diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-04 07:25:09 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-04 07:25:09 +0200 | 
| commit | 61362f940ca679fe215de34b1683e1110fea8d3e (patch) | |
| tree | 0857aa21842a33d6e6e52d27b058c1af9831cb6b /id/server/idserverlib/src/main/java | |
| parent | 8854b5c2c1e342b891271a04face4f4479653d46 (diff) | |
| download | moa-id-spss-61362f940ca679fe215de34b1683e1110fea8d3e.tar.gz moa-id-spss-61362f940ca679fe215de34b1683e1110fea8d3e.tar.bz2 moa-id-spss-61362f940ca679fe215de34b1683e1110fea8d3e.zip | |
MOA-ID Updates and Bugfixes
 -- OW BPK calculation
 -- OA specific SL-Templates
 -- update MOA-ID configuration XML
 -- PVP2: QA Level and BPK calculation updated
 -- PVP2: add two attribute builder
 -- MOA-ID BKU selection: bugfix local BKU selection
Diffstat (limited to 'id/server/idserverlib/src/main/java')
22 files changed, 704 insertions, 341 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f1c15e83b..89adbce3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -23,9 +23,11 @@  package at.gv.egovernment.moa.id.auth; +import iaik.asn1.ObjectID;  import iaik.pki.PKIException;  import iaik.x509.CertificateFactory;  import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException;  import java.io.ByteArrayInputStream;  import java.io.IOException; @@ -652,21 +654,27 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		// check if person is a Organwalter  		// if true - don't show bPK in AUTH Block -		boolean isOW = false; -//		String oid = null; -//		if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) -//			isOW = true; -//		 -//		AuthenticationSession session = getSession(sessionID); -		 +		try { +			for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { +				if (certificate.getExtension(OWid) != null) { +					session.setOW(true); +				} +			 +			} +			 +		} catch (X509ExtensionInitException e) { +			Logger.warn("Certificate extension is not readable."); +			session.setOW(false); +		} +				  		AuthConfigurationProvider authConf = AuthConfigurationProvider  				.getInstance();  		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()  				.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); -		String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, -				authConf, oaParam, isOW); +		String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, +				authConf, oaParam);  		return returnvalue;  	} @@ -784,75 +792,77 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		return createXMLSignatureRequest;  	} -	/** -	 *  -	 * @param session -	 * @param authConf -	 * @param oaParam -	 * @return -	 * @throws ConfigurationException -	 * @throws BuildException -	 * @throws ValidateException -	 */ -	public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( -			AuthenticationSession session, AuthConfigurationProvider authConf, -			OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, -			BuildException, ValidateException { - -		// check for intermediate processing of the infoboxes -		if (session.isValidatorInputPending()) -			return "Redirect to Input Processor"; - -		if (authConf == null) -			authConf = AuthConfigurationProvider.getInstance(); -		if (oaParam == null) -			oaParam = AuthConfigurationProvider.getInstance() -					.getOnlineApplicationParameter( -							session.getPublicOAURLPrefix()); - -		// BZ.., calculate bPK for signing to be already present in AuthBlock -		IdentityLink identityLink = session.getIdentityLink(); -		if (identityLink.getIdentificationType().equals( -				Constants.URN_PREFIX_BASEID)) { -			// only compute bPK if online application is a public service and we -			// have the Stammzahl -			if (isOW) { -				// if person is OW, delete identification value (bPK is calculated via MIS) -				identityLink.setIdentificationValue(null); -				identityLink.setIdentificationType(null); -			} -			else { -			 -			//TODO: check correctness!!! bpk calcultion is done during Assertion generation	 -//			String bpkBase64 = new BPKBuilder().buildBPK(identityLink -//					.getIdentificationValue(), session.getTarget()); -//				identityLink.setIdentificationValue(bpkBase64); -//				 -//				//TODO: insert correct Type!!!! -//				identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); -			} -		} -		// ..BZ -		// } - -		// builds the AUTH-block -		String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); - -		// session.setAuthBlock(authBlock); -		// builds the <CreateXMLSignatureRequest> -		List<String> transformsInfos = oaParam.getTransformsInfos(); -		if ((transformsInfos == null) || (transformsInfos.size() == 0)) { -			// no OA specific transforms specified, use default ones -			transformsInfos = authConf.getTransformsInfos(); -		} -		String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() -				.build(authBlock, oaParam.getKeyBoxIdentifier(), -						transformsInfos, oaParam.isSlVersion12()); -		 -		System.out.println("XML: " + createXMLSignatureRequest); -		 -		return createXMLSignatureRequest; -	} +//	/** +//	 *  +//	 * @param session +//	 * @param authConf +//	 * @param oaParam +//	 * @return +//	 * @throws ConfigurationException +//	 * @throws BuildException +//	 * @throws ValidateException +//	 */ +//	public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( +//			AuthenticationSession session, AuthConfigurationProvider authConf, +//			OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, +//			BuildException, ValidateException { +// +//		// check for intermediate processing of the infoboxes +//		if (session.isValidatorInputPending()) +//			return "Redirect to Input Processor"; +// +//		if (authConf == null) +//			authConf = AuthConfigurationProvider.getInstance(); +//		if (oaParam == null) +//			oaParam = AuthConfigurationProvider.getInstance() +//					.getOnlineApplicationParameter( +//							session.getPublicOAURLPrefix()); +// +//		// BZ.., calculate bPK for signing to be already present in AuthBlock +//		IdentityLink identityLink = session.getIdentityLink(); +//		if (identityLink.getIdentificationType().equals( +//				Constants.URN_PREFIX_BASEID)) { +//			 +//			// only compute bPK if online application is a public service and we +//			// have the Stammzahl +////			if (isOW) { +////				// if person is OW, delete identification value (bPK is calculated via MIS) +////				identityLink.setIdentificationValue(null); +////				identityLink.setIdentificationType(null); +////			} +////			else { +//			 +//			//TODO: check correctness!!! bpk calcultion is done during Assertion generation	 +////			String bpkBase64 = new BPKBuilder().buildBPK(identityLink +////					.getIdentificationValue(), session.getTarget()); +////				identityLink.setIdentificationValue(bpkBase64); +////				 +////				//TODO: insert correct Type!!!! +////				identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +////			} +//			 +//		} +//		// ..BZ +//		// } +// +//		// builds the AUTH-block +//		String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); +// +//		// session.setAuthBlock(authBlock); +//		// builds the <CreateXMLSignatureRequest> +//		List<String> transformsInfos = oaParam.getTransformsInfos(); +//		if ((transformsInfos == null) || (transformsInfos.size() == 0)) { +//			// no OA specific transforms specified, use default ones +//			transformsInfos = authConf.getTransformsInfos(); +//		} +//		String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() +//				.build(authBlock, oaParam.getKeyBoxIdentifier(), +//						transformsInfos, oaParam.isSlVersion12()); +//		 +//		System.out.println("XML: " + createXMLSignatureRequest); +//		 +//		return createXMLSignatureRequest; +//	}  	/**  	 * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>  	 * <ul> @@ -1067,14 +1077,22 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		} else {  			identificationValue = identityLink.getIdentificationValue();  			identificationType = identityLink.getIdentificationType(); -		} +		} + +		//set empty AuthBlock BPK in case of OW  +		if (session.isOW()) { +			identificationType = ""; +			identificationValue = ""; +		} +		  		String issueInstant = DateTimeUtils.buildDateTime(Calendar  				.getInstance(), oaParam.getUseUTC());  		session.setIssueInstant(issueInstant);  		String authURL = session.getAuthURL();  		String target = session.getTarget();  		String targetFriendlyName = session.getTargetFriendlyName(); +		  		// Bug #485  		// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)  		// String oaURL = session.getPublicOAURLPrefix(); @@ -1115,59 +1133,61 @@ public class AuthenticationServer implements MOAIDAuthConstants {  	} -	/** -	 * Builds an authentication block <code><saml:Assertion></code> from -	 * given session data. -	 *  -	 * @param session -	 *            authentication session -	 *  -	 * @return <code><saml:Assertion></code> as a String -	 *  -	 * @throws BuildException -	 *             If an error occurs on serializing an extended SAML attribute -	 *             to be appended to the AUTH-Block. -	 */ -	private String buildAuthenticationBlockForOW(AuthenticationSession session, -			OAAuthParameter oaParam, boolean isOW) throws BuildException { -		IdentityLink identityLink = session.getIdentityLink(); -		String issuer = identityLink.getName(); -		String gebDat = identityLink.getDateOfBirth(); -		String identificationValue = identityLink.getIdentificationValue(); -		String identificationType = identityLink.getIdentificationType(); - -		String issueInstant = DateTimeUtils.buildDateTime(Calendar -				.getInstance(), oaParam.getUseUTC()); -		session.setIssueInstant(issueInstant); -		String authURL = session.getAuthURL(); -		String target = session.getTarget(); -		String targetFriendlyName = session.getTargetFriendlyName(); -		// Bug #485 -		// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) -		// String oaURL = session.getPublicOAURLPrefix(); -		String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); -		List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); -		Iterator it = extendedSAMLAttributes.iterator(); -		// delete bPK attribute from extended SAML attributes -		if (isOW) { -			ExtendedSAMLAttribute toDelete = null; -			while (it.hasNext()) { -				ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); -				if (attr.getName().equalsIgnoreCase("bPK")) -					