aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-06-14 13:55:39 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-06-14 13:55:39 +0200
commit3b26a365d832d4b0664777d2c348606247022564 (patch)
treece9d87c9144d75afad3be5fe4af503f7c4d78b4f /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols
parent2a073c6727d704271e17d9b682be28410f23aae7 (diff)
downloadmoa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.gz
moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.bz2
moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.zip
some more stuff
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java153
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java138
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java216
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java18
41 files changed, 1077 insertions, 765 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
deleted file mode 100644
index 9262e97c2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class BPKAttributeBuilder implements IPVPAttributeBuilder {
-
- public String getName() {
- return BPK_NAME;
- }
-
- public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
- IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- String bpk = authData.getBPK();
- String type = authData.getBPKType();
-
- if (MiscUtil.isEmpty(bpk))
- throw new UnavailableAttributeException(BPK_NAME);
-
- if (type.startsWith(Constants.URN_PREFIX_WBPK))
- type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_CDID))
- type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_EIDAS))
- type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-
- if (bpk.length() > BPK_MAX_LENGTH) {
- bpk = bpk.substring(0, BPK_MAX_LENGTH);
- }
-
- Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-
- return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
- }
-
- public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
deleted file mode 100644
index 783e044f8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
-
- public String getName() {
- return EID_SECTOR_FOR_IDENTIFIER_NAME;
- }
-
- public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
- IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- String bpktype = authData.getBPKType();
-
- if (MiscUtil.isEmpty(authData.getBPKType()))
- throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME);
-
- return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
- }
-
- public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 2f18c78e2..7c2207d1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -43,11 +44,14 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
try {
- byte[] signerCertificate = authData.getSignerCertificate();
- if (signerCertificate != null) {
- return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME,
+ if (authData instanceof IMOAAuthData) {
+ byte[] signerCertificate = ((IMOAAuthData)authData).getSignerCertificate();
+ if (signerCertificate != null) {
+ return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME,
Base64Utils.encodeToString(signerCertificate));
- }
+ }
+ } else
+ Logger.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context");
}catch (Exception e) {
Logger.info("Signer certificate BASE64 encoding error");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index e91bc90d6..090cf6b21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
@@ -38,16 +40,20 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.getEncbPKList() != null &&
- authData.getEncbPKList().size() > 0) {
- String value = authData.getEncbPKList().get(0);
- for (int i=1; i<authData.getEncbPKList().size(); i++)
- value += ";"+authData.getEncbPKList().get(i);
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).getEncbPKList() != null &&
+ ((IMOAAuthData)authData).getEncbPKList().size() > 0) {
+ String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+ for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
+ value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);
- return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
- value);
+ return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
+ value);
- }
+ }
+
+ } else
+ Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
index e1e7440e6..c65199dd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
import java.io.IOException;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -45,7 +45,7 @@ public class HolderOfKey implements IPVPAttributeBuilder {
try {
byte[] certEncoded = authData.getGenericData(
- MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE,
+ EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE,
byte[].class);
if (certEncoded != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 007f7403a..171dfe2d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -45,25 +46,30 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //only provide full mandate if it is included.
- //In case of federation only a short mandate could be include
- if (authData.getMandate() != null) {
- String fullMandate;
- try {
- fullMandate = DOMUtils.serializeNode(authData
- .getMandate());
- return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
- MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
- } catch (TransformerException e) {
- Logger.error("Failed to generate Full Mandate", e);
- } catch (IOException e) {
- Logger.error("Failed to generate Full Mandate", e);
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //only provide full mandate if it is included.
+ //In case of federation only a short mandate could be include
+ if (((IMOAAuthData)authData).getMandate() != null) {
+ String fullMandate;
+ try {
+ fullMandate = DOMUtils.serializeNode(((IMOAAuthData)authData)
+ .getMandate());
+ return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
+ } catch (TransformerException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ } catch (IOException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ }
}
+ throw new NoMandateDataAttributeException();
+
}
- throw new NoMandateDataAttributeException();
- }
+ } else
+ Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index e41a5ccf1..26ea1823e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,34 +45,39 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
-
- //get PVP attribute directly, if exists
- String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
-
- if (MiscUtil.isEmpty(fullName)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
-
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
-
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+
+ //get PVP attribute directly, if exists
+ String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
+
+ if (MiscUtil.isEmpty(fullName)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if (corporation == null) {
+ Logger.info("No corporation mandate");
+ throw new NoMandateDataAttributeException();
+
+ }
+ fullName = corporation.getFullName();
}
- CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
- if (corporation == null) {
- Logger.info("No corporation mandate");
- throw new NoMandateDataAttributeException();
-
- }
- fullName = corporation.getFullName();
+ return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
+ fullName);
+
}
- return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
- fullName);
- }
+ } else
+ Logger.info(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index e20cf6684..cad8416b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,11 +45,14 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
- MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData));
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)));
- }
+ }
+ } else
+ Logger.info(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
return null;
@@ -59,7 +63,7 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu
}
- protected String getLegalPersonIdentifierFromMandate(IAuthData authData) throws NoMandateDataAttributeException {
+ protected String getLegalPersonIdentifierFromMandate(IMOAAuthData authData) throws NoMandateDataAttributeException {
//get PVP attribute directly, if exists
String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 098ecf68f..5fa0a5c48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,39 +45,44 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+ if (MiscUtil.isEmpty(sourcePinType)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
- if (MiscUtil.isEmpty(sourcePinType)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
-
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
-
- }
- CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
- if (corporation == null) {
- Logger.info("No corporate mandate");
- throw new NoMandateDataAttributeException();
-
- }
- if (corporation.getIdentification().size() == 0) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if (corporation == null) {
+ Logger.info("No corporate mandate");
+ throw new NoMandateDataAttributeException();
+
+ }
+ if (corporation.getIdentification().size() == 0) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+
+ }
+ sourcePinType = corporation.getIdentification().get(0).getType();
}
- sourcePinType = corporation.getIdentification().get(0).getType();
+ return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+ sourcePinType);
}
- return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
- sourcePinType);
- }
+ } else
+ Logger.info(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ebec019ae..9160ef453 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -107,46 +108,49 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {
//get PVP attribute directly, if exists
Pair<String, String> calcResult = null;
-
- if (authData.isUseMandate()) {
- String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
-
- if (MiscUtil.isEmpty(bpk)) {
- //read bPK from mandate if it is not directly included
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
- IdentificationType id = null;
- id = physicalPerson.getIdentification().get(0);
- if (id == null) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
- }
-
-
- if (id.getType().equals(Constants.URN_PREFIX_BASEID))
- calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(),
- oaParam.getAreaSpecificTargetIdentifier());
- else
- calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
-
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
- } else {
- Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
- calcResult = Pair.newInstance(bpk, null);
+ if (MiscUtil.isEmpty(bpk)) {
+ //read bPK from mandate if it is not directly included
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ if (id == null) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+ }
+
+
+ if (id.getType().equals(Constants.URN_PREFIX_BASEID))
+ calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(),
+ oaParam.getAreaSpecificTargetIdentifier());
+ else
+ calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+
+ } else {
+ Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
+ calcResult = Pair.newInstance(bpk, null);
+
+ }
}
- }
+
+ } else
+ Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context");
return calcResult;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index 0b8263ffb..e91087484 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -65,41 +66,44 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException {
- if (authData.isUseMandate()) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
//get PVP attribute directly, if exists
String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class);
if (MiscUtil.isEmpty(birthDayString)) {
- //read bPK from mandate if it is not directly included
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.info("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
+ if (authData instanceof IMOAAuthData) {
+ //read bPK from mandate if it is not directly included
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.info("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
- String dateOfBirth = physicalPerson.getDateOfBirth();
- try {
- DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
- mandateFormat.setLenient(false);
- Date date = mandateFormat.parse(dateOfBirth);
- DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
- birthDayString = pvpDateFormat.format(date);
+ String dateOfBirth = physicalPerson.getDateOfBirth();
+ try {
+ DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+ mandateFormat.setLenient(false);
+ Date date = mandateFormat.parse(dateOfBirth);
+ DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+ birthDayString = pvpDateFormat.format(date);
- }
- catch (ParseException e) {
- Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
- throw new InvalidDateFormatAttributeException();
+ }
+ catch (ParseException e) {
+ Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
+ throw new InvalidDateFormatAttributeException();
- }
+ }
+ } else
+ Logger.info(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + " is only available in MOA-ID context");
} else {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 38a520298..9261ba063 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -47,40 +48,45 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
- //get PVP attribute directly, if exists
- String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
-
- if (MiscUtil.isEmpty(familyName)) {
- //read mandator familyName from mandate if it is not directly included
- Element mandate = authData.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if(physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
-
- StringBuilder sb = new StringBuilder();
- Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+ //get PVP attribute directly, if exists
+ String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
- while(fNamesit.hasNext())
- sb.append(" " + fNamesit.next().getValue());
-
- familyName = sb.toString();
+ if (MiscUtil.isEmpty(familyName)) {
+ //read mandator familyName from mandate if it is not directly included
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+
+ while(fNamesit.hasNext())
+ sb.append(" " + fNamesit.next().getValue());
+
+ familyName = sb.toString();
+
+ }
+ return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
}
- return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
- MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
- }
+ } else
+ Logger.info(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index be8e761e0..fe952253d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -46,37 +47,41 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
-
- if (MiscUtil.isEmpty(givenName)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
- StringBuilder sb = new StringBuilder();
- Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
-
- while (gNamesit.hasNext())
- sb.append(" " + gNamesit.next());
-
- givenName = sb.toString();
+ if (MiscUtil.isEmpty(givenName)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+
+ while (gNamesit.hasNext())
+ sb.append(" " + gNamesit.next());
+
+ givenName = sb.toString();
+
+ }
+ return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
}
- return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
- }
+ } else
+ Logger.info(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 2890b72d9..3c0a2cc94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -45,36 +46,41 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- Element mandate = authData.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator()
- .getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
- IdentificationType id = null;
- id = physicalPerson.getIdentification().get(0);
-
- if(authData.isBaseIDTransferRestrication()) {
- throw new AttributePolicyException(this.getName());
- }
-
- if(id == null) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+
+ if(authData.isBaseIDTransferRestrication()) {
+ throw new AttributePolicyException(this.getName());
+ }
+
+ if(id == null) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+ }
+
+ return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
}
- return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
- MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
- }
+ } else
+ Logger.info(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 6b3ed6768..0d9009778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,31 +45,36 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- Element mandate = authData.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator()
- .getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
- IdentificationType id = null;
- id = physicalPerson.getIdentification().get(0);
- if(id == null) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
- }
-
- return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
- MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
- }
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ if(id == null) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+ }
+
+ return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+
+ } else
+ Logger.info(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index d8804d395..3cd9ef3e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -31,8 +31,10 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -43,42 +45,47 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
