aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-24 06:21:22 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-24 06:21:22 +0100
commitcbdb6946d5af7de63afebf5ad256743303f00935 (patch)
treee5943b5313fc7e41a09a3c4e25aacf6778fc3c2c /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder
parentf354a38c6287f4834389f3430289ae14241c8066 (diff)
downloadmoa-id-spss-cbdb6946d5af7de63afebf5ad256743303f00935.tar.gz
moa-id-spss-cbdb6946d5af7de63afebf5ad256743303f00935.tar.bz2
moa-id-spss-cbdb6946d5af7de63afebf5ad256743303f00935.zip
refactor PVP protocol implementation to resuse code in other modules
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java50
1 files changed, 21 insertions, 29 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index dbf95f604..8a9999d85 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -104,7 +104,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -127,24 +126,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected AuthConfiguration authConfig;
@Autowired private AttributQueryBuilder attributQueryBuilder;
+ @Autowired private SAMLVerificationEngine samlVerificationEngine;
public IAuthData buildAuthenticationData(IRequest protocolRequest,
- AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
-
-
- String oaID = protocolRequest.getOAURL();
- if (oaID == null) {
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
- }
-
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaID))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
-
+ AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
AuthenticationData authdata = null;
+ //only needed for SAML1 legacy support
try {
//check if SAML1 authentication module is in Classpath
Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
@@ -165,15 +153,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
authdata = new AuthenticationData();
}
-
-
+
} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {
authdata = new AuthenticationData();
}
- //reuse some parameters if it is a reauthentication
- OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+ //reuse some parameters if it is a Service-Provider reauthentication
+ OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, protocolRequest.getOAURL(), protocolRequest.requestedModule());
if (activeOA != null) {
authdata.setSessionIndex(activeOA.getAssertionSessionID());
authdata.setNameID(activeOA.getUserNameID());
@@ -193,7 +180,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
}
-
+
+ //search federated IDP information in MOASession
InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
IOAAuthParameters oaParam = null;
@@ -201,20 +189,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//get OnlineApplication from MOA-ID-Auth configuration
oaParam = protocolRequest.getOnlineApplicationConfiguration();
- //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
+ //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
if (oaParam.isSTORKPVPGateway())
oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest);
} else {
- //build OnlineApplication dynamic from requested attributes
+ //build OnlineApplication dynamic from requested attributes (AttributeQuerry Request)
oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
}
- if (interfIDP != null ) {
- //IDP is a chained interfederated IDP and Authentication is requested
+ if (interfIDP != null ) {
+ //authentication by using a federated IDP
if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration &&
!(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) {
+ //IDP is a chained interfederated IDP and Authentication is requested
+
//only set minimal response attributes
authdata.setQAALevel(interfIDP.getQAALevel());
authdata.setBPK(interfIDP.getUserNameID());
@@ -290,12 +280,15 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
+ //get SAML2 Response from federated IDP
Response intfResp =
(Response) req.getGenericData(
RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse();
- AssertionAttributeExtractor extractor =
- new AssertionAttributeExtractor(intfResp);
-
+
+ //initialize Attribute extractor
+ AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(intfResp);
+
+ //check if SAML2 Assertion contains already all required attributes
if (!extractor.containsAllRequiredAttributes()) {
Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");
//collect attributes by using BackChannel communication
@@ -323,8 +316,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//validate PVP 2.1 response
try {
- SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ samlVerificationEngine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
//TODO: find better solution
//SAMLVerificationEngine.validateAssertion(intfResp, false);