,17 +23,19 @@ import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.core.api.data.XMLNamespaceConstants; + +import org.springframework.util.Base64Utils; +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.springframework.util.Base64Utils; -import org.w3c.dom.Element; -import org.w3c.dom.traversal.NodeIterator; /** - * Parses MDS from an identity link <code><saml:Assertion></code> <br> + * Parses MDS from an identity link. <code><saml:Assertion></code> <br> * <b>This IDL parser extract NO key information!</b> * */ @@ -60,56 +45,59 @@ public class SimpleIdentityLinkAssertionParser { // XPath namespace prefix shortcuts // - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = XMLNamespaceConstants.PD_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = XMLNamespaceConstants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = XMLNamespaceConstants.DSIG_PREFIX + ":"; - /** Xpath expression to the root element */ + /** Xpath prefix for reaching PersonData Namespaces. */ + private static final String PDATA = XmlNamespaceConstants.PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces. */ + private static final String SAML = XmlNamespaceConstants.SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces. */ + private static final String DSIG = XmlNamespaceConstants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element. */ private static final String ROOT = ""; - /** Xpath expression to the SAMLSubjectConfirmationData element */ + /** Xpath expression to the SAMLSubjectConfirmationData element. */ private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = ROOT + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "SubjectConfirmation/" + SAML + "SubjectConfirmationData"; - /** Xpath expression to the PersonData element */ + /** Xpath expression to the PersonData element. */ public static final String PERSON_XPATH = SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; - /** Xpath expression to the PersonData GivenName element */ + /** Xpath expression to the PersonData GivenName element. */ public static final String PERSON_GIVEN_NAME_XPATH = PERSON_XPATH + "/" + PDATA + "Name/" + PDATA + "GivenName"; - /** Xpath expression to the PersonData FamilyName element */ + /** Xpath expression to the PersonData FamilyName element. */ public static final String PERSON_FAMILY_NAME_XPATH = PERSON_XPATH + "/" + PDATA + "Name/" + PDATA + "FamilyName"; - /** Xpath expression to the PersonData DateOfBirth element */ + /** Xpath expression to the PersonData DateOfBirth element. */ public static final String PERSON_DATE_OF_BIRTH_XPATH = PERSON_XPATH + "/" + PDATA + "DateOfBirth"; - /** Xpath expression to the Identification Value element */ + /** Xpath expression to the Identification Value element. */ public static final String PERSON_IDENT_VALUE_XPATH = PERSON_XPATH + "/" + PDATA + "Identification/" + PDATA + "Value"; - /** Xpath expression to the Identification Value element */ + /** Xpath expression to the Identification Value element. */ public static final String PERSON_IDENT_TYPE_XPATH = PERSON_XPATH + "/" + PDATA + "Identification/" + PDATA + "Type"; - /** Xpath expression to the DSIG X509Certificate element */ + /** Xpath expression to the DSIG X509Certificate element. */ private static final String DSIG_CERTIFICATES_XPATH = ROOT + DSIG + "Signature/" + DSIG + "KeyInfo/" + DSIG + "X509Data/" + DSIG + "X509Certificate"; - /** Xpath expression to the DSIG Transforms element */ + /** Xpath expression to the DSIG Transforms element. */ private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH = ROOT + DSIG + "Signature/" + DSIG + "SignedInfo/" + DSIG + "Reference/" + DSIG + "Transforms"; - /** The IssueInstant attribute of the SAML assertion */ + /** The IssueInstant attribute of the SAML assertion. */ private static final String ISSUE_INSTANT_ATTR = "IssueInstant"; public static final String ASSERTIONID = "AssertionID"; - /** This is the root element of the XML-Document provided by the Security Layer Card */ + /** + * This is the root element of the XML-Document provided by the Security Layer + * Card. + */ private Element assertionElem; /** - * Constructor for <code>IdentityLinkAssertionParser</code>. A DOM-representation of the incoming - * String will be created + * Constructor for <code>IdentityLinkAssertionParser</code>. A + * DOM-representation of the incoming String will be created * * @param xmlAssertion <code><saml:Assertion></code> as String * @throws EaafParserException on any parsing error @@ -120,7 +108,7 @@ public class SimpleIdentityLinkAssertionParser { assertionElem = DomUtils.parseXmlValidating(s); } catch (final Throwable t) { - throw new EaafParserException("parser.01", new Object[] {t.toString()}, t); + throw new EaafParserException("parser.01", new Object[] { t.toString() }, t); } } @@ -136,8 +124,8 @@ public class SimpleIdentityLinkAssertionParser { } /** - * Constructor for <code>IdentityLinkAssertionParser</code>. A DOM-representation of the incoming - * Inputstream will be created + * Constructor for <code>IdentityLinkAssertionParser</code>. A + * DOM-representation of the incoming Inputstream will be created * * @param xmlAssertion <code><saml:Assertion></code> as InputStream * @throws EaafParserException on any parsing error @@ -148,13 +136,13 @@ public class SimpleIdentityLinkAssertionParser { assertionElem = DomUtils.parseXmlValidating(xmlAssertion); } catch (final Throwable t) { - throw new EaafParserException("parser.01", new Object[] {t.toString()}, t); + throw new EaafParserException("parser.01", new Object[] { t.toString() }, t); } } /** - * Parses the identity link from the <code><saml:Assertion></code> + * Parses the identity link from the <code><saml:Assertion></code>. * * @return Identity link * @throws EaafParserException on any parsing error @@ -199,7 +187,7 @@ public class SimpleIdentityLinkAssertionParser { // identityLink.setPublicKey(getPublicKeys()); } catch (final Throwable t) { - throw new EaafParserException("parser.01", new Object[] {t.toString()}, t); + throw new EaafParserException("parser.01", new Object[] { t.toString() }, t); } return identityLink; @@ -207,10 +195,10 @@ public class SimpleIdentityLinkAssertionParser { /** * Parses a string array of decoded base64 certificates from the - * <code><InfoboxReadResponse></code> found in the dsig-signature + * <code><InfoboxReadResponse></code> found in the dsig-signature. * * @return String[] with raw-certificates from the dsig-signature keyinfo - * @throws Exception + * @throws Exception In case of an error */ public String[] getCertificates() throws Exception { final List certs = new ArrayList(); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java index c785e1cb..3d093a9f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java @@ -27,11 +27,24 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileItemFactory; +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; +import org.apache.commons.lang3.ArrayUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -41,20 +54,10 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; import at.gv.egiz.eaaf.core.impl.idp.process.springweb.AbstractTask; import at.gv.egiz.eaaf.core.impl.utils.DataUrlBuilder; -import org.apache.commons.fileupload.FileItem; -import org.apache.commons.fileupload.FileItemFactory; -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.fileupload.disk.DiskFileItemFactory; -import org.apache.commons.fileupload.servlet.ServletFileUpload; -import org.apache.commons.lang3.ArrayUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; /** - * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error - * handling, parameter parsing etc.). + * Task based counterpart to {@link AuthServlet}, providing the same utility + * methods (error handling, parameter parsing etc.). * </p> * The code has been taken from {@link AuthServlet}. */ @@ -81,7 +84,6 @@ public abstract class AbstractAuthServletTask extends AbstractTask { public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException; - @Override protected final IRequest internalExecute(final IRequest pendingReq, final ExecutionContext executionContext, final HttpServletRequest request, @@ -90,7 +92,7 @@ public abstract class AbstractAuthServletTask extends AbstractTask { this.pendingReq = pendingReq; // add latest pendingRequestId on execution context - executionContext.put(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID, + executionContext.put(EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID, pendingReq.getPendingRequestId()); // execute task specific action @@ -101,20 +103,22 @@ public abstract class AbstractAuthServletTask extends AbstractTask { } /** - * Redirect the authentication process to protocol specific finalization endpoint. + * Redirect the authentication process to protocol specific finalization + * endpoint. * * @param executionContext * - * @param pendingReq Actually processed protocol specific authentication request - * @param httpResp http response object - * @throws IOException In case of a general error + * @param pendingReq Actually processed protocol specific authentication + * request + * @param httpResp http response object + * @throws IOException In case of a general error * @throws EaafException In case of an application error */ protected void performRedirectToProtocolFinialization(final ExecutionContext executionContext, final IRequest pendingReq, final HttpServletRequest httpReq, final HttpServletResponse httpResp) throws EaafException, IOException { final Object frontChannelRedirectFlagObj = - executionContext.get(EAAFConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT); + executionContext.get(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT); if (frontChannelRedirectFlagObj != null && frontChannelRedirectFlagObj instanceof Boolean && (Boolean) frontChannelRedirectFlagObj) { log.info("AuthProcess finished. Forward to Protocol finalization."); @@ -128,15 +132,14 @@ public abstract class