aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-07-05 13:17:06 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-07-05 13:17:06 +0200
commitcdbfcdbdf4b0a55071f1aad9e514a5024563ddea (patch)
tree2270838c4b3202dc45bdd4fca353175364283784
parent5af029d47de31ceb0b171b3fe39744722a5adb63 (diff)
downloadmoa-id-spss-cdbfcdbdf4b0a55071f1aad9e514a5024563ddea.tar.gz
moa-id-spss-cdbfcdbdf4b0a55071f1aad9e514a5024563ddea.tar.bz2
moa-id-spss-cdbfcdbdf4b0a55071f1aad9e514a5024563ddea.zip
move AuthData generation from VerifyAuthBlock step to generate Assertion step
This requires also some changes in PVP2 module
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java6
8 files changed, 159 insertions, 71 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 87bd4ffea..14bb53eb7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1891,37 +1891,35 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
-
- // builds authentication data and stores it together with a SAML
- // artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC, false);
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// boolean useUTC = oaParam.getUseUTC();
+// boolean useCondition = oaParam.getUseCondition();
+// int conditionLength = oaParam.getConditionLength();
- //set Authblock
- session.setAuthData(authData);
- //set signer certificate
+ //TL: moved to Authentification Data generation
+// AuthenticationData authData = buildAuthenticationData(session, vsresp,
+// useUTC, false);
+//
+// //set Authblock
+// session.setAuthData(authData);
+
+
+ session.setXMLVerifySignatureResponse(vsresp);
session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(false);
if (session.getUseMandate()) {
// mandate mode
-
- // session.setAssertionAuthBlock(assertionAuthBlock)
return null;
+
} else {
-
-
+
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
-
- //TODO: check if this element is needed!!!
- //session.setXMLVerifySignatureResponse(vsresp);
-
+
String oldsessionID = session.getSessionID();
//Session is implicte stored in changeSessionID!!!
@@ -2325,22 +2323,27 @@ public class AuthenticationServer implements MOAIDAuthConstants {
X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// boolean useUTC = oaParam.getUseUTC();
// boolean useCondition = oaParam.getUseCondition();
// int conditionLength = oaParam.getConditionLength();
- AuthenticationData authData = buildAuthenticationData(session, vsresp,
- useUTC, true);
+ //TL: moved to Assertion generation.
+// AuthenticationData authData = buildAuthenticationData(session, vsresp,
+// useUTC, true);
+//
+// session.setAuthData(authData);
- session.setAuthData(authData);
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
- //TODO: check, if it element is in use!!!!
- //session.setXMLVerifySignatureResponse(vsresp);
+
+ session.setXMLVerifySignatureResponse(vsresp);
+ session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(true);
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -2402,7 +2405,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException
* while building the <code>&lt;saml:Assertion&gt;</code>
*/
- protected static AuthenticationData buildAuthenticationData(
+ public static AuthenticationData buildAuthenticationData(
AuthenticationSession session,
VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
throws ConfigurationException, BuildException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 6cfb12380..7a4c3da8b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -206,7 +206,7 @@ public class AuthenticationSession implements Serializable {
- private AuthenticationData authData;
+ //private AuthenticationData authData;
//protocol selection
private String action;
@@ -256,7 +256,11 @@ public class AuthenticationSession implements Serializable {
// */
// private Date timestampStart;
// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
-// private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+
+ private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+
+ private boolean isForeigner;
+
// private String requestedProtocolURL = null;
public String getModul() {
@@ -283,13 +287,13 @@ public class AuthenticationSession implements Serializable {
this.mandateData = mandateData;
}
- public AuthenticationData getAuthData() {
- return authData;
- }
-
- public void setAuthData(AuthenticationData authData) {
- this.authData = authData;
- }
+// public AuthenticationData getAuthData() {
+// return authData;
+// }
+//
+// public void setAuthData(AuthenticationData authData) {
+// this.authData = authData;
+// }
public boolean isAuthenticatedUsed() {
return authenticatedUsed;
@@ -1050,12 +1054,20 @@ public class AuthenticationSession implements Serializable {
// XMLCreateSignatureResponse = xMLCreateSignatureResponse;
// }
-// public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
-// return XMLVerifySignatureResponse;
-// }
-//
-// public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
-// XMLVerifySignatureResponse = xMLVerifySignatureResponse;
-// }
+ public boolean isForeigner() {
+ return isForeigner;
+ }
+
+ public void setForeigner(boolean isForeigner) {
+ this.isForeigner = isForeigner;
+ }
+
+ public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
+ return XMLVerifySignatureResponse;
+ }
+
+ public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+ XMLVerifySignatureResponse = xMLVerifySignatureResponse;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index ce418de01..c41de1904 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.auth.data;
+import java.io.Serializable;
+
import iaik.x509.X509Certificate;
/**
@@ -34,8 +36,11 @@ import iaik.x509.X509Certificate;
* @version $Id$
*
*/
-public class VerifyXMLSignatureResponse {
- /** The xmlDsigSubjectName to be stored */
