aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
diff options
context:
space:
mode:
authorpdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-10-17 16:18:44 +0000
committerpdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-10-17 16:18:44 +0000
commit83f01ddf24d98dbb5df41fb627a14edee2d57df7 (patch)
tree248d1674da3fddd81519babe441744052abdf901 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
parent8b5f5997e3a32b90ce0dc73881ae8bb4c03242bb (diff)
downloadmoa-id-spss-83f01ddf24d98dbb5df41fb627a14edee2d57df7.tar.gz
moa-id-spss-83f01ddf24d98dbb5df41fb627a14edee2d57df7.tar.bz2
moa-id-spss-83f01ddf24d98dbb5df41fb627a14edee2d57df7.zip
Implemented and integrated party representation and integrated mandates as per default available
Now Eclipse projects are available. The Web Tools Platform can be used to run the web applications git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1014 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java435
1 files changed, 339 insertions, 96 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 5f4ec2d29..75197943f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth;
import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
+import java.io.File;
+import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Calendar;
@@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setOAURLRequested(oaURL);
session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
+ session.setTemplateURL(templateURL);
session.setBusinessService(oaParam.getBusinessService());
}
// BKU URL has not been set yet, even if session already exists
@@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
bkuURL = DEFAULT_BKU;
}
session.setBkuURL(bkuURL);
+ session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
String infoboxReadRequest =
new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(),
oaParam.getBusinessService(),
@@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
if (verifyInfoboxParameters != null) {
pushInfobox = verifyInfoboxParameters.getPushInfobox();
+ session.setPushInfobox(pushInfobox);
}
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12());
String certInfoDataURL =
@@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl());
+
+ return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+ }
+
+ public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
+ throws
+ ConfigurationException,
+ BuildException,
+ ValidateException {
+
+ // check for intermediate processing of the infoboxes
+ if (session.isValidatorInputPending()) return "Redirect to Input Processor";
+
+ if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
+ if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
+ getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session);
// session.setAuthBlock(authBlock);
@@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if ((transformsInfos == null) || (transformsInfos.length == 0)) {
// no OA specific transforms specified, use default ones
transformsInfos = authConf.getTransformsInfos();
- }
+ }
String createXMLSignatureRequest =
new CreateXMLSignatureRequestBuilder().build(authBlock,
oaParam.getKeyBoxIdentifier(),
@@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
oaParam.getSlVersion12());
return createXMLSignatureRequest;
}
+
/**
* Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
* @param session authentication session
@@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
if (verifyInfoboxParameters != null) {
- Vector authAttributes = new Vector();
- Vector oaAttributes = new Vector();
+ session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes
+ session.setExtendedSAMLAttributesOA(new Vector());
infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
// get the list of infobox identifiers
List identifiers = verifyInfoboxParameters.getIdentifiers();
@@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new ValidateException("validator.41", new Object[] {identifier});
} else {
String friendlyName = verifyInfoboxParameter.getFriendlyName();
+ boolean isParepRequest = false;
+
+ // parse the infobox read reponse
+ List infoboxTokenList = null;
+ try {
+ infoboxTokenList =
+ ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName);
+ } catch (ParseException e) {
+ Logger.error("InfoboxReadResponse for \"" + identifier +
+ "\"-infobox could not be parsed successfully: " + e.getMessage());
+ throw new ValidateException("validator.43", new Object[] {friendlyName});
+ }
+ // check for party representation in mandates infobox
+ if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){
+ session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
+ Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList);
+ //ParepUtils.serializeElement(mandate, System.out);
+ String mandateID = ParepUtils.extractRepresentativeID(mandate);
+ if (!isEmpty(mandateID) &&
+ ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
+ isParepRequest = true;
+ }
+ if (!isParepRequest) {
+ //if mandates validator is disabled we must throw an error in this case
+ if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) {
+ throw new ValidateException("validator.60", new Object[] {friendlyName});
+ }
+ }
+ }
+
// get the class for validating the infobox
InfoboxValidator infoboxValidator = null;
try {
- Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName());
+ Class validatorClass = null;
+ if (isParepRequest) {
+ // Mandates infobox in party representation mode
+ validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
