diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-18 10:05:01 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-18 10:05:01 +0200 | 
| commit | 7625168308b648dab99db5c99c9de09b173ed05c (patch) | |
| tree | 6b0784fbffd20200379761ab186caa940a5d7975 /id/server/idserverlib/src/main/java | |
| parent | 466342e91b92a68f9738937dbfdeff5348a2b730 (diff) | |
| download | moa-id-spss-7625168308b648dab99db5c99c9de09b173ed05c.tar.gz moa-id-spss-7625168308b648dab99db5c99c9de09b173ed05c.tar.bz2 moa-id-spss-7625168308b648dab99db5c99c9de09b173ed05c.zip | |
change to 1.9.96-snapshot
--set SL-Version to hardcoded version 1.2
--add "RemoveBPK form AuthBlock" feature
--set UTC time as default (SAML1)
--add PVP2 Attributes:
  ++ AuthBlock
  ++ Certificate
  ++ BASEID
  ++ BASEID-TYPE
  ++BKUURL
Bugfix:
-- NullPointerException: GetMISSessionIDServlet.java
-- Check if it is empty: MOAMetadataProvider.java
Diffstat (limited to 'id/server/idserverlib/src/main/java')
24 files changed, 325 insertions, 131 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a19ac724e..dec5b81cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -440,12 +440,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {  			//build ReadInfobox request  			infoboxReadRequest = new InfoboxReadRequestBuilder().build( -					oaParam.isSlVersion12(), isbuisness, domainIdentifier); +					isbuisness, domainIdentifier);  		} else {  			//build ReadInfobox request  			infoboxReadRequest = new InfoboxReadRequestBuilder().build( -					oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam +					oaParam.getBusinessService(), oaParam  						.getIdentityLinkDomainIdentifier());  		} @@ -465,7 +465,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		//build CertInfo request  		String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() -				.build(oaParam.isSlVersion12()); +				.build();  		String certInfoDataURL = new DataURLBuilder()  				.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,  						session.getSessionID()); @@ -788,7 +788,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		}  		String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()  				.build(authBlock, oaParam.getKeyBoxIdentifier(), -						transformsInfos, oaParam.isSlVersion12()); +						transformsInfos);  		return createXMLSignatureRequest;  	} @@ -1054,40 +1054,40 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		String identificationValue = null;  		String identificationType = null; -		if (identityLink.getIdentificationType().equals( -				Constants.URN_PREFIX_BASEID)) { -			// only compute bPK if online application is a public service and we -			// have the Stammzahl +		//set empty AuthBlock BPK in case of OW or SSO or bpk is not requested +		if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { +			identificationType = ""; +			identificationValue = ""; +		} else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + +			if (oaParam.getBusinessService()) { -			if (session.isSsoRequested()) { -				identificationType = ""; -				identificationValue = ""; +				String bpkBase64 = new BPKBuilder().buildWBPK(identityLink +							.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); +				identificationValue = bpkBase64; +				 +			    if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) +			    	identificationType = oaParam.getIdentityLinkDomainIdentifier(); +			    else +			    	identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();  			} else {  				String bpkBase64 = new BPKBuilder().buildBPK(identityLink -						.getIdentificationValue(), session.getTarget()); +							.getIdentificationValue(), session.getTarget());  				identificationValue = bpkBase64;  				identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();  			} -//			identityLink.setIdentificationValue(bpkBase64); -//			identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); -		 +  		} else {  			identificationValue = identityLink.getIdentificationValue();  			identificationType = identityLink.getIdentificationType();  		} - -		//set empty AuthBlock BPK in case of OW  -		if (session.isOW()) { -			identificationType = ""; -			identificationValue = ""; -		} -		 -		String issueInstant = DateTimeUtils.buildDateTime(Calendar -				.getInstance(), oaParam.getUseUTC()); +				 +		String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar +				.getInstance());  		session.setIssueInstant(issueInstant);  		String authURL = session.getAuthURL();  		String target = session.getTarget(); @@ -2274,15 +2274,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		AuthenticationData authData = new AuthenticationData();  		VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); -		boolean useUTC = oaParam.getUseUTC();	 +		 +//		boolean useUTC = oaParam.getUseUTC();	  		boolean businessService = oaParam.getBusinessService();  		authData.setMajorVersion(1);  		authData.setMinorVersion(0);  		authData.setAssertionID(Random.nextRandom());  		authData.setIssuer(session.getAuthURL()); -		authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar -				.getInstance(), useUTC)); +		 +		authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar +				.getInstance()));  		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO  		authData.setIdentificationValue(identityLink.getIdentificationValue()); @@ -2297,7 +2299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		authData.setPublicAuthorityCode(verifyXMLSigResp  				