+public class VerifyXMLSignatureResponse implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+/** The xmlDsigSubjectName to be stored */
private String xmlDsigSubjectName;
/** The signatureCheckCode to be stored */
private int signatureCheckCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 1d3c82aaf..2e07a39a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -105,7 +105,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
// no target attribut is given in OA config
// target is used from request
// check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
+ if (!ParamValidatorUtils.isValidTarget(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
} else {
// use target from config
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 2f866ca78..f8a828f6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -247,8 +247,10 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = resp.encodeRedirectURL(redirectURL);*/
+
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
+
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
index 0b280fe48..18f981243 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
@@ -10,7 +10,13 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -100,27 +106,60 @@ public class CitizenTokenBuilder {
AuthenticationSession authSession) {
AttributeStatement statement =
SAML2Utils.createSAMLObject(AttributeStatement.class);
+
+ //TL: AuthData generation is moved out from VerifyAuthBlockServlet
+ try {
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
- Attribute pvpVersion = buildPVPVersion("2.1");
- Attribute secClass = buildSecClass(3);
- Attribute principalName = buildPrincipalName(authSession.getAuthData().getFamilyName());
- Attribute givenName = buildGivenName(authSession.getAuthData().getGivenName());
- Attribute birthdate = buildBirthday(authSession.getAuthData().getDateOfBirth());
- Attribute bpk = buildBPK(authSession.getAuthData().getIdentificationValue());
- Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
- Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
- Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authSession.getAuthData().getIdentificationType());
-
- statement.getAttributes().add(pvpVersion);
- statement.getAttributes().add(secClass);
- statement.getAttributes().add(principalName);
- statement.getAttributes().add(givenName);
- statement.getAttributes().add(birthdate);
- statement.getAttributes().add(bpk);
- statement.getAttributes().add(eid_citizen_qaa);
- statement.getAttributes().add(eid_issuing_nation);
- statement.getAttributes().add(eid_sector_for_id);
+ AuthenticationData authData;
+
+ authData = AuthenticationServer.buildAuthenticationData(authSession,
+ authSession.getXMLVerifySignatureResponse(),
+ useUTC,
+ authSession.isForeigner());
+
+ Attribute pvpVersion = buildPVPVersion("2.1");
+ Attribute secClass = buildSecClass(3);
+ Attribute principalName = buildPrincipalName(authData.getFamilyName());
+ Attribute givenName = buildGivenName(authData.getGivenName());
+ Attribute birthdate = buildBirthday(authData.getDateOfBirth());
+
+ //TL: getIdentificationValue holds the baseID --> change to pBK
+ Attribute bpk;
+ if (authSession.getBusinessService())
+ bpk = buildBPK(authData.getWBPK());
+ else
+ bpk = buildBPK(authData.getBPK());
+
+ Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
+ Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
+ Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
+
+ statement.getAttributes().add(pvpVersion);
+ statement.getAttributes().add(secClass);
+ statement.getAttributes().add(principalName);
+ statement.getAttributes().add(givenName);
+ statement.getAttributes().add(birthdate);
+ statement.getAttributes().add(bpk);
+ statement.getAttributes().add(eid_citizen_qaa);
+ statement.getAttributes().add(eid_issuing_nation);
+ statement.getAttributes().add(eid_sector_for_id);
+
+ return statement;
+
+ } catch (ConfigurationException e) {
+
+ // TODO: check Exception Handling
+ return null;
+ } catch (BuildException e) {
+
+ // TODO: check Exception Handling
+ return null;
+ }
- return statement;
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index f05866f70..6b35d7640 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -25,7 +25,11 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
@@ -95,7 +99,26 @@ public class AuthnRequestHandler implements IRequestHandler {
Subject subject = SAML2Utils.createSAMLObject(Subject.class);
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
subjectNameID.setFormat(NameID.PERSISTENT);
- subjectNameID.setValue(authSession.getAuthData().getIdentificationValue());
+
+
+ //TL: AuthData generation is moved to Assertion generation.
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
+
+ AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
+ authSession.getXMLVerifySignatureResponse(),
+ useUTC,
+ authSession.isForeigner());
+
+ //TL: getIdentificationValue holds the baseID --> change to pBK
+ //subjectNameID.setValue(authData.getIdentificationValue());
+ if (authSession.getBusinessService())
+ subjectNameID.setValue(authData.getWBPK());
+ else
+ subjectNameID.setValue(authData.getBPK());
+
+
subject.setNameID(subjectNameID);
//assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 6a86eb4a5..36fd75d8b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -112,7 +112,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//TODO: check, if this is correct!!!!
//AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
// useUTC, false);
- AuthenticationData authData = session.getAuthData();
+
+ AuthenticationData authData = buildAuthenticationData(session,
+ session.getXMLVerifySignatureResponse(),
+ useUTC,
+ session.isForeigner());
//TODO: check, if this is correct!!!!
// String samlAssertion = new AuthenticationDataAssertionBuilder().build(