AuthData um bPK/wbPK Target erweitert

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-07-08 15:52:12 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-07-08 15:52:12 +0200
commit: 96da47e5347471e8d94f809164c845eab871ae29 (patch)
tree: 5f6fc914f92aa2312d83720576695d9859984177 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
parent: 08c8cde8d7fd71dc4228f2593fdc1844c41d4916 (diff)
download: moa-id-spss-96da47e5347471e8d94f809164c845eab871ae29.tar.gz
moa-id-spss-96da47e5347471e8d94f809164c845eab871ae29.tar.bz2
moa-id-spss-96da47e5347471e8d94f809164c845eab871ae29.zip
1 files changed, 50 insertions, 20 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 41b383f01..ba66041d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,6 +24,7 @@
 package at.gv.egovernment.moa.id.auth;
 
 import iaik.pki.PKIException;
+import iaik.x509.CertificateFactory;
 import iaik.x509.X509Certificate;
 
 import java.io.ByteArrayInputStream;
@@ -32,12 +33,16 @@ import java.io.InputStream;
 import java.security.GeneralSecurityException;
 import java.security.Principal;
 import java.security.cert.CertificateException;
+//import java.security.cert.CertificateFactory;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.Vector;
 
 import javax.servlet.http.HttpServletRequest;
@@ -68,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -82,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
 import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
@@ -108,6 +115,7 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.config.stork.STORKConfig;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -117,6 +125,7 @@ import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.LogMsg;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -132,7 +141,6 @@ import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
 import eu.stork.vidp.messages.stork.RequestedAttributes;
 import eu.stork.vidp.messages.util.SAMLUtil;
 import eu.stork.vidp.messages.util.XMLUtil;
-//import java.security.cert.CertificateFactory;
 
 /**
  * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -849,16 +857,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 	 * @return String representation of the
 	 *         <code>&lt;CreateXMLSignatureRequest&gt;</code>
 	 */
-	public String createXMLSignatureRequestForeignID(String sessionID,
+	public String createXMLSignatureRequestForeignID(AuthenticationSession session,
 			X509Certificate cert) throws AuthenticationException,
 			BuildException, ParseException, ConfigurationException,
 			ValidateException, ServiceException {
 
-		if (isEmpty(sessionID))
+		if (session == null)
 			throw new AuthenticationException("auth.10", new Object[] {
 					REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID });
 
-		AuthenticationSession session = getSession(sessionID);
+//		AuthenticationSession session = getSession(sessionID);
 
 		AuthConfigurationProvider authConf = AuthConfigurationProvider
 				.getInstance();
@@ -866,6 +874,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
 				.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
 
+		//session.setSignerCertificate(cert);
+		
 		return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
 				cert);
 	}
@@ -2000,9 +2010,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		// AuthConfigurationProvider.getInstance();
 
 		IdentityLink tempIdentityLink = null;
-		
+
 		if (session.getUseMandate()) {
-			session.setMandate(mandate);
 			tempIdentityLink = new IdentityLink();
 			Element mandator = ParepUtils.extractMandator(mandate);
 			String dateOfBirth = "";
@@ -2459,7 +2468,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			if(!isForeigner) {
 				//we have Austrian citizen
 				if (businessService) {
-					authData.setWBPK(identityLink.getIdentificationValue());
+					authData.setBPK(identityLink.getIdentificationValue());
+					authData.setBPKType(identityLink.getIdentificationType());
 					
 				} else {
 					
@@ -2471,16 +2481,30 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
 						String bpkBase64 = new BPKBuilder().buildBPK(
 								identityLink.getIdentificationValue(), target);
-						authData.setBPK(bpkBase64); 
+						authData.setBPK(bpkBase64);
+						authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
 					 }
 				}
 			} else {
 				//we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
 				if (businessService) {
 					//since we have foreigner, wbPK is not calculated in BKU
-					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { 						 
-						 String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
-						 authData.setWBPK(wbpkBase64); 
+					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+						
+						 	String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+						 
+							if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+								// If domainIdentifier starts with prefix
+								// "urn:publicid:gv.at:wbpk+"; remove this prefix
+								registerAndOrdNr = registerAndOrdNr
+										.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+								Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+										+ registerAndOrdNr);
+							} 
+						    
+							String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+							authData.setBPK(wbpkBase64);
+							authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); 
 					 }										
 					
 				} else {
@@ -2488,7 +2512,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 					 if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { 
 						 // only compute bPK if online application is a public service and we have the Stammzahl
 						 String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
-						 authData.setBPK(bpkBase64); 
+						 authData.setBPK(bpkBase64);
+						 authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
 					 }
 					
 	
@@ -2757,7 +2782,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
 		if (oaParam == null)
 				throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
-
 		
 		//Start of STORK Processing		
 		STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
@@ -2776,16 +2800,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     	Logger.debug("Issuer value: " + issuerValue);
     	
     	
-    	QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
-    	Logger.debug("QAALevel: " + qaaLevel.getValue());
-
+    	QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
+    	//Logger.debug("QAALevel: " + qaaLevel.getValue());
+    	
     	RequestedAttributes requestedAttributes = null;
     	
-    	requestedAttributes = oaParam.getRequestedAttributes();
+    	//TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes();
 		requestedAttributes.detach();
     	List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
     	List<RequestedAttribute> oaReqAttributeList = null; 
-    	oaReqAttributeList =  new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+    	//TODO UNCOMMENT AGAIN !! oaReqAttributeList =  new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
     	//check if country specific attributes must be additionally requested
     	if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
     		//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
@@ -2924,7 +2948,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		}
 		
 		InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
-
+		
 		X509Certificate cert;
 		try {
 			cert = new X509Certificate(is);
@@ -2933,7 +2957,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		} catch (Throwable e) {
 			throw new CertificateException(e);
 		}
-
+				
+//		CertificateFactory cf;
+//		X509Certificate cert = null;
+//		cf = CertificateFactory.getInstance("X.509");
+//		CertificateFactory
+//		cert = (X509Certificate)cf.generateCertificate(is);	
+//		return cert;
 	}
 	
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-07-08 15:52:12 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-07-08 15:52:12 +0200
commit	96da47e5347471e8d94f809164c845eab871ae29 (patch)
tree	5f6fc914f92aa2312d83720576695d9859984177 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
parent	08c8cde8d7fd71dc4228f2593fdc1844c41d4916 (diff)
download	moa-id-spss-96da47e5347471e8d94f809164c845eab871ae29.tar.gz moa-id-spss-96da47e5347471e8d94f809164c845eab871ae29.tar.bz2 moa-id-spss-96da47e5347471e8d94f809164c845eab871ae29.zip