diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-09-11 18:23:33 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-09-11 18:23:33 +0200 |
| commit | 3536b99c17250772f253ea5925da72a29e327c58 (patch) | |
| tree | 672cd61bd324e845e322c518223a14e0b1d82fbd /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth | |
| parent | aa1dda4e14e7aebd3ec0df5e50493d273a65d999 (diff) | |
| download | moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.gz moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.bz2 moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.zip | |
move authentication protocol implementation to separate modules.
authentication protocol modules are loaded by SPI now.
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth')
9 files changed, 76 insertions, 524 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java deleted file mode 100644 index fc04fa9a7..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ /dev/null @@ -1,458 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ - - - -package at.gv.egovernment.moa.id.auth.builder; - -import java.text.MessageFormat; -import java.util.Calendar; -import java.util.List; - -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.StringUtils; - -/** - * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { - - /** 5 minutes (=300 seconds) default length of the assertion */ - private static int DEFAULT_CONDITIONS_LENGTH = 300; - - /** private static String NL contains the NewLine representation in Java*/ - private static final String NL = "\n"; - /** - * XML template for the <code><saml:Assertion></code> to be built - */ - private static final String AUTH_DATA = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + - " xmlns:si=''" + XSI_NS_URI + "''" + - " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + - " <saml:AttributeStatement>" + NL + - " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL + - " <saml:SubjectConfirmation>" + NL + - " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL + - " </saml:SubjectConfirmation>" + NL + - " </saml:Subject>" + NL + - " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{8}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - "{10}" + - "{11}" + - "{12}" + - " </saml:AttributeStatement>" + NL + - "</saml:Assertion>"; - - /** - * XML template for the <code><saml:Assertion></code> to be built (with Conditions) - */ - private static final String AUTH_DATA_WITH_CONDITIONS = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + - " xmlns:si=''" + XSI_NS_URI + "''" + - " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + - "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL + - " <saml:AttributeStatement>" + NL + - " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL + - " <saml:SubjectConfirmation>" + NL + - " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL + - " </saml:SubjectConfirmation>" + NL + - " </saml:Subject>" + NL + - " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{11}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - "{12}" + - "{13}" + - "{14}" + - " </saml:AttributeStatement>" + NL + - "</saml:Assertion>"; - - /** - * XML template for the <code><saml:Assertion></code> to be built - */ - private static final String AUTH_DATA_MANDATE = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + - " xmlns:si=''" + XSI_NS_URI + "''" + - " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + - " <saml:AttributeStatement>" + NL + - " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL + - " <saml:SubjectConfirmation>" + NL + - " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL + - " </saml:SubjectConfirmation>" + NL + - " </saml:Subject>" + NL + - " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''MandateData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{8}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - "{11}" + - "{12}" + - "{13}" + - " </saml:AttributeStatement>" + NL + - "</saml:Assertion>"; - - /** - * XML template for the <code><saml:Assertion></code> to be built - */ - private static final String AUTH_DATA_MANDATE_WITH_CONDITIONS = - "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL + - "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" + - " xmlns:si=''" + XSI_NS_URI + "''" + - " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL + - "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL + - " <saml:AttributeStatement>" + NL + - " <saml:Subject>" + NL + - " <saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL + - " <saml:SubjectConfirmation>" + NL + - " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL + - " <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL + - " </saml:SubjectConfirmation>" + NL + - " </saml:Subject>" + NL + - " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''MandateData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL + - " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{11}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{12}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL + - "{13}" + - "{14}" + - "{15}" + - " </saml:AttributeStatement>" + NL + - "</saml:Assertion>"; - /** - * XML template for the <code><saml:Attribute></code> named <code>"isPublicAuthority"</code>, - * to be inserted into the <code><saml:Assertion></code> - */ - private static final String PUBLIC_AUTHORITY_ATT = - " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL + - " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL; - - private static final String SIGNER_CERTIFICATE_ATT = - " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + - " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + - " </saml:Attribute>" + NL; - - /** - * Constructor for AuthenticationDataAssertionBuilder. - */ - public AuthenticationDataAssertionBuilder() { - super(); - } - - /** - * Builds the authentication data <code><saml:Assertion></code>. - * - * @param authData the <code>AuthenticationData</code> to build the - * <code><saml:Assertion></code> from - * @param xmlPersonData <code>lt;pr:Person></code> element as a String - * @param xmlAuthBlock authentication block to be included in a - * <code>lt;saml:SubjectConfirmationData></code> element; may include - * the <code>"Stammzahl"</code> or not; may be empty - * @param xmlIdentityLink the IdentityLink - * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe - * an empty string if the signer certificate should not be provided. - * Will be ignored if the <code>businessService</code> parameter is - * set to <code>false</code>. - * @param businessService <code>true</code> if the online application is a - * business service, otherwise <code>false</code> - * @return the <code><saml:Assertion></code> - * @throws BuildException if an error occurs during the build process - */ - public String build( - SAML1AuthenticationData authData, - String xmlPersonData, - String xmlAuthBlock, - String xmlIdentityLink, - String bkuURL, - String signerCertificateBase64, - boolean businessService, - List<ExtendedSAMLAttribute> extendedSAMLAttributes, - boolean useCondition, - int conditionLength) - throws BuildException - { - - String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; - - String publicAuthorityAttribute = ""; - if (authData.isPublicAuthority()) { - String publicAuthorityIdentification = authData.getPublicAuthorityCode(); - if (publicAuthorityIdentification == null) - publicAuthorityIdentification = "True"; - publicAuthorityAttribute = MessageFormat.format( - PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); - } - - - String signerCertificateAttribute = ""; - if (signerCertificateBase64 != "") { - signerCertificateAttribute = MessageFormat.format( - SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); - } - - String pkType; - String pkValue; - if (businessService) { - pkType = authData.getBPKType(); - pkValue = authData.getBPK(); - - } else { - // <saml:NameIdentifier NameQualifier> always has the bPK as type/value - pkType = URN_PREFIX_BPK; - pkValue = authData.getBPK(); - } - -// System.out.println("pkType; " + pkType); -// System.out.println("pkValue; " + pkValue); - - String assertion; - try { - - if (!useCondition) { - assertion = MessageFormat.format(AUTH_DATA, new Object[] { - authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), - pkType, - pkValue, - StringUtils.removeXMLDeclaration(xmlAuthBlock), - StringUtils.removeXMLDeclaration(xmlIdentityLink), - StringUtils.removeXMLDeclaration(xmlPersonData), - isQualifiedCertificate, - bkuURL, - publicAuthorityAttribute, - signerCertificateAttribute, - buildExtendedSAMLAttributes(extendedSAMLAttributes)}); - } - else { - Calendar cal = Calendar.getInstance(); - String notBefore = DateTimeUtils.buildDateTimeUTC(cal); - if (conditionLength <= 0) - cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH); - else - cal.add(Calendar.SECOND, conditionLength); - - String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal); - - assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] { - authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), - notBefore, - notOnOrAfter, - pkType, - pkValue, - StringUtils.removeXMLDeclaration(xmlAuthBlock), - StringUtils.removeXMLDeclaration(xmlIdentityLink), - StringUtils.removeXMLDeclaration(xmlPersonData), - isQualifiedCertificate, - bkuURL, - publicAuthorityAttribute, - signerCertificateAttribute, - buildExtendedSAMLAttributes(extendedSAMLAttributes)}); - } - - - } catch (ParseException e) { - Logger.error("Error on building Authentication Data Assertion: " + e.getMessage()); - throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()}); - } - return assertion; - } - - /** - * Builds the authentication data <code><saml:Assertion></code>. - * - * @param authData the <code>AuthenticationData</code> to build the - * <code><saml:Assertion></code> from - * @param xmlPersonData <code>lt;pr:Person></code> element as a String - * @param xmlAuthBlock authentication block to be included in a - * <code>lt;saml:SubjectConfirmationData></code> element; may include - * the <code>"Stammzahl"</code> or not; may be empty - * @param xmlIdentityLink the IdentityLink - * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe - * an empty string if the signer certificate should not be provided. - * Will be ignored if the <code>businessService</code> parameter is - * set to <code>false</code>. - * @param businessService <code>true</code> if the online application is a - * business service, otherwise <code>false</code> - * @return the <code><saml:Assertion></code> - * @throws BuildException if an error occurs during the build process - */ - public String buildMandate( - SAML1AuthenticationData authData, - String xmlPersonData, - String xmlMandateData, - String xmlAuthBlock, - String xmlIdentityLink, - String bkuURL, - String