+ } else {
+ validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName());
+ }
infoboxValidator = (InfoboxValidator) validatorClass.newInstance();
} catch (Exception e) {
Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
@@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
"\" for \"" + identifier + "\"-infobox.");
- // parse the infobox read reponse
- List infoboxTokenList = null;
- try {
- infoboxTokenList =
- ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName);
- } catch (ParseException e) {
- Logger.error("InfoboxReadResponse for \"" + identifier +
- "\"-infobox could not be parsed successfully: " + e.getMessage());
- throw new ValidateException("validator.43", new Object[] {friendlyName});
- }
// build the parameters for validating the infobox
InfoboxValidatorParams infoboxValidatorParams =
InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams(
- session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl);
+ session, verifyInfoboxParameter, infoboxTokenList, oaParam);
+
// now validate the infobox
InfoboxValidationResult infoboxValidationResult = null;
try {
@@ -605,89 +657,138 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
Logger.info(identifier + " infobox successfully validated.");
+ // store the validator for post processing
+ session.addInfoboxValidator(identifier, friendlyName, infoboxValidator);
// get the SAML attributes to be appended to the AUTHBlock or to the final
// SAML Assertion
- ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes();
- if (extendedSAMLAttributes != null) {
- int length = extendedSAMLAttributes.length;
- for (int i=0; i<length; i++) {
- ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
- String name = samlAttribute.getName();
- if (name == null) {
- Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is null.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"});
- }
- if (name == "") {
- Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is empty.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"});
- }
- if (samlAttribute.getNameSpace() == null) {
- Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is null.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"});
- }
- Object value = samlAttribute.getValue();
- if (value == null) {
- Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is null.");
- throw new ValidateException(
- "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
- }
- if ((value instanceof String) || (value instanceof Element)) {
-
- switch (samlAttribute.getAddToAUTHBlock()) {
- case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
- authAttributes.add(samlAttribute);
- oaAttributes.add(samlAttribute);
- break;
- case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
- authAttributes.add(samlAttribute);
- break;
- case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
- oaAttributes.add(samlAttribute);
- break;
- default:
- Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
- + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number "
- + (i+1) + " for infobox " + identifier);
- throw new ValidateException(
- "validator.47", new Object[] {friendlyName, String.valueOf((i+1))});
- }
- } else {
- Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " +
- identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" +
- " or \"org.w3c.dom.Element\"");
- throw new ValidateException(
- "validator.46", new Object[] {identifier, String.valueOf((i+1))});
-
- }
- }
-
- }
+ AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
}
} else {
if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) {
Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU");
throw new ValidateException(
"validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()});
-
}
Logger.debug("Infobox \"" + identifier + "\" not returned from BKU.");
- }
+ }
}
- session.setExtendedSAMLAttributesAUTH(authAttributes);
- session.setExtendedSAMLAttributesOA(oaAttributes);
}
- }
+ }
}
/**
+ * Intermediate processing of the infoboxes. The first pending infobox
+ * validator may validate the provided input
+ *
+ * @param session The current authentication session
+ * @param parameters The parameters got returned by the user input fields
+ */
+ public static void processInput(AuthenticationSession session, Map parameters) throws ValidateException
+ {
+
+ // post processing of the infoboxes
+ Iterator iter = session.getInfoboxValidatorIterator();
+ if (iter != null) {
+ while (iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+ if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
+ String identifier = (String) infoboxValidatorVector.get(0);
+ String friendlyName = (String) infoboxValidatorVector.get(1);
+ InfoboxValidationResult infoboxValidationResult = null;
+ try {
+ infoboxValidationResult = infoboxvalidator.validate(parameters);
+ } catch (ValidateException e) {
+ Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
+ throw new ValidateException(
+ "validator.44", new Object[] {friendlyName});
+ }
+ if (!infoboxValidationResult.isValid()) {
+ Logger.info("Validation of " + identifier + " infobox failed.");
+ throw new ValidateException(
+ "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+ }
+ AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
+ }
+ }
+ }
+ }
+
+ /**
+ * Adds given SAML Attributes to the current session. They will be appended
+ * to the final SAML Assertion or the AUTH block. If the attributes are
+ * already in the list, they will be replaced.