.getPublicAuthorityCode());  		authData.setBkuURL(session.getBkuURL()); -		authData.setUseUTC(oaParam.getUseUTC()); +//		authData.setUseUTC(oaParam.getUseUTC());  		try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index 7528bc2e8..f3044e7e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -71,25 +71,25 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements     * @return the XML structure     * @throws BuildException     */ -  public String build(boolean slVersion12) throws BuildException { +  public String build() throws BuildException {      String sl10Prefix;      String sl11Prefix;      String slNsDeclaration; -    if (slVersion12) { +//    if (slVersion12) {        sl10Prefix = SL12_PREFIX;        sl11Prefix = SL12_PREFIX;        slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\""; -    } else { -       -      sl10Prefix = SL10_PREFIX; -      sl11Prefix = SL11_PREFIX; -      slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; -       -    } +//    } else { +//       +//      sl10Prefix = SL10_PREFIX; +//      sl11Prefix = SL11_PREFIX; +//      slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; +//       +//    }      String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration});      String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 23596abda..51c0c039a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -81,7 +81,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {     * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not  	 * @return String representation of <code><CreateXMLSignatureRequest></code>  	 */ -	public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) { +	public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos) {      String sl10Prefix;      String sl11Prefix; @@ -97,7 +97,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {  //      dsigTransformInfosString += dsigTransformInfos[i];  //    } -    if (slVersion12) { +//    if (slVersion12) {        // replace the SecurityLayer namespace prefixes and URIs within the transforms        dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, @@ -107,13 +107,13 @@ public class CreateXMLSignatureRequestBuilder implements Constants {        sl11Prefix = SL12_PREFIX;        slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; -    } else { -       -      sl10Prefix = SL10_PREFIX; -      sl11Prefix = SL11_PREFIX; -      slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; -       -    } +//    } else { +//       +//      sl10Prefix = SL10_PREFIX; +//      sl11Prefix = SL11_PREFIX; +//      slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; +//       +//    }  		String request = MessageFormat.format(  			CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock,  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index b2acf9f2d..7edd9df9c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -57,18 +57,18 @@ public class InfoboxReadRequestBuilder implements Constants {     *      * @return <code><InfoboxReadRequest></code> as String     */ -  public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) { +  public String build(boolean businessService, String identityLinkDomainIdentifier) {      String slPrefix;      String slNsDeclaration; -    if (slVersion12) { +//    if (slVersion12) {        slPrefix = SL12_PREFIX;        slNsDeclaration = SL12_NS_URI; -    } else { -      slPrefix = SL10_PREFIX; -      slNsDeclaration = SL10_NS_URI; -    } +//    } else { +//      slPrefix = SL10_PREFIX; +//      slNsDeclaration = SL10_NS_URI; +//    }      StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");      sb.append("<"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index ee5afa5dc..f90634ab4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -20,8 +20,6 @@ public class LoginFormBuilder {  	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";  	private static final String HTMLTEMPLATEFULL = "loginFormFull.html"; -	private static final String HTMLTEMPLATEIFRAME = "loginFormFull.html"; -	//private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html";  	private static String AUTH_URL = "#AUTH_URL#";  	private static String MODUL = "#MODUL#"; @@ -35,7 +33,7 @@ public class LoginFormBuilder {  	private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; -	private static String getTemplate(boolean isIFrame) { +	private static String getTemplate() {  			String template = null;  @@ -46,10 +44,8 @@ public class LoginFormBuilder {  				String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); -				if (isIFrame) -					pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; -				else -					pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + +				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;  				try {  					File file = new File(new URI(pathLocation)); @@ -59,10 +55,7 @@ public class LoginFormBuilder {  					Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); -					if (isIFrame) -						pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; -					else -						pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; +					pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;  					input = Thread.currentThread()  							.getContextClassLoader() @@ -86,8 +79,8 @@ public class LoginFormBuilder {  			return template;  	} -	public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) { -		String value = getTemplate(isIFrame); +	public static String buildLoginForm(String modul, String