signerCertificateBase64, - boolean businessService, - List<ExtendedSAMLAttribute> extendedSAMLAttributes, - boolean useCondition, - int conditionLength) - throws BuildException - { - - String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; - String publicAuthorityAttribute = ""; - if (authData.isPublicAuthority()) { - String publicAuthorityIdentification = authData.getPublicAuthorityCode(); - if (publicAuthorityIdentification == null) - publicAuthorityIdentification = "True"; - publicAuthorityAttribute = MessageFormat.format( - PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); - } - - - String signerCertificateAttribute = ""; - if (signerCertificateBase64 != "") { - signerCertificateAttribute = MessageFormat.format( - SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); - } - - String pkType; - String pkValue; - if (businessService) { - pkType = authData.getBPKType(); - pkValue = authData.getBPK(); - - } else { - // <saml:NameIdentifier NameQualifier> always has the bPK as type/value - pkType = URN_PREFIX_BPK; - pkValue = authData.getBPK(); - } - -// System.out.println("pkType; " + pkType); -// System.out.println("pkValue; " + pkValue); - - String assertion; - try { - - - - if (!useCondition) { - assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] { - authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), - pkType, - pkValue, - StringUtils.removeXMLDeclaration(xmlAuthBlock), - StringUtils.removeXMLDeclaration(xmlIdentityLink), - StringUtils.removeXMLDeclaration(xmlPersonData), - StringUtils.removeXMLDeclaration(xmlMandateData), - isQualifiedCertificate, - bkuURL, - publicAuthorityAttribute, - signerCertificateAttribute, - buildExtendedSAMLAttributes(extendedSAMLAttributes)}); - } - else { - Calendar cal = Calendar.getInstance(); - String notBefore = DateTimeUtils.buildDateTimeUTC(cal); - if (conditionLength <= 0) - cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH); - else - cal.add(Calendar.SECOND, conditionLength); - - String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal); - - assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] { - authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), - notBefore, - notOnOrAfter, - pkType, - pkValue, - StringUtils.removeXMLDeclaration(xmlAuthBlock), - StringUtils.removeXMLDeclaration(xmlIdentityLink), - StringUtils.removeXMLDeclaration(xmlPersonData), - StringUtils.removeXMLDeclaration(xmlMandateData), - isQualifiedCertificate, - bkuURL, - publicAuthorityAttribute, - signerCertificateAttribute, - buildExtendedSAMLAttributes(extendedSAMLAttributes)}); - } - - - - - - - } catch (ParseException e) { - Logger.error("Error on building Authentication Data Assertion: " + e.getMessage()); - throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()}); - } - return assertion; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 573f2e09f..9d4ecfcfa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -27,6 +27,7 @@ import iaik.x509.X509Certificate; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; +import java.lang.reflect.InvocationTargetException; import java.security.PrivateKey; import java.util.ArrayList; import java.util.Arrays; @@ -94,8 +95,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtracto import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; @@ -135,19 +134,29 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { AuthenticationData authdata = null; - if (protocolRequest instanceof SAML1RequestImpl) { - //request is SAML1 - SAML1AuthenticationData saml1authdata = new SAML1AuthenticationData(); - if (session.getExtendedSAMLAttributesOA() == null) - saml1authdata.setExtendedSAMLAttributesOA(new ArrayList<ExtendedSAMLAttribute>()); - else - saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA()); + try { + Object saml1Requst = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl").newInstance(); + IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance(); + if (protocolRequest.getClass().isInstance(saml1Requst)) { + //request is SAML1 + if (session.getExtendedSAMLAttributesOA() == null) { + saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList<ExtendedSAMLAttribute>()); + + } else { + saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA()); + } + + authdata = (AuthenticationData) saml1authdata; + + } else { + authdata = new AuthenticationData(); + + } - authdata = saml1authdata; - - } else { + + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { authdata = new AuthenticationData(); - + } //reuse some parameters if it is a reauthentication @@ -1034,7 +1043,16 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl String target = null; - if (protocolRequest instanceof SAML1RequestImpl) + Object saml1Requst = null; + try { + saml1Requst = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl").newInstance(); + + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | java.lang.SecurityException ex) { + + + } + + if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst)) target = protocolRequest.getTarget(); else target = oaParam.getTarget(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java index bc3645e74..79b09503f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.builder; +import java.lang.reflect.InvocationTargetException; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -35,7 +36,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -121,24 +121,28 @@ public class DynamicOAAuthParameterBuilder { dynOAParams.setApplicationID(oaParam.getPublicURLPrefix()); dynOAParams.setBusinessService(oaParam.getBusinessService()); - if (protocolRequest instanceof MOASTORKRequest) - return buildFromSTORKRequest(dynOAParams, (MOASTORKRequest) protocolRequest); + Object storkRequst = null; + try { + storkRequst = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest").newInstance(); + if (storkRequst != null && + protocolRequest.getClass().isInstance(storkRequst)) { + + dynOAParams.setBusinessTarget(Constants.URN_PREFIX_STORK + "+" + "AT" + "+" + + protocolRequest.getClass().getMethod("getSpCountry", null).invoke(protocolRequest, null)); + dynOAParams.setBusinessService(true); + + } + + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { + + + } + +// if (protocolRequest instanceof MOASTORKRequest) +// return buildFromSTORKRequest(dynOAParams, (MOASTORKRequest) protocolRequest); Logger.warn("Dynamic OA generation failed. RequestType is not implemented."); return null; } - /** - * @param oaParam - * @param protocolRequest - * @return - */ - private static IOAAuthParameters buildFromSTORKRequest( - DynamicOAAuthParameters oaParam, MOASTORKRequest protocolRequest) { - - oaParam.setBusinessTarget(Constants.URN_PREFIX_STORK + "+" + "AT" + "+" + protocolRequest.getSpCountry()); - oaParam.setBusinessService(true); - - return oaParam; - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index dff2daa09..99ba49d26 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -38,7 +38,6 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -137,12 +136,12 @@ public class LoginFormBuilder { } if(value != null) { - if(modul == null) { - modul = SAML1Protocol.PATH; - } - if(action == null) { - action = SAML1Protocol.GETARTIFACT; - } +// if(modul == null) { +// modul = SAML1Protocol.PATH; +// } +// if(action == null) { +// action = SAML1Protocol.GETARTIFACT; +// } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); value = value.replace(OANAME, oaParam.getFriendlyName()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index 253125fe9..02aaac8cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -35,7 +35,6 @@ import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; @@ -138,12 +137,12 @@ public class SendAssertionFormBuilder { } if(value != null) { - if(modul == null) { - modul = SAML1Protocol.PATH; - } - if(action == null) { - action = SAML1Protocol.GETARTIFACT; - } +// if(modul == null) { +// modul = SAML1Protocol.PATH; +// } +// if(action == null) { +// action = SAML1Protocol.GETARTIFACT; +// } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); value = value.replace(ID, id); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 76bf93249..1729bbfc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -43,22 +43,14 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; -import java.util.Iterator; import java.util.List; -import java.util.Vector; -import org.w3c.dom.Element; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; -import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; /** * Session data to be stored between <code>AuthenticationServer</code> API calls. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 32ee2a126..998aa67eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -38,7 +38,6 @@ import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -128,7 +127,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!oaParam.getBusinessService()) { if (StringUtils.isEmpty(targetConfig) - || (module.equals(SAML1Protocol.PATH) && + || (module.equals("id_saml1") && !StringUtils.isEmpty(target)) ) { //INFO: ONLY SAML1 legacy mode @@ -289,13 +288,13 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ modul = StringEscapeUtils.escapeHtml(modul); action = StringEscapeUtils.escapeHtml(action); - if(modul == null) { - modul = SAML1Protocol.PATH; - } - - if(action == null) { - action = SAML1Protocol.GETARTIFACT; - } +// if(modul == null) { +// modul = SAML1Protocol.PATH; +// } +// +// if(action == null) { +// action = SAML1Protocol.GETARTIFACT; +// } moasession.setModul(modul); moasession.setAction(action); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index c33cb3d81..6feb0b260 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -47,10 +47,8 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.process.ProcessInstance; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; @@ -121,7 +119,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && - pendingReq.requestedModule().equals(SAML1Protocol.PATH)) + pendingReq.requestedModule().equals("id_saml1")) target = pendingReq.getTarget(); else target = oaParam.getTarget(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 600ef2c76..064431a6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -133,8 +133,8 @@ public class SSOSendAssertionServlet extends AuthServlet{ AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); //log event - String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + //String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); + IRequest pendingReq = RequestStorage.getPendingRequest(id); MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED); String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), @@ -143,6 +143,7 @@ public class SSOSendAssertionServlet extends AuthServlet{ resp.setContentType("text/html"); resp.setStatus(302); + resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); |