aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-27 14:50:18 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-27 14:50:18 +0000
commit369cab87fd4a6f9d96cef321ec7ab88355beb17a (patch)
tree4122a782ee9a22b6f7db9b60393374e5542ec8f0 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder
parentf25530edb01126ad44bb5910a2ac0ba454f89379 (diff)
downloadmoa-id-spss-369cab87fd4a6f9d96cef321ec7ab88355beb17a.tar.gz
moa-id-spss-369cab87fd4a6f9d96cef321ec7ab88355beb17a.tar.bz2
moa-id-spss-369cab87fd4a6f9d96cef321ec7ab88355beb17a.zip
Uppdates:
* Version 1.5.2 * Added: undocumented useCondition and conditionLength configuration parameter (allows to add a saml:Conditions to the SAML assertiopn) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1273 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java207
1 files changed, 176 insertions, 31 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index b9e44544d..0742261a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
+import java.util.Calendar;
import java.util.List;
import at.gv.egovernment.moa.id.BuildException;
@@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -42,6 +44,10 @@ import at.gv.egovernment.moa.util.StringUtils;
* @version $Id$
*/
public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+
+ /** 5 minutes (=300 seconds) default length of the assertion */
+ private static int DEFAULT_CONDITIONS_LENGTH = 300;
+
/** private static String NL contains the NewLine representation in Java*/
private static final String NL = "\n";
/**
@@ -76,6 +82,38 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
"</saml:Assertion>";
/**
+ * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built (with Conditions)
+ */
+ private static final String AUTH_DATA_WITH_CONDITIONS =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+ " xmlns:si=''" + XSI_NS_URI + "''" +
+ " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL +
+ " <saml:SubjectConfirmation>" + NL +
+ " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+ " <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL +
+ " </saml:SubjectConfirmation>" + NL +
+ " </saml:Subject>" + NL +
+ " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{11}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{12}" +
+ "{13}" +
+ "{14}" +
+ " </saml:AttributeStatement>" + NL +
+ "</saml:Assertion>";
+
+ /**
* XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
*/
private static final String AUTH_DATA_MANDATE =
@@ -108,6 +146,41 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
"{13}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
+
+ /**
+ * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
+ */
+ private static final String AUTH_DATA_MANDATE_WITH_CONDITIONS =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+ " xmlns:si=''" + XSI_NS_URI + "''" +
+ " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL +
+ " <saml:SubjectConfirmation>" + NL +
+ " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+ " <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL +
+ " </saml:SubjectConfirmation>" + NL +
+ " </saml:Subject>" + NL +
+ " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''MandateData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{11}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{12}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{13}" +
+ "{14}" +
+ "{15}" +
+ " </saml:AttributeStatement>" + NL +
+ "</saml:Assertion>";
/**
* XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
* to be inserted into the <code>&lt;saml:Assertion&gt;</code>
@@ -156,7 +229,9 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- List extendedSAMLAttributes)
+ List extendedSAMLAttributes,
+ boolean useCondition,
+ int conditionLength)
throws BuildException
{
@@ -195,21 +270,51 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String assertion;
try {
+ if (!useCondition) {
+ assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
+ else {
+ Calendar cal = Calendar.getInstance();
+ String notBefore = DateTimeUtils.buildDateTimeUTC(cal);
+ if (conditionLength <= 0)
+ cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH);
+ else
+ cal.add(Calendar.SECOND, conditionLength);
+
+ String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal);
+
+ assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ notBefore,
+ notOnOrAfter,
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
- assertion = MessageFormat.format(AUTH_DATA, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- pkType,
- pkValue,
- StringUtils.removeXMLDeclaration(xmlAuthBlock),
- StringUtils.removeXMLDeclaration(xmlIdentityLink),
- StringUtils.removeXMLDeclaration(xmlPersonData),
- isQualifiedCertificate,
- bkuURL,
- publicAuthorityAttribute,
- signerCertificateAttribute,
- buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+
} catch (ParseException e) {
Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
@@ -246,7 +351,9 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String signerCertificateBase64,
boolean businessService,
String sourceID,
- List extendedSAMLAttributes)
+ List extendedSAMLAttributes,
+ boolean useCondition,
+ int conditionLength)
throws BuildException
{
@@ -285,21 +392,59 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String assertion;
try {
- assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- pkType,
- pkValue,
- StringUtils.removeXMLDeclaration(xmlAuthBlock),
- StringUtils.removeXMLDeclaration(xmlIdentityLink),
- StringUtils.removeXMLDeclaration(xmlPersonData),
- StringUtils.removeXMLDeclaration(xmlMandateData),
- isQualifiedCertificate,
- bkuURL,
- publicAuthorityAttribute,
- signerCertificateAttribute,
- buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+
+
+ if (!useCondition) {
+ assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ StringUtils.removeXMLDeclaration(xmlMandateData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
+ else {
+ Calendar cal = Calendar.getInstance();
+ String notBefore = DateTimeUtils.buildDateTimeUTC(cal);
+ if (conditionLength <= 0)
+ cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH);
+ else
+ cal.add(Calendar.SECOND, conditionLength);
+
+ String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal);
+
+ assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ notBefore,
+ notOnOrAfter,
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ StringUtils.removeXMLDeclaration(xmlMandateData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
+
+
+
+
+
+
} catch (ParseException e) {
Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 17:21:07 +0000