action, String oaname, String contextpath, String moaSessionID) { +		String value = getTemplate();  		if(value != null) {  			if(modul == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index 59cbbe25e..3f6a7d9d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -20,8 +20,6 @@ public class SendAssertionFormBuilder {  	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";  	private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html"; -	private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormFull.html"; -	//private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html";  	private static String URL = "#URL#";  	private static String MODUL = "#MODUL#"; @@ -32,7 +30,7 @@ public class SendAssertionFormBuilder {  	private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; -	private static String getTemplate(boolean isIFrame) { +	private static String getTemplate() {  		String template = null; @@ -42,10 +40,7 @@ public class SendAssertionFormBuilder {  				String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); -				if (isIFrame) -					pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; -				else -					pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; +				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;  				try {  					File file = new File(new URI(pathLocation)); @@ -55,10 +50,7 @@ public class SendAssertionFormBuilder {  					Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); -					if (isIFrame) -						pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; -					else -						pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; +					pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;  					input = Thread.currentThread()  							.getContextClassLoader() @@ -77,8 +69,8 @@ public class SendAssertionFormBuilder {  		return template;  	} -	public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) { -		String value = getTemplate(isIFrame); +	public static String buildForm(String modul, String action, String id, String oaname, String contextpath) { +		String value = getTemplate();  		if(value != null) {  			if(modul == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index e461197e2..b699de074 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -181,7 +181,7 @@ public class GetMISSessionIDServlet extends AuthServlet {  			MISMandate mandate = (MISMandate) list.get(0);  			String sMandate = new String(mandate.getMandate()); -			if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { +			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {  				Logger.error("Mandate is empty.");  				throw new AuthenticationException("auth.16",  						new Object[] { GET_MIS_SESSIONID }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index c1715d6fc..7d76ce9d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -52,6 +52,8 @@ public class OAParameter {  		this.targetFriendlyName = oa.getTargetFriendlyName(); +		this.removePBKFromAuthblock = oa.isRemoveBPKFromAuthBlock(); +		  	}    /** @@ -84,7 +86,7 @@ public class OAParameter {     */    private String targetFriendlyName; -   +  private boolean removePBKFromAuthblock;  	public String getOaType() {  		return oaType; @@ -104,6 +106,9 @@ public class OAParameter {  	public String getTargetFriendlyName() {  		return targetFriendlyName;  	} -   +	 +	public boolean isRemovePBKFromAuthBlock() { +		return removePBKFromAuthblock; +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index c62594d6f..99d15a612 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -94,27 +94,31 @@ public class OAAuthParameter extends OAParameter {  /**   * @return the slVersion   */ -public String getSlVersion() { -	return oa_auth.getSlVersion(); -} - -/** - * @return the slVersion12 - */ -public boolean isSlVersion12() { -    if ("1.2".equals(oa_auth.getSlVersion())) -    	return true; -    else -    	return false; -	} - -public boolean getUseUTC() { -	return oa_auth.isUseUTC(); -} +//public String getSlVersion() { +//	return oa_auth.getSlVersion(); +//} +// +///** +// * @return the slVersion12 +// */ +//public boolean isSlVersion12() { +//	 +//	// set SLVersion to 1.2 per default +//	return true; +//	 +////    if ("1.2".equals(oa_auth.getSlVersion())) +////    	return true; +////    else +////    	return false; +//} -public boolean useIFrame() { -	return oa_auth.isUseIFrame(); -} +//public boolean getUseUTC() { +//	return oa_auth.isUseUTC(); +//} +// +//public boolean useIFrame() { +//	return oa_auth.isUseIFrame(); +//}  /**   * @return the identityLinkDomainIdentifier diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 96d0bd2ed..10729e981 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -411,9 +411,9 @@ public class BuildFromLegacyConfig {  	        	moa_oa.setAuthComponentOA(oa_auth);  	        	//SLLayer Version / useIframe  -	        	oa_auth.setSlVersion(oa.getSlVersion()); -	        	oa_auth.setUseIFrame(false); -	        	oa_auth.setUseUTC(oa.getUseUTC()); +//	        	oa_auth.setSlVersion(oa.getSlVersion()); +//	        	oa_auth.setUseIFrame(false); +//	        	oa_auth.setUseUTC(oa.getUseUTC());  	        	//BKUURLs diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index e18981032..aa95bc38c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -124,7 +124,7 @@ public class AuthenticationData implements Serializable {    private String samlAssertion;    /** useUTC */ -  private boolean useUTC; +//  private boolean useUTC;    /**     * creation timestamp     */ @@ -186,13 +186,13 @@ public class AuthenticationData implements Serializable {      return bPK;    } -  /** -   * Returns useUTC -   * @return useUTC -   */ -  public boolean getUseUTC() { -	  return useUTC; -  } +//  /** +//   * Returns useUTC +//   * @return useUTC +//   */ +//  public boolean getUseUTC() { +//	  return useUTC; +//  }    /**     * Sets the minorVersion. @@ -242,9 +242,9 @@ public class AuthenticationData implements Serializable {  //    this.wbPK = wbPK;  //  } -  public void setUseUTC(boolean useUTC) { -	  this.useUTC = useUTC; -  } +//  public void setUseUTC(boolean useUTC) { +//	  this.useUTC = useUTC; +//  }    /**     * Returns the assertionID. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 7dba67174..f2352e11e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -284,7 +284,7 @@ public class AuthenticationManager extends AuthServlet {  			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),  -					target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID()); +					target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), moasession.getSessionID());  			//store MOASession  			try { @@ -310,7 +310,7 @@ public class AuthenticationManager extends AuthServlet {  			throws ServletException, IOException, MOAIDException {   			String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),  -					target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); +					target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath());  			response.setContentType("text/html;charset=UTF-8");  			PrintWriter out = new PrintWriter(response.getOutputStream());  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 2748d74a6..9403cb205 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -12,10 +12,15 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; @@ -56,6 +61,11 @@ public class PVPAttributeBuilder {  		addBuilder(new EIDIssuingNationAttributeBuilder());  		addBuilder(new EIDSectorForIDAttributeBuilder());  		addBuilder(new EIDIdentityLinkBuilder()); +		addBuilder(new EIDAuthBlock()); +		addBuilder(new EIDCcsURL()); +		addBuilder(new EIDSignerCertificate()); +		addBuilder(new EIDSourcePIN()); +		addBuilder(new EIDSourcePINType());  		// Mandate Attributes  		addBuilder(new MandateTypeAttributeBuilder()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 17fc52a8c..a02959e39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -307,7 +307,10 @@ public class PVP2AssertionBuilder implements PVPConstants {  		audience.setAudienceURI(peerEntity.getEntityID());  		audienceRestriction.getAudiences().add(audience);  		conditions.setNotBefore(new DateTime()); +		  		conditions.setNotOnOrAfter(new DateTime().plusMinutes(20)); +//		conditions.setNotOnOrAfter(new DateTime()); +		  		conditions.getAudienceRestrictions().add(audienceRestriction);  		assertion.setConditions(conditions); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java new file mode 100644 index 000000000..16d05842a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import iaik.util.logging.Log; + +import java.io.IOException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +public class EIDAuthBlock extends BaseAttributeBuilder { + +	public String getName() { +		return EID_AUTH_BLOCK_NAME; +	} + +	public Attribute build(AuthenticationSession authSession, +			OAAuthParameter oaParam, AuthenticationData authData) +			throws PVP2Exception { +		 +		try { +			String authblock = authSession.getAuthBlock(); +			if (MiscUtil.isNotEmpty(authblock)) { +				return buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, +						EID_AUTH_BLOCK_NAME, Base64Utils.encode(authblock.getBytes()));	 +			} +			 +		} catch (IOException e) { +			Log.info("Encode AuthBlock BASE64 failed."); +		} +		throw new UnprovideableAttributeException(EID_AUTH_BLOCK_NAME); +			 +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java new file mode 100644 index 000000000..0d96d4817 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.util.MiscUtil; + +public class EIDCcsURL extends BaseAttributeBuilder{ + +	public String getName() { +		return EID_CCS_URL_NAME; +	} + +	public Attribute build(AuthenticationSession authSession, +			OAAuthParameter oaParam, AuthenticationData authData) +			throws PVP2Exception { +		 +		String bkuurl = authSession.getBkuURL(); +		if (MiscUtil.isNotEmpty(bkuurl)) +			return buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); +		else +			throw new UnprovideableAttributeException(EID_CCS_URL_NAME); +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java new file mode 100644 index 000000000..f5cb51228 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import iaik.util.logging.Log; + +import java.io.IOException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.util.Base64Utils; + +public class EIDSignerCertificate extends BaseAttributeBuilder { + +	public String getName() { +		return EID_SIGNER_CERTIFICATE_NAME; +	} + +	public Attribute build(AuthenticationSession authSession, +			OAAuthParameter oaParam, AuthenticationData authData) +			throws PVP2Exception { +		 +		try { +			byte[] signerCertificate = authSession.getEncodedSignerCertificate(); +			if (signerCertificate != null) { +				return buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils +						.encode(signerCertificate)); +			} +			 +		}catch (IOException e) { +			Log.info("Signer certificate BASE64 encoding error"); +		} +		 +		throw new