diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-10-24 13:47:00 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-10-24 13:47:00 +0200 |
| commit | d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d (patch) | |
| tree | 527d9753615f28a555040b328dd1edc26788ad33 | |
| parent | a9e03893056cf1b349148b0f1048c37c9073e557 (diff) | |
| download | moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.gz moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.bz2 moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.zip | |
update STORK <-> PVP gateway functionality
16 files changed, 166 insertions, 85 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cd2bfcf91..2c20e96ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -78,6 +78,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -175,7 +176,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { //get OnlineApplication from MOA-ID-Auth configuration oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaID); - + + //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway + if (oaParam.isSTORKPVPGateway()) + oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest); + } else { //build OnlineApplication dynamic from requested attributes oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP); @@ -347,24 +352,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.debug("Build AuthData from assertion starts ...."); - authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME)); - authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME)); - authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME)); - authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); - authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME)); - authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME)); - authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME)); - authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); + authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME)); + authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME)); + authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME)); + authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); + authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME)); + authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME)); + authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME)); + authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); if (extractor.containsAttribute(PVPConstants.BPK_NAME)) { - String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME); + String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME); authData.setBPK(pvpbPK.split(":")[1]); } boolean foundEncryptedbPKForOA = false; if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { List<String> encbPKList = Arrays.asList( - extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";")); + extractor.getSingleAttributeValue(PVPConstants.ENC_BPK_LIST_NAME).split(";")); authData.setEncbPKList(encbPKList); for (String fullEncbPK : encbPKList) { int index = fullEncbPK.indexOf("|"); @@ -501,11 +506,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + - extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { try { - byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false); + byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false); authData.setAuthBlock(new String(authBlock, "UTF-8")); } catch (IOException e) { @@ -517,7 +522,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { try { authData.setSignerCertificate(Base64Utils.decode( - extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); + extractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); } catch (IOException e) { Logger.error("Received SignerCertificate is not valid", e); @@ -527,7 +532,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) { try { - InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false); + InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false); IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); buildOAspecificIdentityLink(oaParam, authData, idl); @@ -542,12 +547,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { // set mandate attributes - authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); + authData.setMandateReferenceValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { try { byte[] mandate = Base64Utils.decode( - (extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); + (extractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); if (authData.getMISMandate() == null) authData.setMISMandate(new MISMandate()); @@ -588,9 +593,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { legalperson.getIdentification().add(legalID ); mandator.setCorporateBody(legalperson ); - legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); - legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); - idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); + legalperson.setFullName(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); + legalID.setType(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); + idvalue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); //build natural person short mandate } else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) || @@ -610,18 +615,18 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Value idValue = new Value(); persID.setValue(idValue ); - String[] pvp2GivenName = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); + String[] pvp2GivenName = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); for(int i=0; i<pvp2GivenName.length; i++) persName.getGivenName().add(pvp2GivenName[i]); - familyName.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME)); - physPerson.setDateOfBirth(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)); + familyName.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME)); + physPerson.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)); if (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) { persID.setType(Constants.URN_PREFIX_BASEID); - idValue.