AbstractAuthServletTask extends AbstractTask { } - - } /** * Redirect the authentication process to IDP itself. * - * @param pendingReq Actually processed protocol specific authentication request - * @param httpResp http response + * @param pendingReq Actually processed protocol specific authentication + * request + * @param httpResp http response * @param idpEndPoint Servlet EndPoint that should receive the redirect */ protected void performRedirectToItself(final IRequest pendingReq, @@ -151,16 +154,15 @@ public abstract class AbstractAuthServletTask extends AbstractTask { } - /** - * Parses the request input stream for parameters, assuming parameters are encoded UTF-8 (no - * standard exists how browsers should encode them). + * Parses the request input stream for parameters, assuming parameters are + * encoded UTF-8 (no standard exists how browsers should encode them). * * @param req servlet request * * @return mapping parameter name -> value * - * @throws IOException if parsing request parameters fails. + * @throws IOException if parsing request parameters fails. * * @throws FileUploadException if parsing request parameters fails. */ @@ -215,7 +217,8 @@ public abstract class AbstractAuthServletTask extends AbstractTask { final Entry<String, String[]> entry = requestParamIt.next(); final String key = entry.getKey(); final String[] values = entry.getValue(); - // take the last value from the value array since the legacy code above also does it this + // take the last value from the value array since the legacy code above also + // does it this // way parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length - 1]); } @@ -228,7 +231,7 @@ public abstract class AbstractAuthServletTask extends AbstractTask { /** * Reads bytes up to a delimiter, consuming the delimiter. * - * @param in input stream + * @param in input stream * @param delimiter delimiter character * @return String constructed from the read bytes * @throws IOException In case of a general error @@ -251,8 +254,8 @@ public abstract class AbstractAuthServletTask extends AbstractTask { /** * Adds a parameter to a URL. * - * @param url the URL - * @param paramname parameter name + * @param url the URL + * @param paramname parameter name * @param paramvalue parameter value * @return the URL with parameter added */ diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java index 27aeab03..c4f1b505 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java @@ -27,12 +27,9 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.ServiceLoader; + import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; -import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,13 +37,20 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.core.io.Resource; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; + /** - * This class handles registering modules. The modules are detected either with the ServiceLoader - * mechanism or via Spring. All detected modules are ranked according to their priority. + * This class handles registering modules. The modules are detected either with + * the ServiceLoader mechanism or via Spring. All detected modules are ranked + * according to their priority. */ public class ModuleRegistration { - //private static ModuleRegistration instance = new ModuleRegistration(); + // private static ModuleRegistration instance = new ModuleRegistration(); private final List<AuthModule> priorizedModules = new ArrayList<>(); @@ -58,10 +62,6 @@ public class ModuleRegistration { private final Logger log = LoggerFactory.getLogger(getClass()); -// public static ModuleRegistration getInstance() { -// return ctx.; -// } - private ModuleRegistration() { } @@ -77,7 +77,7 @@ public class ModuleRegistration { // order modules according to their priority sortModules(); - //instance = this; + // instance = this; } /** @@ -142,10 +142,10 @@ public class ModuleRegistration { } /** - * Returns the process description id of the first process, in the highest ranked module, which is - * able to work with the given execution context. + * Returns the process description id of the first process, in the highest + * ranked module, which is able to work with the given execution context. * - * @param context the {@link ExecutionContext}. + * @param context the {@link ExecutionContext}. * @param pendingReq the current processed {@link IRequest} * @return the process id or {@code null} */ diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index a5030851..817c7aa2 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -24,14 +24,27 @@ import java.io.PrintWriter; import java.io.StringWriter; import java.util.Arrays; import java.util.List; + import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.lang.NonNull; +import org.springframework.lang.Nullable; +import org.springframework.stereotype.Service; + import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; import at.gv.egiz.eaaf.core.api.gui.IGuiFormBuilder; @@ -40,7 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; import