aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-10-08 12:22:57 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-10-08 12:22:57 +0200
commitbfa66b41e723daf7ac7da7cef694ed52c43dbb39 (patch)
treed2109e01280b44936f65f20a98c66e8b5cba9c42
parent7727f1798299b11bed248ed6a920adf02e43e6b3 (diff)
downloadmoa-id-spss-bfa66b41e723daf7ac7da7cef694ed52c43dbb39.tar.gz
moa-id-spss-bfa66b41e723daf7ac7da7cef694ed52c43dbb39.tar.bz2
moa-id-spss-bfa66b41e723daf7ac7da7cef694ed52c43dbb39.zip
add SZR request to get baseID
-rw-r--r--id/server/idserverlib/pom.xml20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java214
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java35
3 files changed, 192 insertions, 77 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 00d128ca5..833f869e5 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -83,11 +83,27 @@
<artifactId>webservices-tools</artifactId>
<version>2.3</version>
</dependency> -->
- <dependency>
+<!-- <dependency>
<groupId>org.glassfish.metro</groupId>
<artifactId>webservices-rt</artifactId>
<version>2.3</version>
- </dependency>
+ </dependency> -->
+
+ <dependency>
+ <groupId>at.gv.util</groupId>
+ <artifactId>egovutils</artifactId>
+ <version>1.0.7</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.sun</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index a8a7d0c51..0510f545a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -31,7 +31,6 @@ import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
-import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -66,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -102,6 +102,11 @@ import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.XPathUtils;
+import at.gv.util.client.szr.SZRClient;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+import at.gv.util.ex.EgovUtilException;
+import at.gv.util.wsdl.szr.SZRException;
+import at.gv.util.xsd.szr.PersonInfoType;
/**
* @author tlenz
@@ -406,10 +411,61 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
}
- if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0) {
- Logger.error("Federated assertion include no bPK or encrypted bPK");
- throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME);
+ if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 &&
+ MiscUtil.isEmpty(authData.getIdentificationValue())) {
+ Logger.info("Federated assertion include no bPK, encrypted bPK or baseID");
+
+ try {
+ EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig();
+ if (eGovClientsConfig != null) {
+ SZRClient szrclient = new SZRClient(eGovClientsConfig);
+
+ Logger.debug("Create SZR request to get baseID ... ");
+ PersonInfoType personInfo = new PersonInfoType();
+ at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType();
+ personInfo.setPerson(person);
+ at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType();
+ person.setName(name);
+
+ name.setGivenName(authData.getGivenName());
+ name.setFamilyName(authData.getFamilyName());
+ if (authData.getDateOfBirth() != null)
+ person.setDateOfBirth(authData.getFormatedDateOfBirth());
+
+ authData.setIdentificationValue(szrclient.getStammzahl(personInfo));
+ authData.setIdentificationType(Constants.URN_PREFIX_BASEID);
+
+ } else {
+ Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible.");
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+
+ }
+
+ } catch (ConfigurationException e) {
+ Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+
+ } catch (EgovUtilException e) {
+ Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+
+ } catch (SZRException e) {
+ Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+
+ }
+
+ }
+
+ if (MiscUtil.isEmpty(authData.getBPK())) {
+ Logger.debug("Calcutlate bPK from baseID");
+ buildOAspecificbPK(oaParam, authData,
+ authData.getIdentificationValue(),
+ authData.getIdentificationType());
}
@@ -443,8 +499,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
try {
InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false);
IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
- authData.setIdentityLink(idl);
-
+ buildOAspecificIdentityLink(oaParam, authData, idl);
+
} catch (ParseException e) {
Logger.error("Received IdentityLink is not valid", e);
@@ -618,15 +674,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
IOAAuthParameters oaParam) throws BuildException, ConfigurationException {
-
- String target = oaParam.getTarget();
IdentityLink identityLink = session.getIdentityLink();
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
- boolean businessService = oaParam.getBusinessService();
-
authData.setIssuer(session.getAuthURL());
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
@@ -733,67 +785,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
} else {
-
- if (businessService) {
- //since we have foreigner, wbPK is not calculated in BKU
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-
- String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
- } else {
- authData.setBPK(identityLink.getIdentificationValue());
- authData.setBPKType(identityLink.getIdentificationType());
-
- }
-
- Logger.trace("Authenticate user with wbPK " + authData.getBPK());
-
- Element idlassertion = session.getIdentityLink().getSamlAssertion();
- //set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- prIdentification.getFirstChild().setNodeValue(authData.getBPK());
- //set bkp/wpbk type
- Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
- prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
-
- IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IdentityLink idl = idlparser.parseIdentityLink();
-
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion;
- resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion());
- IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
- IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
-
- authData.setIdentityLink(resignedIDL);
-
- } else {
-
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
- }
-
- Logger.trace("Authenticate user with bPK " + authData.getBPK());
-
- authData.setIdentityLink(identityLink);
- }
+ buildOAspecificbPK(oaParam, authData,
+ identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType());
+
+ buildOAspecificIdentityLink(oaParam, authData, identityLink);
+
}
@@ -803,4 +800,77 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
}
+
+ private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
+ if (oaParam.getBusinessService()) {
+ Element idlassertion = idl.getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
+
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+
+ //resign IDL
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ Element resignedilAssertion;
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion());
+ IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+ IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
+
+ authData.setIdentityLink(resignedIDL);
+
+ } else
+ authData.setIdentityLink(idl);
+
+
+ }
+
+ private static void buildOAspecificbPK(IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException {
+
+ if (oaParam.getBusinessService()) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+
+ } else {
+ authData.setBPK(baseID);
+ authData.setBPKType(baseIDType);
+
+ }
+
+ Logger.trace("Authenticate user with wbPK " + authData.getBPK());
+
+ } else {
+
+ if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(baseID, oaParam.getTarget());
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
+
+ Logger.trace("Authenticate user with bPK " + authData.getBPK());
+ }
+
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index a62de27fc..23369fecc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -113,6 +113,8 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.config.EgovUtilConfiguration;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
@@ -210,6 +212,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
private static SSO ssoconfig = null;
+ private EgovUtilPropertiesConfiguration eGovUtilsConfig = null;
+
private static Date date = null;
private String publicURLPreFix = null;
@@ -325,7 +329,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
statisticProps.put(propertyName, props.get(key.toString()));
}
}
-
+
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
@@ -384,6 +388,24 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
// String xmlconfigout = props.getProperty("configuration.xml.out");
+ //configure eGovUtils client implementations
+
+ //read eGovUtils client configuration
+ Properties eGovUtilsConfigProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "service.";
+ if (key.toString().startsWith(propPrefix+"egovutil")) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ eGovUtilsConfigProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+ if (!eGovUtilsConfigProp.isEmpty()) {
+ Logger.info("Start eGovUtils client implementation configuration ...");
+ eGovUtilsConfig =
+ new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
+ }
+
+
//check if XML config should be used
if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
@@ -1035,7 +1057,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return storkconfig;
}
- private void setCertStoreDirectory() throws ConfigurationException {
+ /**
+ * @return the eGovUtilsConfig
+ */
+public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+ return eGovUtilsConfig;
+}
+
+private void setCertStoreDirectory() throws ConfigurationException {
AuthComponentGeneral auth = getAuthComponentGeneral();
if (auth.getGeneralConfiguration() != null)
@@ -1075,5 +1104,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
return moasp;
}
-
+
}