+ *
+ * @param session The current session
+ * @param extendedSAMLAttributes The SAML attributes to add
+ * @param identifier The infobox identifier for debug purposes
+ * @param friendlyNam The friendly name of the infobox for debug purposes
+ */
+ private static void AddAdditionalSAMLAttributes(AuthenticationSession session, ExtendedSAMLAttribute[] extendedSAMLAttributes,
+ String identifier, String friendlyName) throws ValidateException
+ {
+ if (extendedSAMLAttributes == null) return;
+ List oaAttributes = session.getExtendedSAMLAttributesOA();
+ if (oaAttributes==null) oaAttributes = new Vector();
+ List authAttributes = session.getExtendedSAMLAttributesAUTH();
+ if (authAttributes==null) authAttributes = new Vector();
+ int length = extendedSAMLAttributes.length;
+ for (int i=0; i<length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+ Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName);
+ if ((value instanceof String) || (value instanceof Element)) {
+ switch (samlAttribute.getAddToAUTHBlock()) {
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+ replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ default:
+ Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
+ + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number "
+ + (i+1) + " for infobox " + identifier);
+ throw new ValidateException(
+ "validator.47", new Object[] {friendlyName, String.valueOf((i+1))});
+ }
+ } else {
+ Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" +
+ " or \"org.w3c.dom.Element\"");
+ throw new ValidateException(
+ "validator.46", new Object[] {identifier, String.valueOf((i+1))});
+ }
+ }
+ session.setExtendedSAMLAttributesAUTH(authAttributes);
+ session.setExtendedSAMLAttributesOA(oaAttributes);
+ }
+
+ private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) {
+ if (null==attributes) {
+ attributes = new Vector();
+ } else {
+ String id = samlAttribute.getName();
+ int length = attributes.size();
+ for (int i=0; i<length; i++) {
+ ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes.get(i);
+ if (id.equals(att.getName())) {
+ // replace attribute
+ attributes.set(i, samlAttribute);
+ return;
+ }
+ }
+ attributes.add(samlAttribute);
+ }
+ }
+
+
+
+ /**
* Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
* security layer implementation.<br>
* <ul>
@@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
// parses <CreateXMLSignatureResponse>
CreateXMLSignatureResponse csresp =
- new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
try {
String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
session.setAuthBlock(serializedAssertion);
@@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants {
vsresp,
session.getIdentityLink());
+ // post processing of the infoboxes
+ Iterator iter = session.getInfoboxValidatorIterator();
+ boolean formpending = false;
+ if (iter != null) {
+ while (!formpending && iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ String identifier = (String) infoboxValidatorVector.get(0);
+ String friendlyName = (String) infoboxValidatorVector.get(1);
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+ InfoboxValidationResult infoboxValidationResult = null;
+ try {
+ infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion());
+ } catch (ValidateException e) {
+ Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
+ throw new ValidateException(
+ "validator.44", new Object[] {friendlyName});
+ }
+ if (!infoboxValidationResult.isValid()) {
+ Logger.info("Validation of " + identifier + " infobox failed.");
+ throw new ValidateException(
+ "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+ }
+ String form = infoboxvalidator.getForm();
+ if (ParepUtils.isEmpty(form)) {
+ AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
+ } else {
+ return "Redirect to Input Processor";
+ }
+ }
+ }
+
+ // Exchange person data information by a mandate if needed
+ List oaAttributes = session.getExtendedSAMLAttributesOA();
+ IdentityLink replacementIdentityLink = null;
+ if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) {
+ // look if we have a mandate
+ boolean foundMandate = false;
+ Iterator it = oaAttributes.iterator();
+ while (!foundMandate && it.hasNext()) {
+ ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
+ if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) {
+ Object value = samlAttribute.getValue();
+ if (value instanceof Element) {
+ Element mandate = (Element) value;
+ replacementIdentityLink = new IdentityLink();
+ Element mandator = ParepUtils.extractMandator(mandate);
+ String dateOfBirth = "";
+ Element prPerson = null;
+ String familyName = "";
+ String givenName = "";
+ String identificationType = "";
+ String identificationValue = "";
+ if (mandator != null) {
+ boolean physical = ParepUtils.isPhysicalPerson(mandator);
+ if (physical) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ familyName = ParepUtils.extractMandatorFullName(mandator);
+ }
+ identificationType = ParepUtils.getIdentification(mandator, "Type");
+ identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+ if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
+ // now we calculate the wbPK and do so if we got it from the BKU
+ identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
+ identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
+ ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
+ }
+
+ }
+ replacementIdentityLink.setDateOfBirth(dateOfBirth);
+ replacementIdentityLink.setFamilyName(familyName);
+ replacementIdentityLink.setGivenName(givenName);
+ replacementIdentityLink.setIdentificationType(identificationType);
+ replacementIdentityLink.setIdentificationValue(identificationValue);
+ replacementIdentityLink.setPrPerson(prPerson);
+ try {
+ replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
+ } catch (Exception e) {
+ throw new ValidateException("validator.64", null);
+ }
+ } else {
+ Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\"");
+ throw new ValidateException("validator.64", null);
+ }
+ }
+ }
+ }
+
// builds authentication data and stores it together with a SAML artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
String samlArtifact =
new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
storeAuthenticationData(samlArtifact, authData);
+
// invalidates the authentication session
sessionStore.remove(sessionID);
Logger.info(
@@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
private AuthenticationData buildAuthenticationData(
AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
+ VerifyXMLSignatureResponse verifyXMLSigResp,
+ IdentityLink replacementIdentityLink)
throws ConfigurationException, BuildException {
- IdentityLink identityLink = session.getIdentityLink();
+ IdentityLink identityLink;
+ if (replacementIdentityLink == null) {
+ identityLink = session.getIdentityLink();
+ } else {
+ // We have got data form a mandate we need now to use to stay compatible with applications
+ identityLink = replacementIdentityLink;
+ }
+
AuthenticationData authData = new AuthenticationData();
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
@@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
-
authData.setIdentificationType(identityLink.getIdentificationType());
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
@@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (provideStammzahl) {
authData.setIdentificationValue(identityLink.getIdentificationValue());
}
- String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl);
+ String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl);
try {
String signerCertificateBase64 = "";
if (oaParam.getProvideCertifcate()) {
@@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (businessService) {
authData.setWBPK(identityLink.getIdentificationValue());
} else {
- // only compute bPK if online applcation is a public service
- String bpkBase64 =
- new BPKBuilder().buildBPK(
- identityLink.getIdentificationValue(),
- session.getTarget());
- authData.setBPK(bpkBase64);
+ authData.setBPK(identityLink.getIdentificationValue());
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online applcation is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(
+ identityLink.getIdentificationValue(),
+ session.getTarget());
+ authData.setBPK(bpkBase64);
+ }
}
String ilAssertion =
oaParam.getProvideIdentityLink()
@@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
businessService,
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
+
+
+ //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml"));
+
return authData;
} catch (Throwable ex) {
throw new BuildException(
@@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return param == null || param.length() == 0;
}
-
+ /**
+ * Checks the correctness of SAML attributes and returns its value.
+ * @param param samlAttribute
+ * @param i the number of the verified attribute for messages
+ * @param identifier the infobox identifier for messages
+ * @param friendlyname the friendly name of the infobox for messages
+ * @return the SAML attribute value (Element or String)
+ */
+ private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName)
+ throws ValidateException{
+ String name = samlAttribute.getName();
+ if (name == null) {
+ Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"});
+ }
+ if (name == "") {
+ Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is empty.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"});
+ }
+ if (samlAttribute.getNameSpace() == null) {
+ Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"});
+ }
+ Object value = samlAttribute.getValue();
+ if (value == null) {
+ Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
+ }
+ return value;
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 11:27:08 +0000