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)); + idValue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)); } else { - String[] pvp2bPK = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":"); + String[] pvp2bPK = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":"); if (pvp2bPK.length == 2) { idValue.setValue(pvp2bPK[1]); @@ -633,7 +638,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { persID.setType(Constants.URN_PREFIX_WBPK + "+" + pvp2bPK[0]); } else { - Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME)); + Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME)); throw new AssertionAttributeExtractorExeption("Receive mandator bPK from federation with an unsupported format."); } @@ -671,14 +676,25 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (authData.getMISMandate() == null) authData.setMISMandate(new MISMandate()); authData.getMISMandate().setProfRep( - extractor.getAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME)); + extractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME)); } - + + //set PVP role attribute + if (extractor.containsAttribute(PVPConstants.ROLES_NAME)) { + String pvpRoles = extractor.getSingleAttributeValue(PVPConstants.ROLES_NAME); + if (MiscUtil.isNotEmpty(pvpRoles)) { + List<String> roles = Arrays.asList(pvpRoles.split(";")); + for (String role : roles) { + authData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole(role)); + } + } + } + //set STORK attributes if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) { - authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME)); + authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME)); authData.setForeigner(true); } @@ -712,10 +728,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { String oaTarget = null; if (oaParam.getBusinessService()) { - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK) || + oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_STORK)) oaTarget = oaParam.getIdentityLinkDomainIdentifier(); - else - oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + else { + Logger.warn("BusinessIdentifier can not be clearly assigned, because it starts without a prefix."); + return false; + + } } else { oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); @@ -891,22 +912,10 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (oaParam.getBusinessService()) { //since we have foreigner, wbPK is not calculated in BKU if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - + authData.setBPK(new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr)); + authData.setBPKType(registerAndOrdNr); + } else { authData.setBPK(baseID); authData.setBPKType(baseIDType); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 6fd327add..050706d7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -26,6 +26,7 @@ import java.io.Serializable; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; +import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -129,6 +130,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String authBlock = null; private List<String> encbPKList = null; + private List<AuthenticationRole> roles = null; private boolean useMandate = false; private MISMandate mandate = null; @@ -688,6 +690,24 @@ public class AuthenticationData implements IAuthData, Serializable { public void setEncbPKList(List<String> encbPKList) { this.encbPKList = encbPKList; } + + /** + * @return the roles + */ + public List<AuthenticationRole> getAuthenticationRoles() { + return roles; + } + + /** + * @param roles the roles to set + */ + public void addAuthenticationRole(AuthenticationRole role) { + if (this.roles == null) + this.roles = new ArrayList<AuthenticationRole>(); + + this.roles.add(role); + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 8ce33021d..0d55dbdd1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -69,6 +69,8 @@ public interface IAuthData { byte[] getSignerCertificate(); String getAuthBlock(); + List<AuthenticationRole> getAuthenticationRoles(); + boolean isPublicAuthority(); String getPublicAuthorityCode(); boolean isQualifiedCertificate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 1e38bd4ff..03cb6c1c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -276,11 +276,27 @@ public class DispatcherServlet extends AuthServlet{ Logger.info("PreProcessing of SSO interfederation response complete. "); - //request is a not valid interfederation response -> Restart local authentication + //request is a not valid interfederation response } else if (protocolRequest != null && MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { - Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() - + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); + + OAAuthParameter oaParams = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) { + // -> send end error to service provider + Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() + + " FAILED. Sending error message to service provider."); + MOAIDException e = new MOAIDException("auth.27", new Object[]{}); + IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); + if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest)) + handleErrorNoRedirect(e.getMessage(), e, req, + resp); + + return; + + } else + //-> Restart local authentication + Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() + + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); //request is a new authentication request } else if (protocolRequest != null && diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index daa70efce..a4d63b144 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -381,14 +381,15 @@ public class AuthenticationManager extends AuthServlet { //get IDP metadata try { OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); Logger.info("Switch to local authentication on this IDP ... "); perfomLocalAuthentication(request, response, target); return; - } - + } + EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). getEntityDescriptor(target.getRequestedIDP()); @@ -417,7 +418,7 @@ public class AuthenticationManager extends AuthServlet { authReq.setID(gen.generateIdentifier()); //send passive AuthnRequest - authReq.setIsPassive(true); + authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation()); authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 0da846f9e..cf20db7d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -664,7 +664,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { } else { Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + " from interfederated IDP."); - + } } catch (IOException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 47c297914..1f3e86ff6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -41,7 +41,7 @@ public interface PVPConstants { public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; - public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/"; + public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; public static final String URN_OID_PREFIX = "urn:oid:"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 6296d102f..91888df5c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -49,6 +49,7 @@ import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; @@ -66,7 +67,7 @@ import at.gv.egovernment.moa.util.Constants; */ public class AttributQueryBuilder { - public static List<Attribute> buildSAML2AttributeList(OAAuthParameter oa, Iterator<String> iterator) { + public static List<Attribute> buildSAML2AttributeList(IOAAuthParameters oa, Iterator<String> iterator) { Logger.debug("Build OA specific Attributes for AttributQuery request"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index a16fed9cd..c5ad26744 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -36,6 +36,7 @@ import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.core.Subject; +import org.opensaml.xml.XMLObject; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -48,7 +49,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class AssertionAttributeExtractor { private Assertion assertion = null; - private Map<String, String> attributs = new HashMap<String, String>(); + private Map<String, List<String>> attributs = new HashMap<String, List<String>>(); private PersonalAttributeList storkAttributes = new PersonalAttributeList(); private final List<String> minimalAttributeNameList = Arrays.asList( @@ -74,13 +75,21 @@ public class AssertionAttributeExtractor { for (Attribute attr : attrStat.getAttributes()) { if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { List<String> storkAttrValues = new ArrayList<String>(); - storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent()); + for (XMLObject el : attr.getAttributeValues()) + storkAttrValues.add(el.getDOM().getTextContent()); + PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), false, storkAttrValues , "Available"); storkAttributes.put(attr.getName(), storkAttr ); - } else - attributs.put(attr.getName(), attr.getAttributeValues().get(0).getDOM().getTextContent()); + } else { + List<String> attrList = new ArrayList<String>(); + for (XMLObject el : attr.getAttributeValues()) + attrList.add(el.getDOM().getTextContent()); + + attributs.put(attr.getName(), attrList); + + } } } @@ -129,7 +138,15 @@ public class AssertionAttributeExtractor { } - public String getAttribute(String attributeName) { + public String getSingleAttributeValue(String attributeName) { + if (attributs.containsKey(attributeName)) + return attributs.get(attributeName).get(0); + else + return null; + + } + + public List<String> getAttributeValues(String attributeName) { return attributs.get(attributeName); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a1525db0a..10b325234 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -54,7 +54,7 @@ public class AttributeProviderFactory { result.add("EHvdAttributeProvider"); result.add("SignedDocAttributeRequestProvider"); result.add("MandateAttributeRequestProvider"); - + result.add("PVPAuthenticationProvider"); return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 95597e0ad..aa018d5a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -455,7 +455,7 @@ public class AuthenticationRequest implements IAction { // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 076139018..f4b02ee2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -22,13 +22,23 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.ArrayList; import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -206,29 +216,31 @@ public class MOASTORKRequest extends RequestImpl { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() - */ - @Override - public String getRequestedIDP() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse() - */ - @Override - public MOAResponse getInterfederationResponse() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() */ @Override public List<Attribute> getRequestedAttributes() { - // TODO Auto-generated method stub - return null; +// //TODO: only for testing with MOA-ID as PVP Stammportal +// IOAAuthParameters oa; +// try { +// List<String> reqAttr = new ArrayList<String>(); +// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); +// +// oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); +// oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); +// +// DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; +// tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); +// +// return AttributQueryBuilder.buildSAML2AttributeList(tmp, reqAttr.iterator()); +// +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// return null; +// } + + return new ArrayList<Attribute>(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java index 95af3565e..88c59ccf9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java @@ -129,6 +129,7 @@ public class PVPAuthenticationProvider extends AttributeProvider { authRequest.setCountry(spCountryCode); authRequest.setSpCountry(spCountryCode); authRequest.setSpApplication(spApplication); + authRequest.setProviderName(spApplication); authRequest.setSpSector(spSector); authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList()); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 361c6b5ee..848866090 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -44,6 +44,7 @@ auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.25=Fehler beim validieren der SZR-Gateway Response.
auth.26=SessionID unbekannt.
+auth.27=Federated authentication FAILED.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 085625972..27f735028 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -24,6 +24,7 @@ auth.23=9000 auth.24=9001 auth.25=1109 auth.26=1100 +auth.27=4401 init.00=9199 init.01=9199 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java index cdb19340d..3dcfa8aa9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java @@ -156,8 +156,8 @@ public final class ConfigurationDBUtils { tx.begin(); session.merge(dbo); tx.commit(); - - //session.clear(); + + session.clear(); } return true; |