at.gv.egiz.eaaf.core.api.idp.auth.ISsoManager; import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; @@ -59,16 +72,6 @@ import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.HttpUtils; -import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; -import org.springframework.stereotype.Service; @Service public class ProtocolAuthenticationService implements IProtocolAuthenticationService { @@ -99,13 +102,13 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Autowired private IRevisionLogger revisionsLogger; - private IGuiFormBuilder guiBuilder; /* * (non-Javadoc) * - * @see at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService# + * @see + * at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService# * performAuthentication(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest) */ @@ -121,16 +124,17 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer .setPendingRequestId(pendingReqIdGenerationStrategy.generateExternalPendingRequestId()); // load Parameters from OnlineApplicationConfiguration - final IspConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); if (oaParam == null) { throw new EaafAuthenticationException( IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG, - new Object[] {pendingReq.getSpEntityId()}); + new Object[] { pendingReq.getSpEntityId() }); } if (authmanager.doAuthentication(req, resp, pendingReq)) { - // pending request is already authenticated --> protocol-specific postProcessing can start + // pending request is already authenticated --> protocol-specific postProcessing + // can start // directly finalizeAuthentication(req, resp, pendingReq); @@ -155,7 +159,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer /* * (non-Javadoc) * - * @see at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService# + * @see + * at.gv.egiz.eaaf.core.impl.idp.auth.services.IProtocolAuthenticationService# * finalizeAuthentication(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, at.gv.egiz.eaaf.core.api.IRequest) */ @@ -210,11 +215,10 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer // remove pending-request requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, - pendingReq.getUniqueTransactionIdentifier()); + pendingReq.getUniqueTransactionIdentifier()); } - @Override public void buildProtocolSpecificErrorResponse(final Throwable throwable, final HttpServletRequest req, final HttpServletResponse resp, final IRequest protocolRequest) @@ -285,7 +289,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } - public void setGuiBuilder(final IGuiFormBuilder guiBuilder) { this.guiBuilder = guiBuilder; } @@ -293,11 +296,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer /** * Finalize the requested protocol operation. * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse * @param protocolRequest Authentication request which is actually in process - * @param moaSession MOASession object, which is used to generate the protocol specific - * authentication information + * @param moaSession MOASession object, which is used to generate the + * protocol specific authentication information * @throws Exception In case of an error */ protected void internalFinalizeAuthenticationProcess(final HttpServletRequest req, @@ -352,10 +355,10 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer /** * Executes the requested protocol action. * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse * @param protocolRequest Authentication request which is actually in process - * @param authData Service-provider specific authentication data + * @param authData Service-provider specific authentication data * * @return Return Single LogOut information or null if protocol supports no SSO * @@ -430,7 +433,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer final IGuiBuilderConfiguration config = guiConfigFactory.getDefaultErrorGui(HttpUtils.extractAuthUrlFromRequest(httpReq)); - String[] errorCodeParams = null; if (params == null) { errorCodeParams = new String[] {}; @@ -446,8 +448,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } } - - // add errorcode and errormessage if (config instanceof ModifyableGuiBuilderConfiguration) { ((ModifyableGuiBuilderConfiguration) config).putCustomParameter( @@ -471,15 +471,12 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer "Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable "); } - - guiBuilder.build(httpReq, httpResp, config, "Error-Message"); } catch (final GuiBuildException e) { log.warn("Can not build error-message GUI.", e); throw new EaafException("9199", null, e); - } } @@ -496,7 +493,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer throws IOException, EaafException { if (e instanceof ProtocolNotActiveException) { resp.getWriter().write(e.getMessage()); - resp.setContentType(EAAFConstants.CONTENTTYPE_HTML_UTF8); + resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage()))); @@ -537,5 +534,4 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } - } |