aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-09-05 16:03:17 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-09-05 16:03:17 +0200
commit011ce9576c780cba8a0f7b321366e08b557adcf6 (patch)
tree35407ef34a4fd024f12e6c48b87c4dbf463520eb /id/server/idserverlib/src/main/java/at
parentea55b89c40e633f1bcea3ba8046a814b75370ed6 (diff)
downloadmoa-id-spss-011ce9576c780cba8a0f7b321366e08b557adcf6.tar.gz
moa-id-spss-011ce9576c780cba8a0f7b321366e08b557adcf6.tar.bz2
moa-id-spss-011ce9576c780cba8a0f7b321366e08b557adcf6.zip
-- Resign IdentityLink: if this feature is enabled, the identitylink is resigned in case of businessservice by using MOASS
-- GeneralConfigReloadDaemon: Reload general MOA-ID configuration from database every minute if it has changed
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java129
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java169
11 files changed, 388 insertions, 77 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ff2cee559..1bd9205ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2305,6 +2305,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
MISMandate mandate = session.getMISMandate();
authData.setBPK(mandate.getOWbPK());
authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+ authData.setIdentityLink(identityLink);
} else {
@@ -2397,14 +2398,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public void cleanup() {
long now = new Date().getTime();
- //clean AuthenticationSessionStore
- //TODO: acutally the StartAuthentificaten timestamp is used!!!!!
- //TODO: maybe change this to lastupdate timestamp.
+ //clean AuthenticationSessionStore
+
AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
-
+
//clean AssertionStore
AssertionStorage assertionstore = AssertionStorage.getInstance();
- assertionstore.clean(now, authDataTimeOut);
+ assertionstore.clean(now, authDataTimeOut);
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 82c1da74a..7db8adb6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -37,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class AuthenticationSessionCleaner implements Runnable {
/** interval the <code>AuthenticationSessionCleaner</code> is run in */
- private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min
+ private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 30 min
/**
* Runs the thread. Cleans the <code>AuthenticationServer</code> session store
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 725773b75..a73d76d68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -39,6 +39,7 @@ import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
@@ -174,33 +175,10 @@ public class MOAIDAuthInitializer {
}
- // sets the authentication session and authentication data time outs
- BigInteger param = authConf.getTimeOuts().getMOASessionCreated();
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutCreated(sessionTimeOut);
- }
-
- param = authConf.getTimeOuts().getMOASessionUpdated();
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutUpdated(sessionTimeOut);
- }
-
- param = authConf.getTimeOuts().getAssertion();
- if (param != null) {
- long authDataTimeOut = param.longValue();
- if (authDataTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsAuthDataTimeOut(authDataTimeOut);
- }
-
// Starts the session cleaner thread to remove unpicked authentication data
AuthenticationSessionCleaner.start();
+ AuthConfigLoader.start();
}
+
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
new file mode 100644
index 000000000..56105e64d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+public class AuthConfigLoader implements Runnable {
+
+ private static final long INTERVAL = 60; // 60 sec
+
+ public void run() {
+ while (true) {
+ try {
+ Thread.sleep(INTERVAL * 1000);
+
+ Logger.info("check for new config.");
+ MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ Date dbdate = moaidconfig.getTimestampItem();
+ ConfigurationDBUtils.closeSession();
+
+ Date date = AuthConfigurationProvider.getTimeStamp();
+
+ if (dbdate != null && dbdate.after(date)) {
+ AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance();
+ instance.reloadDataBaseConfig();
+ date = dbdate;
+ }
+ } catch (Exception e) {
+ Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e);
+ }
+ }
+
+ }
+
+ public static void start() {
+ // start the session cleanup thread
+ Thread configLoader = new Thread(new AuthConfigLoader());
+ configLoader.setName("ConfigurationLoader");
+ configLoader.setDaemon(true);
+ configLoader.setPriority(Thread.MIN_PRIORITY);
+ configLoader.start();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 28288815a..df303cde2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -35,6 +35,7 @@ import java.net.MalformedURLException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -187,6 +188,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
private static SSO ssoconfig = null;
+ private static Date date = null;
+
/**
* Return the single instance of configuration data.
*
@@ -202,6 +205,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return instance;
}
+ public static Date getTimeStamp() {
+ return date;
+ }
+
/**
* Reload the configuration data and set it if successful.
*
@@ -244,7 +251,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
try {
//Initial Hibernate Framework
Logger.trace("Initializing Hibernate framework.");
-
+
+ date = new Date();
+
//Load MOAID-2.0 properties file
File propertiesFile = new File(fileName);
FileInputStream fis;
@@ -383,6 +392,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.info("XML Configuration load is completed.");
}
+ reloadDataBaseConfig();
+
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ public synchronized void reloadDataBaseConfig() throws ConfigurationException {
+
Logger.info("Read MOA-ID 2.0 configuration from database.");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
Logger.info("MOA-ID 2.0 is loaded.");
@@ -431,41 +450,41 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
throw new ConfigurationException("config.02", null);
}
- //set Trusted CA certs directory
- trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
+ //set Trusted CA certs directory
+ trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
- //set CertStoreDirectory
- setCertStoreDirectory();
-
- //set TrustManagerRevocationChecking
- setTrustManagerRevocationChecking();
-
- //set TimeOuts
+ //set CertStoreDirectory
+ setCertStoreDirectory();
+
+ //set TrustManagerRevocationChecking
+ setTrustManagerRevocationChecking();
+
+ //set TimeOuts
if (auth.getGeneralConfiguration() != null) {
- if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-
- timeouts = new TimeOuts();
- if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
- timeouts.setAssertion(new BigInteger("120"));
- else
- timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
- timeouts.setMOASessionCreated(new BigInteger("2700"));
- else
- timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
- timeouts.setMOASessionUpdated(new BigInteger("1200"));
- else
- timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
- }
- }
- else {
- Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
- throw new ConfigurationException("config.02", null);
- }
-
+ if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+
+ timeouts = new TimeOuts();
+ if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
+ timeouts.setAssertion(new BigInteger("120"));
+ else
+ timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
+ timeouts.setMOASessionCreated(new BigInteger("2700"));
+ else
+ timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
+ timeouts.setMOASessionUpdated(new BigInteger("1200"));
+ else
+ timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+ }
+ }
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
+ throw new ConfigurationException("config.02", null);
+ }
+
//set PVP2 general config
Protocols protocols = auth.getProtocols();
if (protocols != null) {
@@ -504,6 +523,33 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//set alternativeSourceID
if (auth.getGeneralConfiguration() != null)
alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
+
+ // sets the authentication session and authentication data time outs
+ BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
+
+ if (param != null) {
+ long sessionTimeOut = param.longValue();
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutCreated(sessionTimeOut);
+ }
+
+ param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated();
+ if (param != null) {
+ long sessionTimeOut = param.longValue();
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutUpdated(sessionTimeOut);
+ }
+
+ param = auth.getGeneralConfiguration().getTimeOuts().getAssertion();
+ if (param != null) {
+ long authDataTimeOut = param.longValue();
+ if (authDataTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsAuthDataTimeOut(authDataTimeOut);
+ }
+
else {
Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
throw new ConfigurationException("config.02", null);
@@ -613,15 +659,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
} else {
Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
}
-
+
//close Database
ConfigurationDBUtils.closeSession();
-
- } catch (Throwable t) {
- throw new ConfigurationException("config.02", null, t);
- }
- }
-
+ }
+
public Properties getGeneralPVP2ProperiesConfig() {
Properties configProp = new Properties();
@@ -879,7 +921,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
}
- private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
+ private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
if (authgeneral == null) {
Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
@@ -888,7 +930,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return authgeneral;
}
- private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
+ private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
MOASP moasp = authgeneral.getMOASP();
if (moasp == null) {
@@ -897,4 +939,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
return moasp;
}
+
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 60e510de2..2748d74a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
@@ -54,6 +55,7 @@ public class PVPAttributeBuilder {
addBuilder(new EIDCitizenQAALevelAttributeBuilder());
addBuilder(new EIDIssuingNationAttributeBuilder());
addBuilder(new EIDSectorForIDAttributeBuilder());
+ addBuilder(new EIDIdentityLinkBuilder());
// Mandate Attributes
addBuilder(new MandateTypeAttributeBuilder());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
new file mode 100644
index 000000000..19f89d6e7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.io.IOException;
+
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+public class EIDIdentityLinkBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_IDENTITY_LINK_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ try {
+ String ilAssertion = null;
+ if (oaParam.getBusinessService()) {
+
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+
+ Element resignedilAssertion;
+
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
+ .getSamlAssertion());
+
+ ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+
+ } else
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
+
+
+ return buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes()));
+
+ } catch (MOAIDException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ EID_IDENTITY_LINK_NAME);
+ } catch (TransformerException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ EID_IDENTITY_LINK_NAME);
+ } catch (IOException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ EID_IDENTITY_LINK_NAME);
+ }
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ EID_IDENTITY_LINK_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index eaa7e88af..aa8061506 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -18,7 +18,7 @@ public class MandateNaturalPersonSourcePinAttributeBuilder extends
BaseAttributeBuilder {
public String getName() {
- return MANDATE_NAT_PER_SOURCE_PIN_OID;
+ return MANDATE_NAT_PER_SOURCE_PIN_NAME;
}
public Attribute build(AuthenticationSession authSession,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 7b8f59dd2..6ef2f5fa5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -18,7 +18,7 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends
BaseAttributeBuilder {
public String getName() {
- return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME;
}
public Attribute build(AuthenticationSession authSession,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index ee0b4e7e2..76757e28e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -196,7 +196,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set IdentityLink for assortion
String ilAssertion = "";
if (saml1parameter.isProvideIdentityLink()) {
- if (session.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
@@ -247,6 +247,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
break;
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+ break;
default:
Logger
.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
new file mode 100644
index 000000000..da44a3905
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -0,0 +1,169 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureCreationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class IdentityLinkReSigner {
+
+ private static IdentityLinkReSigner instance;
+
+ public static IdentityLinkReSigner getInstance() {
+ if (instance == null) {
+ instance = new IdentityLinkReSigner();
+ }
+ return instance;
+ }
+
+ public Element resignIdentityLink(Element idl) throws MOAIDException {
+
+ try {
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+
+ if (config.isIdentityLinkResigning()) {
+
+ if (idl == null) {
+ Logger.warn("IdentityLink is empty");
+ return null;
+
+ } else {
+ NodeList signatures = idl.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+ Node signature = signatures.item(0);
+ Node parent = signature.getParentNode();
+ parent.removeChild(signature);
+ }
+
+ SPSSFactory spssFac = SPSSFactory.getInstance();
+
+ String keyGroupId = config.getIdentityLinkResigningKey();
+ if (MiscUtil.isEmpty(keyGroupId)) {
+ Logger.warn("No IdentityLink reSigning-Key definded");
+ throw new MOAIDException("config.19", new Object[]{});
+ }
+
+ MetaInfo mi = spssFac.createMetaInfo("text/xml", null, null, null);
+
+ Transform envelopedSignatureTransform = spssFac.createEnvelopedSignatureTransform();
+ List<Transform> transformsList = new ArrayList<Transform>();
+ transformsList.add(envelopedSignatureTransform);
+
+ CreateTransformsInfo ct = spssFac.createCreateTransformsInfo(transformsList, mi);
+ CreateTransformsInfoProfile ctip = spssFac.createCreateTransformsInfoProfile(ct, null);
+
+ Content content = spssFac.createContent("");
+ DataObjectInfo doi = spssFac.createDataObjectInfo(DataObjectInfo.STRUCTURE_DETACHED, false, content, ctip);
+
+ // create signature environment
+ HashMap<String, String> nsMap = new HashMap<String, String>();
+ nsMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ nsMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ nsMap.put(Constants.PD_PREFIX, Constants.PD_NS_URI);
+
+ CreateSignatureLocation csl = spssFac.createCreateSignatureLocation("/" + Constants.SAML_PREFIX + ":" + "Assertion", -1, nsMap);
+ CreateSignatureEnvironmentProfile csep = spssFac.createCreateSignatureEnvironmentProfile(csl, null);
+
+
+ InputStream serializedIdl = new ByteArrayInputStream(DOMUtils.serializeNode(idl).getBytes());
+
+ Content confirmationContent = spssFac.createContent(serializedIdl, null);
+ CreateSignatureInfo csi = spssFac.createCreateSignatureInfo(confirmationContent, csep);
+
+ List<DataObjectInfo> dataobjectinfoList = new ArrayList<DataObjectInfo>();
+ dataobjectinfoList.add(doi);
+ SingleSignatureInfo ssi = spssFac.createSingleSignatureInfo(dataobjectinfoList, csi, false);
+
+
+ List<SingleSignatureInfo> singlesignatureinfolist = new ArrayList<SingleSignatureInfo>();
+ singlesignatureinfolist.add(ssi);
+
+ CreateXMLSignatureRequest cxsreq = spssFac.createCreateXMLSignatureRequest(keyGroupId, singlesignatureinfolist);
+
+
+ // signature creation service
+ SignatureCreationService scs = SignatureCreationService.getInstance();
+ CreateXMLSignatureResponse cxresp;
+ Logger.info("Creating MOA-SS signature");
+ cxresp = scs.createXMLSignature(cxsreq);
+
+ // evaluate response
+ List<Object> elements = cxresp.getResponseElements();
+
+ if (elements.get(0) instanceof ErrorResponse) {
+ ErrorResponse errResponse = (ErrorResponse) elements.get(0);
+ Logger.warn("Error while calling MOA-SS: " + errResponse.getErrorCode() + " / " + errResponse.getInfo());
+ throw new MOAIDException("builder.04", new Object[]{errResponse.getErrorCode(), errResponse.getInfo()});
+
+ } else if (elements.get(0) instanceof SignatureEnvironmentResponse) {
+ Logger.debug("Successfully created signature.");
+ SignatureEnvironmentResponse ser = (SignatureEnvironmentResponse) elements.get(0);
+ int responseType = ser.getResponseType();
+ if (responseType == SignatureEnvironmentResponse.ERROR_RESPONSE) {
+ Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS");
+ throw new MOAIDException("builder.05", new Object[]{});
+
+ } else {
+ return ser.getSignatureEnvironment();
+ }
+
+ } else {
+ Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS");
+ throw new MOAIDException("builder.05", new Object[]{});
+ }
+
+ } else
+ return idl;
+
+ } catch (ConfigurationException e) {
+ Logger.warn("Configuration can not be loaded", e);
+ throw new MOAIDException("config.18", new Object[]{});
+
+ } catch (TransformerException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ throw new MOAIDException("builder.05", new Object[]{});
+
+ } catch (IOException e) {
+ Logger.warn("IdentityLink I/O error.", e);
+ throw new MOAIDException("builder.05", new Object[]{});
+
+ } catch (MOAException e) {
+ Logger.warn("General IdentityLink signing error.", e);
+ throw new MOAIDException("builder.05", new Object[]{});
+
+ }
+ }
+
+}