UnprovideableAttributeException(EID_SIGNER_CERTIFICATE_NAME); +		 +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java new file mode 100644 index 000000000..d21d264f6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; + +public class EIDSourcePIN extends BaseAttributeBuilder { + +	public String getName() { +		return EID_SOURCE_PIN_NAME; +	} + +	public Attribute build(AuthenticationSession authSession, +			OAAuthParameter oaParam, AuthenticationData authData) +			throws PVP2Exception { +		 +		if (oaParam.getBusinessService()) +			throw new UnprovideableAttributeException(EID_SOURCE_PIN_NAME); +		 +		else { +			return buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); +		} +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java new file mode 100644 index 000000000..9bc9716cf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; + +public class EIDSourcePINType extends BaseAttributeBuilder { + +	public String getName() { +		return EID_SOURCE_PIN_TYPE_NAME; +	} + +	public Attribute build(AuthenticationSession authSession, +			OAAuthParameter oaParam, AuthenticationData authData) +			throws PVP2Exception { +		 +		if (oaParam.getBusinessService()) +			throw new UnprovideableAttributeException(EID_SOURCE_PIN_TYPE_NAME); +		 +		else { +			return buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); +		} +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 0786f896a..ebe597ed2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -98,7 +98,8 @@ public class PVPConfiguration {  		String publicPath = generalpvpconfigdb.getPublicURLPrefix();  		if(publicPath != null) {  			if(publicPath.endsWith("/")) { -				publicPath = publicPath.substring(0, publicPath.length()-2); +				int length = publicPath.length(); +				publicPath = publicPath.substring(0, length-1);  			}  		}  		return publicPath; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 99567478d..a92ac8e7f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -1,20 +1,15 @@  package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; -import java.io.File;  import java.security.cert.CertificateException;  import java.util.Iterator;  import java.util.List; -import java.util.Timer;  import javax.xml.namespace.QName; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.protocol.Protocol;  import org.opensaml.saml2.metadata.EntitiesDescriptor;  import org.opensaml.saml2.metadata.EntityDescriptor;  import org.opensaml.saml2.metadata.RoleDescriptor;  import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; -import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;  import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;  import org.opensaml.saml2.metadata.provider.MetadataFilter;  import org.opensaml.saml2.metadata.provider.MetadataProvider; @@ -22,15 +17,12 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;  import org.opensaml.xml.XMLObject;  import org.opensaml.xml.parse.BasicParserPool; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;  import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;  import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; -import at.gv.egovernment.moa.id.util.SSLUtils;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil;  public class MOAMetadataProvider implements MetadataProvider { @@ -62,7 +54,8 @@ public class MOAMetadataProvider implements MetadataProvider {  				OnlineApplication oa = oaIt.next();  				Logger.info("Loading metadata for: " + oa.getFriendlyName());  				OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); -				if (pvp2Config != null) { +				if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) { +//				if (pvp2Config != null) {  					String metadataURL = pvp2Config.getMetadataURL();  					try {  						// TODO: use proper SSL checking diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index 36dc2442c..fb1f08132 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -49,6 +49,8 @@ public class MetadataSignatureFilter implements MetadataFilter {  		Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); +		 +		//TODO: check this!!!!  		while(entID.hasNext()) {  			processEntityDescriptorr(entIT.next());  		} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 1fbcb9a46..9fade4864 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -119,7 +119,7 @@ public class GetAuthenticationDataService implements Constants {  						AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); -						useUTC = authData.getUseUTC(); +//						useUTC = authData.getUseUTC();  						// success  						samlAssertion = authData.getSamlAssertion(); @@ -170,7 +170,7 @@ public class GetAuthenticationDataService implements Constants {      try {  			String responseID = Random.nextRandom();			 -			String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); +			String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());        if (statusMessage == null)  			  statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index 2493f42b8..6f601334b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants {     */    public Element build(String requestID, String samlArtifactBase64) throws BuildException {    	try { -  		String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true); +  		String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());    		String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});    		Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();  	  	return requestElem; | 
