some more stuff

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-14 13:55:39 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-14 13:55:39 +0200
commit: 3b26a365d832d4b0664777d2c348606247022564 (patch)
tree: ce9d87c9144d75afad3be5fe4af503f7c4d78b4f /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
parent: 2a073c6727d704271e17d9b682be28410f23aae7 (diff)
download: moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.gz
moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.bz2
moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.zip
1 files changed, 32 insertions, 111 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index efe28c900..738f733a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,11 +36,6 @@ import java.util.List;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -49,10 +44,12 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -71,7 +68,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
@@ -80,17 +76,9 @@ import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -112,9 +100,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private AttributQueryBuilder attributQueryBuilder;
-	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -193,82 +178,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		
 		return authdata;								
 	}
-	
-	/**
-	 * Get PVP authentication attributes by using a SAML2 AttributeQuery
-	 * 
-	 * @param reqQueryAttr List of PVP attributes which are requested
-	 * @param userNameID SAML2 UserNameID of the user for which attributes are requested
-	 * @param idpConfig Configuration of the IDP, which is requested 
-	 * @return 
-	 * @return PVP attribute DAO, which contains all received information
-	 * @throws MOAIDException
-	 */
-	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
-		String idpEnityID = idpConfig.getPublicURLPrefix();
-		
-		try {		
-			Logger.debug("Starting AttributeQuery process ...");
-			//collect attributes by using BackChannel communication
-			String endpoint = idpConfig.getIDPAttributQueryServiceURL();			
-			if (MiscUtil.isEmpty(endpoint)) {
-				Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
-				throw new ConfigurationException("config.26", new Object[]{idpEnityID});
-				
-			}
-				
-			//build attributQuery request
-			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
-			
-			//build SOAP request				
-			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
-		
-			if (xmlObjects.size() == 0) {
-				Logger.error("Receive emptry AttributeQuery response-body.");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
-			
-			}
-		
-			Response intfResp;
-			if (xmlObjects.get(0) instanceof Response) {
-				intfResp = (Response) xmlObjects.get(0);
-			
-				//validate PVP 2.1 response
-				try {
-					samlVerificationEngine.verifyIDPResponse(intfResp, 
-							TrustEngineFactory.getSignatureKnownKeysTrustEngine(
-									metadataProvider));
-			
-					//create assertion attribute extractor from AttributeQuery response
-					return new AssertionAttributeExtractor(intfResp);
-		
-				} catch (Exception e) {
-					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
-					throw new AssertionValidationExeption("auth.27", 
-							new Object[]{idpEnityID, e.getMessage()}, e);
-				}
-											
-			} else {
-				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
-			}
-				 										
-		} catch (SOAPException e) {
-			throw new BuildException("builder.06", null, e);
-			
-		} catch (SecurityException e) {
-			throw new BuildException("builder.06", null, e);
-					
-		} catch (org.opensaml.xml.security.SecurityException e1) {
-			throw new BuildException("builder.06", null, e1);
-			
-		}
-	}
-		
 	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 
@@ -372,32 +282,43 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			//####################################################
 			//set QAA level
 			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+			String currentLoA = null;
 			if (MiscUtil.isNotEmpty(session.getQAALevel()))
-				authData.setQAALevel(session.getQAALevel());
-			
+				currentLoA = session.getQAALevel();			
 			else {
-				String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
-				if (MiscUtil.isNotEmpty(qaaLevel)) {
-					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + qaaLevel
+				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+				if (MiscUtil.isNotEmpty(currentLoA)) {
+					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
 							+ " --> Parse QAA-Level from that attribute.");
-						
-					if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-						authData.setQAALevel(qaaLevel);
-						
-					} else {
-						Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-						String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
-						if (MiscUtil.isNotEmpty(mappedQAA))
-							authData.setQAALevel(mappedQAA);
-											
-					}
+					
 				}
 			}
+				
+			if (MiscUtil.isNotEmpty(currentLoA)) {					
+				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+					authData.setQAALevel(currentLoA);
+					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+
+				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.seteIDASLoA(currentLoA);
+										
+				} else {
+					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
+					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+						authData.setQAALevel(currentLoA);
+						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						
+					}										
+				}
+			}		
 			
 			//if no QAA level is set in MOASession then set default QAA level  
 			if (MiscUtil.isEmpty(authData.getQAALevel())) {														
-				Logger.info("No QAA level found. Set to default level " + PVPConstants.STORK_QAA_PREFIX + "1");
+				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
 						
 			}
 	
@@ -810,7 +731,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				try {
 					authData.setGenericData(elementKey, session.getGenericDataFromSession(elementKey));
 						
-				} catch (SessionDataStorageException e) {
+				} catch (EAAFStorageException e) {
 					Logger.warn("Can not add generic authData with key:" + elementKey, e);
 						
 				}
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-14 13:55:39 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-14 13:55:39 +0200
commit	3b26a365d832d4b0664777d2c348606247022564 (patch)
tree	ce9d87c9144d75afad3be5fe4af503f7c4d78b4f /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
parent	2a073c6727d704271e17d9b682be28410f23aae7 (diff)
download	moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.gz moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.bz2 moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.zip