update AuthData builder

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-10-15 13:04:03 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-10-15 13:04:03 +0200
commit: c48b11484a7c0b71a4259a33de279a9501a5cdef (patch)
tree: b04540d23215145cd975dc26a4c819a5063928a7
parent: 7a2bd50dc6d80b2c6271d6feaff7ca4c178958f8 (diff)
download: moa-id-spss-c48b11484a7c0b71a4259a33de279a9501a5cdef.tar.gz
moa-id-spss-c48b11484a7c0b71a4259a33de279a9501a5cdef.tar.bz2
moa-id-spss-c48b11484a7c0b71a4259a33de279a9501a5cdef.zip
1 files changed, 96 insertions, 39 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 0510f545a..cd2bfcf91 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -361,6 +361,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			authData.setBPK(pvpbPK.split(":")[1]);
 		}
 		
+		boolean foundEncryptedbPKForOA = false;
 		if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) {
 			List<String> encbPKList = Arrays.asList(
 					extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";"));							
@@ -377,6 +378,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 									+ oaParam.getPublicURLPrefix()
 									+ " Start decryption process ...");
 							PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey();
+							foundEncryptedbPKForOA = true;
 							if (privKey != null) {
 								try {
 									String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey);
@@ -411,54 +413,82 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			}						
 		}
 		
-		if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 && 
-				MiscUtil.isEmpty(authData.getIdentificationValue())) {
+		if (MiscUtil.isEmpty(authData.getIdentificationValue()) && 
+				MiscUtil.isEmpty(authData.getBPK()) &&
+				!foundEncryptedbPKForOA) {
 			Logger.info("Federated assertion include no bPK, encrypted bPK or baseID");
+			throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+					+ " or " + PVPConstants.EID_SOURCE_PIN_NAME 
+					+ " or " + PVPConstants.ENC_BPK_LIST_NAME);
 			
-			try {
-				EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig();
-				if (eGovClientsConfig != null) {
-					SZRClient szrclient = new SZRClient(eGovClientsConfig);
+		}
+		
+		//check if received bPK matchs to online application configuration 
+		//and no encrypted bPK is found for this oa
+		if (!matchsReceivedbPKToOnlineApplication(oaParam, authData) 
+				&& !foundEncryptedbPKForOA) {
+			Logger.info("Received bPK/wbPK does not match to online application");
+			
+			if (MiscUtil.isEmpty(authData.getIdentificationValue())) {
+				Logger.info("No baseID found. Connect SZR to reveive baseID ...");				
+				try {
+					EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig();
+					if (eGovClientsConfig != null) {
+						SZRClient szrclient = new SZRClient(eGovClientsConfig);
+						
+						Logger.debug("Create SZR request to get baseID ... ");
+						PersonInfoType personInfo = new PersonInfoType();
+						at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType();
+						personInfo.setPerson(person);					
+						at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType();
+						person.setName(name);
+						at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType();
+						person.setIdentification(idValue);
+						
+						//set bPK or wbPK						
+						idValue.setValue(authData.getBPK());
+						idValue.setType(authData.getBPKType());
+						
+						//set person information
+						name.setGivenName(authData.getGivenName());
+						name.setFamilyName(authData.getFamilyName());
+						if (authData.getDateOfBirth() != null)
+							person.setDateOfBirth(authData.getFormatedDateOfBirth());
+						
+						//request szr and store baseID
+						authData.setIdentificationValue(szrclient.getStammzahl(personInfo));
+						authData.setIdentificationType(Constants.URN_PREFIX_BASEID);
+											
+					} else {
+						Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible.");
+						throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+								+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+						
+					}
+								
+				} catch (ConfigurationException e) {
+					 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
 					
-					Logger.debug("Create SZR request to get baseID ... ");
-					PersonInfoType personInfo = new PersonInfoType();
-					at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType();
-					personInfo.setPerson(person);					
-					at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType();
-					person.setName(name);
+				} catch (EgovUtilException e) {
+					Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
 					
-					name.setGivenName(authData.getGivenName());
-					name.setFamilyName(authData.getFamilyName());
-					if (authData.getDateOfBirth() != null)
-						person.setDateOfBirth(authData.getFormatedDateOfBirth());
-				
-					authData.setIdentificationValue(szrclient.getStammzahl(personInfo));
-					authData.setIdentificationType(Constants.URN_PREFIX_BASEID);
-										
-				} else {
-					Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible.");
+				} catch (SZRException e) {
+					Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
 					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
 							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
 					
 				}
-							
-			} catch (ConfigurationException e) {
-				 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
-				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
-						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-				
-			} catch (EgovUtilException e) {
-				Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
-				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
-						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-				
-			} catch (SZRException e) {
-				Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
-				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
-						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-				
 			}
-					
+			
+			//build OA specific bPK/wbPK information
+			buildOAspecificbPK(oaParam, authData, 
+					authData.getIdentificationValue(), 
+					authData.getIdentificationType());
+			
 		}
 		
 		if (MiscUtil.isEmpty(authData.getBPK())) {
@@ -672,6 +702,33 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		authData.setPublicAuthority(false);
 	}
 	
+	/**
+	 * @param oaParam
+	 * @param authData
+	 * @return
+	 */
+	private static boolean matchsReceivedbPKToOnlineApplication(
+			IOAAuthParameters oaParam, AuthenticationData authData) {
+		
+		String oaTarget = null;
+		if (oaParam.getBusinessService()) {
+			if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK))
+				oaTarget = oaParam.getIdentityLinkDomainIdentifier();
+			else
+				oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
+			
+		} else {
+			oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget();
+			
+		}
+		
+		
+		if (oaTarget.equals(authData.getBPKType()))
+			return true;
+		else
+			return false;
+	}
+
 	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
 			IOAAuthParameters oaParam) throws BuildException, ConfigurationException {
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-10-15 13:04:03 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-10-15 13:04:03 +0200
commit	c48b11484a7c0b71a4259a33de279a9501a5cdef (patch)
tree	b04540d23215145cd975dc26a4c819a5063928a7
parent	7a2bd50dc6d80b2c6271d6feaff7ca4c178958f8 (diff)
download	moa-id-spss-c48b11484a7c0b71a4259a33de279a9501a5cdef.tar.gz moa-id-spss-c48b11484a7c0b71a4259a33de279a9501a5cdef.tar.bz2 moa-id-spss-c48b11484a7c0b71a4259a33de279a9501a5cdef.zip