-
- if (MiscUtil.isEmpty(profRepName)) {
- IMISMandate misMandate = authData.getMISMandate();
-
- if(misMandate == null) {
- throw new NoMandateDataAttributeException();
- }
-
- profRepName = misMandate.getTextualDescriptionOfOID();
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
- //only read textual prof. rep. OID describtion from mandate annotation
- // if also OID exists
- if (MiscUtil.isEmpty(profRepName)
- && MiscUtil.isNotEmpty(misMandate.getProfRep())) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
+ if (MiscUtil.isEmpty(profRepName)) {
+ IMISMandate misMandate = ((IMOAAuthData)authData).getMISMandate();
+
+ if(misMandate == null) {
throw new NoMandateDataAttributeException();
}
- Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate());
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
-
- profRepName = mandateObject.getAnnotation();
+ profRepName = misMandate.getTextualDescriptionOfOID();
+
+ //only read textual prof. rep. OID describtion from mandate annotation
+ // if also OID exists
+ if (MiscUtil.isEmpty(profRepName)
+ && MiscUtil.isNotEmpty(misMandate.getProfRep())) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(((IMOAAuthData)authData).getMandate());
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+
+ profRepName = mandateObject.getAnnotation();
+
+ }
}
+
+ if(MiscUtil.isNotEmpty(profRepName))
+ return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, profRepName);
+
}
- if(MiscUtil.isNotEmpty(profRepName))
- return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
- MANDATE_PROF_REP_DESC_NAME, profRepName);
-
- }
+ } else
+ Logger.info(MANDATE_PROF_REP_DESC_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 555f92fe0..6cdf64dc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -28,7 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,25 +41,30 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);
-
- if (MiscUtil.isEmpty(profRepOID)) {
- IMISMandate mandate = authData.getMISMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);
+
+ if (MiscUtil.isEmpty(profRepOID)) {
+ IMISMandate mandate = ((IMOAAuthData)authData).getMISMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+
+ profRepOID = mandate.getProfRep();
+
}
-
- profRepOID = mandate.getProfRep();
+
+ if(MiscUtil.isEmpty(profRepOID))
+ return null;
+ else
+ return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
}
-
- if(MiscUtil.isEmpty(profRepOID))
- return null;
- else
- return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
- }
+ } else
+ Logger.info(MANDATE_PROF_REP_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 45cce5852..f609117a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
@@ -36,11 +38,16 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+
+ return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
+ ((IMOAAuthData)authData).getMandateReferenceValue());
+ }
+
+ } else
+ Logger.info(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME + " is only available in MOA-ID context");
- return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
- authData.getMandateReferenceValue());
- }
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index 3bc7d5a2d..5471c5a13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -30,8 +30,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
@@ -42,27 +44,32 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
-
- if (MiscUtil.isEmpty(mandateType)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
+
+ if (MiscUtil.isEmpty(mandateType)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ mandateType = mandateObject.getAnnotation();
}
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- mandateType = mandateObject.getAnnotation();
-
+ return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
}
-
- return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
- }
+
+ } else
+ Logger.info(MANDATE_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index d5c89fc97..88f5bc2f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -38,18 +39,23 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
-
- if (MiscUtil.isEmpty(mandateType)) {
- Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
- return null;
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
+ if (MiscUtil.isEmpty(mandateType)) {
+ Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
+ return null;
+
+ }
+
+ return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
}
-
- return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
- }
+
+ } else
+ Logger.info(MANDATE_TYPE_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index cc48873af..c17f1a4dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -37,36 +37,50 @@ import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.data.Trible;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -76,12 +90,15 @@ import at.gv.egovernment.moa.logging.Logger;
public class AttributQueryAction implements IAction {
@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
- @Autowired private AuthenticationDataBuilder authDataBuilder;
+ @Autowired private IAuthenticationDataBuilder authDataBuilder;
@Autowired private IDPCredentialProvider pvpCredentials;
@Autowired private AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired(required=true) ApplicationContext springContext;
+ @Autowired private AttributQueryBuilder attributQueryBuilder;
+ @Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -109,14 +126,14 @@ public class AttributQueryAction implements IAction {
try {
//get Single Sign-On information for the Service-Provider
// which sends the Attribute-Query request
- AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+ AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
if (moaSession == null) {
- Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND.");
- throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()});
+ Logger.warn("No MOASession with ID:" + pendingReq.getSSOSessionIdentifier() + " FOUND.");
+ throw new MOAIDException("auth.02", new Object[]{pendingReq.getSSOSessionIdentifier()});
}
InterfederationSessionStore nextIDPInformation =
- authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID());
+ authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
AttributeQuery attrQuery =
(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
@@ -157,9 +174,9 @@ public class AttributQueryAction implements IAction {
throw new MOAIDException("pvp2.01", null, e);
} catch (MOADatabaseException e) {
- Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier()
+ Logger.error("MOASession with SessionID=" + pendingReq.getSSOSessionIdentifier()
+ " is not found in Database", e);
- throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() });
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getSSOSessionIdentifier() });
}
@@ -195,7 +212,7 @@ public class AttributQueryAction implements IAction {
((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {
- authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+ authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
}
//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
@@ -208,15 +225,18 @@ public class AttributQueryAction implements IAction {
+ " for authentication information.");
//load configuration of next IDP
- IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix());
- if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) {
+ IOAAuthParameters idpLoaded =
+ authConfig.getServiceProviderConfiguration(
+ nextIDPInformation.getIdpurlprefix(),
+ OAAuthParameterDecorator.class);
+ if (idpLoaded == null || !(idpLoaded instanceof IOAAuthParameters)) {
Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix()
+ "is not loadable.");
throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()});
}
- OAAuthParameter idp = (OAAuthParameter) idpLoaded;
+ IOAAuthParameters idp = idpLoaded;
//check if next IDP config allows inbound messages
if (!idp.isInboundSSOInterfederationAllowed()) {
@@ -227,7 +247,7 @@ public class AttributQueryAction implements IAction {
}
//check next IDP service area policy. BusinessService IDPs can only request wbPKs
- if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) {
+ if (!spConfig.hasBaseIdTransferRestriction() && idp.hasBaseIdTransferRestriction()) {
Logger.error("Interfederated IDP " + idp.getPublicURLPrefix()
+ " is a BusinessService-IDP but requests PublicService attributes.");
throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()});
@@ -239,7 +259,7 @@ public class AttributQueryAction implements IAction {
* 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module
* but used in moa-id-lib. This should be refactored!!!
*/
- AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes,
+ AssertionAttributeExtractor extractor = getAuthDataFromAttributeQuery(reqAttributes,
nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata");
//mark attribute request as used
@@ -262,7 +282,7 @@ public class AttributQueryAction implements IAction {
} else {
Logger.debug("Build authData for AttributQuery from local MOASession.");
- IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig);
+ IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq);
//add default attributes in case of mandates or STORK is in use
List<String> attrList = addDefaultAttributes(reqAttributes, authData);
@@ -270,12 +290,19 @@ public class AttributQueryAction implements IAction {
//build Set of response attributes
List<Attribute> respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList);
- return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel());
+ return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getEIDASQAALevel());
}
} catch (MOAIDException e) {
throw e;
+
+ } catch (EAAFAuthenticationException e) {
+ throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+
+ } catch (EAAFConfigurationException e) {
+ throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+
}
}
@@ -307,7 +334,8 @@ public class AttributQueryAction implements IAction {
}
//add default mandate attributes if it is a authentication with mandates
- if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+ if (authData instanceof IMOAAuthData)
+ if (((IMOAAuthData)authData).isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
for (String el : DEFAULTMANDATEATTRIBUTES) {
if (!reqAttributeNames.contains(el))
reqAttributeNames.add(el);
@@ -317,4 +345,76 @@ public class AttributQueryAction implements IAction {
return reqAttributeNames;
}
+ /**
+ * Get PVP authentication attributes by using a SAML2 AttributeQuery
+ *
+ * @param reqQueryAttr List of PVP attributes which are requested
+ * @param userNameID SAML2 UserNameID of the user for which attributes are requested
+ * @param idpConfig Configuration of the IDP, which is requested
+ * @return
+ * @return PVP attribute DAO, which contains all received information
+ * @throws MOAIDException
+ */
+ public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
+ String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+ String idpEnityID = idpConfig.getPublicURLPrefix();
+
+ try {
+ Logger.debug("Starting AttributeQuery process ...");
+ //collect attributes by using BackChannel communication
+ String endpoint = idpConfig.getIDPAttributQueryServiceURL();
+ if (MiscUtil.isEmpty(endpoint)) {
+ Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
+ throw new ConfigurationException("config.26", new Object[]{idpEnityID});
+
+ }
+
+ //build attributQuery request
+ AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
+
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("auth.27",
+ new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
+
+ }
+
+ Response intfResp;
+ if (xmlObjects.get(0) instanceof Response) {
+ intfResp = (Response) xmlObjects.get(0);
+
+ //validate PVP 2.1 response
+ try {
+ samlVerificationEngine.verifyIDPResponse(intfResp,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+ metadataProvider));
+
+ //create assertion attribute extractor from AttributeQuery response
+ return new AssertionAttributeExtractor(intfResp);
+
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("auth.27",
+ new Object[]{idpEnityID, e.getMessage()}, e);
+ }
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("auth.27",
+ new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
+
+ }
+
+ } catch (SOAPException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (SecurityException e) {
+ throw new BuildException("builder.06", null, e);
+
+ }
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index a8adc9ca0..43c860488 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -38,10 +38,10 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IAction;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.logging.Logger;
@Service("PVPAuthenticationRequestAction")
public class AuthenticationAction implements IAction {
- @Autowired IDPCredentialProvider pvpCredentials;
+ @Autowired IDPCredentialProvider pvpCredentials;
@Autowired AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired(required=true) ApplicationContext springContext;
@@ -123,7 +123,7 @@ public class AuthenticationAction implements IAction {
//set protocol type
sloInformation.setProtocolType(req.requestedModule());
- sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
+ sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
return sloInformation;
} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index baaf8b681..76956b5a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -30,10 +30,10 @@ import org.springframework.stereotype.Service;
import com.google.common.net.MediaType;
-import at.gv.egiz.eaaf.core.api.IAction;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -48,7 +48,7 @@ public class MetadataAction implements IAction {
- @Autowired private IRevisionLogger revisionsLogger;
+ @Autowired private IRevisionLogger revisionsLogger;
@Autowired private IDPCredentialProvider credentialProvider;
@Autowired private PVPMetadataBuilder metadatabuilder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 038e384f3..591aaa7cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,6 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.util.Arrays;
import java.util.List;
@@ -57,14 +59,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -80,7 +83,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -90,16 +92,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-
+
@Controller
public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
@@ -107,6 +107,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
@Autowired SAMLVerificationEngineSP samlVerificationEngine;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+
public static final String NAME = PVP2XProtocol.class.getName();
public static final String PATH = "id_pvp2x";
@@ -137,16 +139,17 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
public PVP2XProtocol() {
super();
- }
+ }
//PVP2.x metadata end-point
@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
- public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
- if (!authConfig.getAllowedProtocols().isPVP21Active()) {
- Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+// Logger.info("PVP2.1 is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//
+// }
+
//create pendingRequest object
PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
pendingReq.initialize(req);
@@ -166,12 +169,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//PVP2.x IDP POST-Binding end-point
@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
- public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
- if (!authConfig.getAllowedProtocols().isPVP21Active()) {
- Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+// Logger.info("PVP2.1 is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//
+// }
PVPTargetConfiguration pendingReq = null;
@@ -206,7 +209,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
} catch (SecurityException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -216,7 +219,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
} catch (MOAIDException e) {
@@ -240,10 +243,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//PVP2.x IDP Redirect-Binding end-point
@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
- public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+ public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
}
PVPTargetConfiguration pendingReq = null;
@@ -278,7 +281,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
} catch (SecurityException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -288,7 +291,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
} catch (MOAIDException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -315,12 +318,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//PVP2.x IDP SOAP-Binding end-point
@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
- public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
- if (!authConfig.getAllowedProtocols().isPVP21Active()) {
- Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+// Logger.info("PVP2.1 is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//
+// }
PVPTargetConfiguration pendingReq = null;
try {
@@ -354,7 +357,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
} catch (SecurityException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -364,7 +367,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
} catch (MOAIDException e) {
//write revision log entries
@@ -393,7 +396,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
InboundMessage msg = pendingReq.getRequest();
if (MiscUtil.isEmpty(msg.getEntityID())) {
- throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
}
@@ -425,8 +428,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
}
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
//switch to session authentication
performAuthentication(request, response, pendingReq);
@@ -451,7 +453,6 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
- ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
String moaError = null;
if(e instanceof NoPassivAuthenticationException) {
@@ -473,12 +474,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if(statusMessageValue != null) {
statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
}
- moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
+ moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
} else {
statusCode.setValue(StatusCode.RESPONDER_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
- moaError = errorUtils.getResponseErrorCode(e);
+ moaError = statusMessager.getResponseErrorCode(e);
}
@@ -544,10 +545,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
* @param response
* @param msg
* @return
+ * @throws EAAFException
* @throws MOAIDException
*/
private void preProcessLogOut(HttpServletRequest request,
- HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException {
+ HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
InboundMessage inMsg = pendingReq.getRequest();
MOARequest msg;
@@ -564,11 +566,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
String oaURL = metadata.getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+ ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
- pendingReq.setOAURL(oaURL);
+ pendingReq.setSPEntityId(oaURL);
pendingReq.setOnlineApplicationConfiguration(oa);
pendingReq.setBinding(msg.getRequestBinding());
@@ -584,17 +586,25 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
- List<String> allowedPublicURLPrefix =
- AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
- boolean isAllowedDestination = false;
+// List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
+// AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
- for (String prefix : allowedPublicURLPrefix) {
- if (resp.getDestination().startsWith(
- prefix)) {
- isAllowedDestination = true;
- break;
- }
+ boolean isAllowedDestination = false;
+ try {
+ isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
+
+ } catch (MalformedURLException e) {
+ Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
+
}
+
+// for (String prefix : allowedPublicURLPrefix) {
+// if (resp.getDestination().startsWith(
+// prefix)) {
+// isAllowedDestination = true;
+// break;
+// }
+// }
if (!isAllowedDestination) {
Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
@@ -607,7 +617,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
} else
- throw new MOAIDException("Unsupported request", new Object[] {});
+ throw new EAAFException("Unsupported request");
pendingReq.setRequest(inMsg);
@@ -641,13 +651,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
}
- //check if Issuer is an interfederation IDP
- // check parameter
- if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
-
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID());
+ //check if Issuer is an interfederation IDP
+ IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
if (!oa.isInderfederationIDP()) {
Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
@@ -671,7 +676,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//set preProcessed information into pending-request
pendingReq.setRequest(moaRequest);
- pendingReq.setOAURL(moaRequest.getEntityID());
+ pendingReq.setSPEntityId(moaRequest.getEntityID());
pendingReq.setOnlineApplicationConfiguration(oa);
pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
@@ -682,7 +687,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
pendingReq.setAction(AttributQueryAction.class.getName());
//add moasession
- pendingReq.setInternalSSOSessionIdentifier(session.getSessionID());
+ pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
//write revisionslog entry
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
@@ -717,13 +722,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (authnRequest.getIssueInstant() == null) {
Logger.warn("Unsupported request: No IssueInstant Attribute found.");
- throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {},
+ "Unsupported request: No IssueInstant Attribute found", pendingReq);
}
if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
- throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
+ "Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
}
@@ -790,22 +797,22 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
AuthnRequestValidator.validate(authReq);
- String useMandate = request.getParameter(PARAM_USEMANDATE);
- if(useMandate != null) {
- if(useMandate.equals("true") && attributeConsumer != null) {
- if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
- throw new MandateAttributesNotHandleAbleException();
- }
- }
- }
+// String useMandate = request.getParameter(PARAM_USEMANDATE);
+// if(useMandate != null) {
+// if(useMandate.equals("true") && attributeConsumer != null) {
+// if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+// throw new MandateAttributesNotHandleAbleException();
+// }
+// }
+// }
String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+ ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
- pendingReq.setOAURL(oaURL);
+ pendingReq.setSPEntityId(oaURL);
pendingReq.setOnlineApplicationConfiguration(oa);
pendingReq.setBinding(consumerService.getBinding());
pendingReq.setRequest(moaRequest);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 46e5b83f6..67cbafe90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
@Service("PVPAssertionStorage")
@@ -47,11 +47,11 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
relyingPartyId,
issuerId,
samlMessage);
-
- try {
+
+ try {
transactionStorage.put(artifact, assertion, -1);
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
// TODO Insert Error Handling, if Assertion could not be stored
throw new MarshallingException("Assertion are not stored in Database.",e);
}
@@ -61,7 +61,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
try {
return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
// TODO Insert Error Handling, if Assertion could not be read
e.printStackTrace();
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 060a5fcc2..95a2d8715 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,31 +22,24 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.logging.Logger;
@Component("PVPTargetConfiguration")
@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
public class PVPTargetConfiguration extends RequestImpl {
+ @Autowired(required=true) IConfiguration authConfig;
+
public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";
@@ -55,10 +48,17 @@ public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
+
+
InboundMessage request;
String binding;
String consumerURL;
+ public void initialize(HttpServletRequest req) throws EAAFException {
+ super.initialize(req, authConfig);
+
+ }
+
public InboundMessage getRequest() {
return request;
}
@@ -84,61 +84,61 @@ public class PVPTargetConfiguration extends RequestImpl {
}
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
- */
- @Override
- public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-
- Map<String, String> reqAttr = new HashMap<String, String>();
- for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
- reqAttr.put(el, "");
-
- try {
- SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-
- Integer aIdx = null;
- if (getRequest() instanceof MOARequest &&
- ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
- AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
- aIdx = authnRequest.getAttributeConsumingServiceIndex();
-
- } else {
- Logger.error("MOARequest is NOT of type AuthnRequest");
- }
-
- int idx = 0;
-
- AttributeConsumingService attributeConsumingService = null;
-
- if (aIdx != null) {
- idx = aIdx.intValue();
- attributeConsumingService = spSSODescriptor
- .getAttributeConsumingServices().get(idx);
-
- } else {
- List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
- for (AttributeConsumingService el : attrConsumingServiceList) {
- if (el.isDefault())
- attributeConsumingService = el;
- }
- }
-
- for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
- reqAttr.put(attr.getName(), "");
- }
-
- //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
- return reqAttr.keySet();
-
- } catch (NoMetadataInformationException e) {
- Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
- return null;
-
- }
-
- }
+// /* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+// */
+// @Override
+// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//
+// Map<String, String> reqAttr = new HashMap<String, String>();
+// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+// reqAttr.put(el, "");
+//
+// try {
+// SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+// if (spSSODescriptor.getAttributeConsumingServices() != null &&
+// spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+//
+// Integer aIdx = null;
+// if (getRequest() instanceof MOARequest &&
+// ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
+// AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
+// aIdx = authnRequest.getAttributeConsumingServiceIndex();
+//
+// } else {
+// Logger.error("MOARequest is NOT of type AuthnRequest");
+// }
+//
+// int idx = 0;
+//
+// AttributeConsumingService attributeConsumingService = null;
+//
+// if (aIdx != null) {
+// idx = aIdx.intValue();
+// attributeConsumingService = spSSODescriptor
+// .getAttributeConsumingServices().get(idx);
+//
+// } else {
+// List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+// for (AttributeConsumingService el : attrConsumingServiceList) {
+// if (el.isDefault())
+// attributeConsumingService = el;
+// }
+// }
+//
+// for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+// reqAttr.put(attr.getName(), "");
+// }
+//
+// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+// return reqAttr.keySet();
+//
+// } catch (NoMetadataInformationException e) {
+// Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+// return null;
+//
+// }
+//
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 2d8d0f66f..6b945d692 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -35,20 +35,20 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IAction;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -71,7 +71,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
public class SingleLogOutAction implements IAction {
@Autowired private SSOManager ssomanager;
- @Autowired private AuthenticationManager authManager;
+ @Autowired private IAuthenticationManager authManager;
@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
@Autowired private ITransactionStorage transactionStorage;
@Autowired private SingleLogOutBuilder sloBuilder;
@@ -84,7 +84,7 @@ public class SingleLogOutAction implements IAction {
@Override
public SLOInformationInterface processRequest(IRequest req,
HttpServletRequest httpReq, HttpServletResponse httpResp,
- IAuthData authData) throws MOAIDException {
+ IAuthData authData) throws EAAFException {
PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
@@ -94,12 +94,12 @@ public class SingleLogOutAction implements IAction {
MOARequest samlReq = (MOARequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
- IAuthenticationSession session =
- authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
+ String ssoSessionId =
+ authenticationSessionStorage.searchSSOSessionWithNameIDandOAID(
logOutReq.getIssuer().getValue(),
logOutReq.getNameID().getValue());
- if (session == null) {
+ if (MiscUtil.isEmpty(ssoSessionId)) {
Logger.warn("Can not find active SSO session with nameID "
+ logOutReq.getNameID().getValue() + " and OA "
+ logOutReq.getIssuer().getValue());
@@ -116,10 +116,10 @@ public class SingleLogOutAction implements IAction {
} else {
try {
- session = ssomanager.getInternalMOASession(ssoID);
+ ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID);
- if (session == null)
- throw new MOADatabaseException();
+ if (MiscUtil.isEmpty(ssoSessionId))
+ throw new MOADatabaseException("");
} catch (MOADatabaseException e) {
Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -134,8 +134,13 @@ public class SingleLogOutAction implements IAction {
}
}
- authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
-
+ pvpReq.setSSOSessionIdentifier(ssoSessionId);
+ ISLOInformationContainer sloInformationContainer
+ = authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId);
+
+ Logger.debug("Starting technical SLO process ... ");
+ sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
+
} else if (pvpReq.getRequest() instanceof MOAResponse &&
((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
Logger.debug("Process Single LogOut response");
@@ -178,7 +183,7 @@ public class SingleLogOutAction implements IAction {
// AssertionStore element = (AssertionStore) result.get(0);
// Object data = SerializationUtils.deserialize(element.getAssertion());
Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId());
- Object o = transactionStorage.getAssertionStore(relayState);
+ Object o = transactionStorage.getRaw(relayState);
if(o==null){
Logger.trace("No entries found.");
throw new MOADatabaseException("No sessioninformation found with this ID");
@@ -202,12 +207,12 @@ public class SingleLogOutAction implements IAction {
// session.saveOrUpdate(element);
// tx.commit();
Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId());
- transactionStorage.putAssertionStore(element);
+ transactionStorage.putRaw(element.getArtifact(), element);
//sloContainer could be stored to database
storageSuccess = true;
- } catch(MOADatabaseException e) {
+ } catch(EAAFException e) {
//tx.rollback();
counter++;
@@ -230,11 +235,12 @@ public class SingleLogOutAction implements IAction {
storageSuccess = true;
String redirectURL = null;
- if (sloContainer.getSloRequest() != null) {
- //send SLO response to SLO request issuer
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
- redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState());
+ IRequest sloReq = sloContainer.getSloRequest();
+ if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+ //send SLO response to SLO request issuer
+ SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
+ LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
+ redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
} else {
//print SLO information directly
@@ -276,7 +282,7 @@ public class SingleLogOutAction implements IAction {
}
}
}
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
Logger.error("MOA AssertionDatabase ERROR", e);
throw new SLOException("pvp2.19", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index c662a0af5..f3af12a2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,11 +49,10 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 6beaee92b..07da57d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -32,15 +32,15 @@ import java.util.ServiceLoader;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.RequestedAttribute;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -97,13 +97,13 @@ public class PVPAttributeBuilder {
}
- public static Attribute buildAttribute(String name, IOAAuthParameters oaParam,
- IAuthData authData) throws PVP2Exception, AttributeException {
+ public static Attribute buildAttribute(String name, ISPConfiguration oaParam,
+ IAuthData authData) throws PVP2Exception, AttributeBuilderException {
if (builders.containsKey(name)) {
try {
return builders.get(name).build(oaParam, authData, generator);
}
- catch (AttributeException e) {
+ catch (AttributeBuilderException e) {
if (e instanceof UnavailableAttributeException) {
throw e;
} else if (e instanceof InvalidDateFormatAttributeException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index be8c2abdf..a55e873b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -95,7 +95,7 @@ public class PVPAuthnRequestBuilder {
// use POST binding as default if it exists
if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- endpoint = sss;
+ endpoint = sss;
} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
&& endpoint == null )
@@ -215,7 +215,7 @@ public class PVPAuthnRequestBuilder {
//encode message
binding.encodeRequest(null, httpResp, authReq,
- endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
+ endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index d11d57ab8..a1d7f5d3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -23,8 +23,12 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -52,6 +56,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.X509Credential;
@@ -63,12 +69,23 @@ import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -85,8 +102,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformation
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -98,6 +119,181 @@ public class SingleLogOutBuilder {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired(required=true) ApplicationContext springContext;
@Autowired private IDPCredentialProvider credentialProvider;
+ @Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired private IGUIFormBuilder guiBuilder;
+ @Autowired(required=true) protected IRevisionLogger revisionsLogger;
+ @Autowired private ITransactionStorage transactionStorage;
+
+ public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+
+ public void toTechnicalLogout(ISLOInformationContainer sloContainer,
+ HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {
+ Logger.trace("Starting Service-Provider logout process ... ");
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);
+
+ //start service provider back channel logout process
+ Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
+ while (nextOAInterator.hasNext()) {
+ SLOInformationInterface sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+ LogoutRequest sloReq = buildSLORequestMessage(sloDescr);
+
+ try {
+ Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
+ List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+
+ LogoutResponse sloResp = null;
+ for (XMLObject el : soapResp) {
+ if (el instanceof LogoutResponse)
+ sloResp = (LogoutResponse) el;
+ }
+
+ if (sloResp == null) {
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ + " FAILED. NO LogOut response received.");
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
+
+ } else {
+ samlVerificationEngine.verifySLOResponse(sloResp,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+
+ }
+
+ checkStatusCode(sloContainer, sloResp);
+
+ } catch (SOAPException e) {
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
+
+ } catch (SecurityException | InvalidProtocolRequestException e) {
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
+
+ }
+ }
+
+ IRequest pendingReq = null;
+ PVPTargetConfiguration pvpReq = null;
+ //start service provider front channel logout process
+ try {
+ if (sloContainer.hasFrontChannelOA()) {
+ String relayState = Random.nextRandom();
+
+ Collection<Entry<String, SLOInformationInterface>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
+ List<String> sloReqList = new ArrayList<String>();
+ for (Entry<String, SLOInformationInterface> el : sloDescr) {
+ Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
+
+ LogoutRequest sloReq = buildSLORequestMessage(el.getValue());
+ try {
+ sloReqList.add(getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(),
+ sloReq, httpReq, httpResp, relayState));
+
+ } catch (Exception e) {
+ Logger.warn("Failed to build SLO request for OA:" + el.getKey());
+ sloContainer.putFailedOA(el.getKey());
+
+ }
+ }
+
+ //put SLO process-information into transaction storage
+ transactionStorage.put(relayState, sloContainer, -1);
+
+ if (MiscUtil.isEmpty(authUrl))
+ authUrl = sloContainer.getSloRequest().getAuthURL();
+
+ String timeOutURL = authUrl
+ + "/idpSingleLogout"
+ + "?restart=" + relayState;
+
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authUrl,
+ DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
+ null);
+
+ config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
+ config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
+ config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
+
+ guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+
+
+ } else {
+ pendingReq = sloContainer.getSloRequest();
+ if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+ //send SLO response to SLO request issuer
+ pvpReq = (PVPTargetConfiguration)pendingReq;
+ SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+
+ } else {
+ //print SLO information directly
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authUrl,
+ DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
+ null);
+
+ if (sloContainer.getSloFailedOAs() == null ||
+ sloContainer.getSloFailedOAs().size() == 0) {
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+ config.putCustomParameter("successMsg",
+ MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
+
+ } else {
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+ config.putCustomParameterWithOutEscaption("errorMsg",
+ MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+
+ }
+ guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+
+ }
+
+ }
+
+ } catch (GUIBuildException e) {
+ Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+ throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ if (pvpReq != null) {
+ SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+
+ }else {
+ //print SLO information directly
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authUrl,
+ DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
+ null);
+
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+ config.putCustomParameterWithOutEscaption("errorMsg",
+ MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+
+ try {
+ guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+
+ } catch (GUIBuildException e1) {
+ Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+ throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+
+ }
+
+ }
+
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
@@ -221,7 +417,7 @@ public class SingleLogOutBuilder {
}
- public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException {
+ public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
SecureRandomIdentifierGenerator gen;
@@ -237,17 +433,17 @@ public class SingleLogOutBuilder {
DateTime now = new DateTime();
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL()));
+ issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
issuer.setFormat(NameID.ENTITY);
sloReq.setIssuer(issuer);
sloReq.setIssueInstant(now);
sloReq.setNotOnOrAfter(now.plusMinutes(5));
- sloReq.setDestination(sloInfo.getServiceURL());
+ sloReq.setDestination(sloDescr.getServiceURL());
NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
- nameID.setFormat(sloInfo.getUserNameIDFormat());
- nameID.setValue(sloInfo.getUserNameIdentifier());
+ nameID.setFormat(sloDescr.getUserNameIDFormat());
+ nameID.setValue(sloDescr.getUserNameIdentifier());
sloReq.setNameID(nameID );
//sign message
@@ -435,9 +631,9 @@ public class SingleLogOutBuilder {
public void parseActiveOAs(SLOInformationContainer container,
List<OASessionStore> dbOAs, String removeOAID) {
if (container.getActiveBackChannelOAs() == null)
- container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (container.getActiveFrontChannalOAs() == null)
- container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (dbOAs != null) {
@@ -491,9 +687,9 @@ public class SingleLogOutBuilder {
public void parseActiveIDPs(SLOInformationContainer container,
List<InterfederationSessionStore> dbIDPs, String removeIDP) {
if (container.getActiveBackChannelOAs() == null)
- container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (container.getActiveFrontChannalOAs() == null)
- container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (dbIDPs != null) {
for (InterfederationSessionStore el : dbIDPs) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 40c85945f..056e2bba0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.id.util.QAALevelVerifier;
import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
* @param issuerEntityID EnitiyID, which should be used for this IDP response
* @param attrQuery AttributeQuery request from Service-Provider
* @param attrList List of PVP response attributes
- * @param now Current time
+ * @param now Current time
* @param validTo ValidTo time of the assertion
* @param qaaLevel QAA level of the authentication
* @param sessionIndex SAML2 SessionIndex, which should be included *
@@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnContextClassRef authnContextClassRef = SAML2Utils
.createSAMLObject(AuthnContextClassRef.class);
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+ ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
} else {
- boolean stork_qaa_1_4_found = false;
+ boolean eIDAS_qaa_found = false;
List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
.getAuthnContextClassRefs();
- if (reqAuthnContextClassRefIt.size() == 0) {
-
- QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
- STORK_QAA_1_4);
+ if (reqAuthnContextClassRefIt.size() == 0) {
+ QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ eIDAS_qaa_found = true;
+ authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
} else {
for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
String qaa_uri = authnClassRef.getAuthnContextClassRef();
- if (qaa_uri.trim().equals(STORK_QAA_1_4)
- || qaa_uri.trim().equals(STORK_QAA_1_3)
- || qaa_uri.trim().equals(STORK_QAA_1_2)
- || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+
+ if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
+ Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
+ qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
+
+ }
+
+ if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
+ || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
+ || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
if (authData.isForeigner()) {
- QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
- STORK_QAA_PREFIX + oaParam.getQaaLevel());
+ QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+ eIDAS_qaa_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
} else {
- QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(),
qaa_uri.trim());
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+ eIDAS_qaa_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
}
break;
@@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- if (!stork_qaa_1_4_found) {
- throw new QAANotSupportedException(STORK_QAA_1_4);
- }
+ if (!eIDAS_qaa_found)
+ throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
+
}
@@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
//build nameID and nameID Format from moasession
//TODO: nameID generation
- if (authData.isUseMandate()) {
+ if (authData instanceof IMOAAuthData &&
+ ((IMOAAuthData)authData).isUseMandate()) {
String bpktype = null;
String bpk = null;
- Element mandate = authData.getMandate();
+ Element mandate = ((IMOAAuthData)authData).getMandate();
if(mandate != null) {
Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
index e462b277e..6ccacd6c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
@@ -31,7 +31,7 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 64f5c7d73..81eca3765 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -44,7 +44,8 @@ import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -157,7 +158,7 @@ public class PVPConfiguration {
try {
Logger.trace("Load metadata signing certificate for online application " + entityID);
- IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+ ISPConfiguration oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
if (oaParam == null) {
Logger.info("Online Application with ID " + entityID + " not found!");
return null;
@@ -186,6 +187,11 @@ public class PVPConfiguration {
} catch (IOException e) {
Logger.warn("Metadata signer certificate is not decodeable.", e);
return null;
+
+ } catch (EAAFConfigurationException e) {
+ Logger.error("Configuration is not accessable.", e);
+ return null;
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b1e7df014..c82e6bdf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
public NameIDFormatNotSupportedException(String nameIDFormat) {
- super("pvp2.12", new Object[] {nameIDFormat});
+ super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 86284a2f4..7d43732a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -49,12 +49,14 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
@@ -72,7 +74,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
// private static MOAMetadataProvider instance = null;
MetadataProvider internalProvider = null;
- private Timer timer = null;
+ private Timer timer = null;
private static Object mutex = new Object();
//private Map<String, Date> lastAccess = null;
@@ -110,7 +112,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
Logger.trace("Check consistence of PVP2X metadata");
addAndRemoveMetadataProvider();
- } catch (ConfigurationException e) {
+ } catch (ConfigurationException | EAAFConfigurationException e) {
Logger.error("Access to MOA-ID configuration FAILED.", e);
}
@@ -156,8 +158,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
//reload metadata provider
- IOAAuthParameters oaParam =
- authConfig.getOnlineApplicationParameter(entityID);
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
if (oaParam != null) {
String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
if (MiscUtil.isNotEmpty(metadataURL)) {
@@ -175,7 +176,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
if (MiscUtil.isNotEmpty(certBase64)) {
byte[] cert = Base64Utils.decode(certBase64, false);
- String oaFriendlyName = oaParam.getFriendlyName();
+ String oaFriendlyName = oaParam.getUniqueIdentifier();
if (timer == null)
timer = new Timer(true);
@@ -222,6 +223,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
} catch (ConfigurationException e) {
Logger.warn("Refresh PVP2X metadata for onlineApplication: "
+ entityID + " FAILED.", e);
+
+ } catch (EAAFConfigurationException e) {
+ Logger.warn("Refresh PVP2X metadata for onlineApplication: "
+ + entityID + " FAILED.", e);
}
return false;
@@ -246,7 +251,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
- private void addAndRemoveMetadataProvider() throws ConfigurationException {
+ private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
Logger.info("Reload MOAMetaDataProvider.");
@@ -282,8 +287,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- IOAAuthParameters oaParam =
- authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -409,7 +413,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
* This method is deprecated because OA metadata should be loaded dynamically
* if the corresponding OA is requested.
*/
- private void loadAllPVPMetadataFromKonfiguration() {
+ private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
@@ -423,11 +427,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- IOAAuthParameters oaParam =
- authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
- String oaFriendlyName = oaParam.getFriendlyName();
+ String oaFriendlyName = oaParam.getUniqueIdentifier();
MetadataProvider httpProvider = null;
try {
@@ -489,7 +492,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
- private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
+ private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
filterChain.getFilters().add(
@@ -497,7 +500,9 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
false)));
- if (oaParam.isInderfederationIDP()) {
+
+
+ if ((new OAAuthParameterDecorator(oaParam)).isInderfederationIDP()) {
Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 6c2235654..c87b7515f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
import java.io.File;
+import java.net.MalformedURLException;
import java.util.Timer;
import javax.net.ssl.SSLHandshakeException;
@@ -57,6 +58,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
@Autowired
+ //protected IConfiguration authConfig;
protected AuthConfiguration authConfig;
/**
@@ -76,21 +78,30 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
else {
- String absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
- metadataLocation,
- authConfig.getRootConfigFileDir());
-
- if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
- File metadataFile = new File(absoluteMetadataLocation);
- if (metadataFile.exists())
- return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+ String absoluteMetadataLocation;
+ try {
+ absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+ metadataLocation,
+ authConfig.getConfigurationRootDirectory().toURL().toString());
- else {
- Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
- return null;
- }
+ if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+ File metadataFile = new File(absoluteMetadataLocation);
+ if (metadataFile.exists())
+ return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+
+ else {
+ Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+ return null;
+ }
+
+ }
- }
+
+ } catch (MalformedURLException e) {
+ Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+
+ }
+
}
Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index af9ba0180..dd94e0093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -55,8 +56,9 @@ public abstract class AbstractCredentialProvider {
* Get KeyStore
*
* @return URL to the keyStore
+ * @throws ConfigurationException
*/
- public abstract String getKeyStoreFilePath();
+ public abstract String getKeyStoreFilePath() throws ConfigurationException;
/**
* Get keyStore password
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 381289824..ebaef348c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -53,14 +54,14 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
* @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
*/
@Override
- public String getKeyStoreFilePath() {
+ public String getKeyStoreFilePath() throws ConfigurationException {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
+
return FileUtils.makeAbsoluteURL(
- props.getProperty(IDP_JAVAKEYSTORE),
- authConfig.getRootConfigFileDir());
-
+ props.getProperty(IDP_JAVAKEYSTORE),
+ authConfig.getRootConfigFileDir());
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 528d8cbb6..d89d04664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -34,7 +34,8 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -52,8 +53,8 @@ public class EntityVerifier {
public static byte[] fetchSavedCredential(String entityID) {
// List<OnlineApplication> oaList = ConfigurationDBRead
// .getAllActiveOnlineApplications();
- try {
- IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+ try {
+ ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
if (oa == null) {
Logger.debug("No OnlineApplication with EntityID: " + entityID);
@@ -67,7 +68,7 @@ public class EntityVerifier {
}
- } catch (ConfigurationException e) {
+ } catch (ConfigurationException | EAAFConfigurationException e) {
Logger.error("Access MOA-ID configuration FAILED.", e);
} catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 870c70efe..50bc7fb68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -62,7 +62,7 @@ public class SAMLVerificationEngine {
public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
try {
- if (msg instanceof MOARequest &&
+ if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
@@ -112,10 +112,10 @@ public class SAMLVerificationEngine {
} catch (ValidationException e) {
Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
} catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
}
@@ -126,11 +126,11 @@ public class SAMLVerificationEngine {
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
}
} catch (org.opensaml.xml.security.SecurityException e) {
Logger.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
}
}
@@ -142,10 +142,10 @@ public class SAMLVerificationEngine {
} catch (ValidationException e) {
Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
} catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
}
@@ -156,11 +156,11 @@ public class SAMLVerificationEngine {
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
}
} catch (org.opensaml.xml.security.SecurityException e) {
Logger.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
}
}