toDelete = attr; -			}		 -			if (toDelete != null) -				extendedSAMLAttributes.remove(toDelete); -		} -		 -		String authBlock = new AuthenticationBlockAssertionBuilder() -				.buildAuthBlock(issuer, issueInstant, authURL, target, -						targetFriendlyName, identificationValue, -						identificationType, oaURL, gebDat, -						extendedSAMLAttributes, session, oaParam); - -		return authBlock; -	} +//	/** +//	 * Builds an authentication block <code><saml:Assertion></code> from +//	 * given session data. +//	 *  +//	 * @param session +//	 *            authentication session +//	 *  +//	 * @return <code><saml:Assertion></code> as a String +//	 *  +//	 * @throws BuildException +//	 *             If an error occurs on serializing an extended SAML attribute +//	 *             to be appended to the AUTH-Block. +//	 */ +//	private String buildAuthenticationBlockForOW(AuthenticationSession session, +//			OAAuthParameter oaParam, boolean isOW) throws BuildException { +//		IdentityLink identityLink = session.getIdentityLink(); +//		String issuer = identityLink.getName(); +//		String gebDat = identityLink.getDateOfBirth(); +//		String identificationValue = identityLink.getIdentificationValue(); +//		String identificationType = identityLink.getIdentificationType(); +// +//		String issueInstant = DateTimeUtils.buildDateTime(Calendar +//				.getInstance(), oaParam.getUseUTC()); +//		session.setIssueInstant(issueInstant); +//		String authURL = session.getAuthURL(); +//		String target = session.getTarget(); +//		String targetFriendlyName = session.getTargetFriendlyName(); +//		// Bug #485 +//		// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) +//		// String oaURL = session.getPublicOAURLPrefix(); +//		String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); +//		 +//		 +//		List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); +//		Iterator it = extendedSAMLAttributes.iterator(); +//		// delete bPK attribute from extended SAML attributes +//		if (session.isOW()) { +//			ExtendedSAMLAttribute toDelete = null; +//			while (it.hasNext()) { +//				ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); +//				if (attr.getName().equalsIgnoreCase("bPK")) +//					toDelete = attr; +//			}		 +//			if (toDelete != null) +//				extendedSAMLAttributes.remove(toDelete); +//		} +//		 +//		String authBlock = new AuthenticationBlockAssertionBuilder() +//				.buildAuthBlock(issuer, issueInstant, authURL, target, +//						targetFriendlyName, identificationValue, +//						identificationType, oaURL, gebDat, +//						extendedSAMLAttributes, session, oaParam); +// +//		return authBlock; +//	}  	/**  	 * Verifies the infoboxes (except of the identity link infobox) returned by @@ -2283,52 +2303,61 @@ public class AuthenticationServer implements MOAIDAuthConstants {  			//TODO: resign the IdentityLink!!! -			if (businessService) { -				//since we have foreigner, wbPK is not calculated in BKU -				if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { +			 +			if (session.getUseMandate() && session.isOW()) { +				MISMandate mandate = session.getMISMandate(); +				authData.setBPK(mandate.getOWbPK()); +				authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); +				 +			} else { +			 +				if (businessService) { +					//since we have foreigner, wbPK is not calculated in BKU +					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { +							 +					 	String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); +						  +						if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { +							// If domainIdentifier starts with prefix +							// "urn:publicid:gv.at:wbpk+"; remove this prefix +							registerAndOrdNr = registerAndOrdNr +									.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); +							Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " +									+ registerAndOrdNr); +						}  +							     +						String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); +						authData.setBPK(wbpkBase64); +						authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); -				 	String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); -					  -					if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { -						// If domainIdentifier starts with prefix -						// "urn:publicid:gv.at:wbpk+"; remove this prefix -						registerAndOrdNr = registerAndOrdNr -								.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); -						Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " -								+ registerAndOrdNr); -					}  -						     -					String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); -					authData.setBPK(wbpkBase64); -					authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); +					} else { +						authData.setBPK(identityLink.getIdentificationValue()); +						authData.setBPKType(identityLink.getIdentificationType()); +					} +									 +					Element idlassertion = session.getIdentityLink().getSamlAssertion(); +					//set bpk/wpbk; +					Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); +					prIdentification.getFirstChild().setNodeValue(authData.getBPK()); +					//set bkp/wpbk type  +					Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); +					prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); +					 +					IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); +					IdentityLink idl = idlparser.parseIdentityLink(); +					authData.setIdentityLink(idl);  				} else { -					authData.setBPK(identityLink.getIdentificationValue()); -					authData.setBPKType(identityLink.getIdentificationType()); -				} -								 -				Element idlassertion = session.getIdentityLink().getSamlAssertion(); -				//set bpk/wpbk; -				Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); -				prIdentification.getFirstChild().setNodeValue(authData.getBPK()); -				//set bkp/wpbk type  -				Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); -				prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); -				 -				IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); -				IdentityLink idl = idlparser.parseIdentityLink(); -				authData.setIdentityLink(idl); -				 -			} else { +									 +					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {  +						// only compute bPK if online application is a public service and we have the Stammzahl +						String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); +						authData.setBPK(bpkBase64); +						authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); +					} -				if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {  -					// only compute bPK if online application is a public service and we have the Stammzahl -					String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); -					authData.setBPK(bpkBase64); -					authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); +					authData.setIdentityLink(identityLink);  				} -				 -				authData.setIdentityLink(identityLink);  			}  			return authData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index e1552a5a6..edc43da0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -118,10 +118,19 @@ public interface MOAIDAuthConstants {     * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007     */    public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); +      /** the number of the certifcate extension for party representatives */    public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; -  /** the number of the certifcate extension for party organ representatives */ -  public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; +   +//  /** the number of the certifcate extension for party organ representatives */ +//  public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; +   +  /** OW */ +  public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; +   +  /** List of OWs */ +  public static final List<ObjectID> OW_LIST = Arrays.asList(  +		  new ObjectID(OW_ORGANWALTER));      /**BKU type identifiers to use bkuURI from configuration*/     public static final String REQ_BKU_TYPE_LOCAL = "local"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index abb33203c..ee2313070 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -179,6 +179,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion      String wbpkNSDeclaration = "";      if (target == null) { +    	        // OA is a business application        if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {          // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator @@ -195,6 +196,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion          // We do not have a wbPK, therefore no SAML-Attribute is provided          session.setSAMLAttributeGebeORwbpk(false);        } +            } else {        // OA is a govermental application        String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 023b36d83..9bec06135 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -61,7 +61,12 @@ public class BPKBuilder {        		                     new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +                                                identificationValue + ",target=" + target});      } -    String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; +    String basisbegriff; +	if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) +		basisbegriff = identificationValue + "+" + target; +	else +		basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; +	      try {        MessageDigest md = MessageDigest.getInstance("SHA-1");        byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e6de2ce02..4560e69cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -123,6 +123,9 @@ public class AuthenticationSession implements Serializable {  	private boolean useMandate; +	private boolean isOW = false; +	 +	  	/**  	 * STORK  	 */ @@ -1114,5 +1117,20 @@ public class AuthenticationSession implements Serializable {  	public void setSsoRequested(boolean ssoRequested) {  		this.ssoRequested = ssoRequested;  	} + +	/** +	 * @return the isOW +	 */ +	public boolean isOW() { +		return isOW; +	} + +	/** +	 * @param isOW the isOW to set +	 */ +	public void setOW(boolean isOW) { +		this.isOW = isOW; +	} +	  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 58cea2926..58194361c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -1,5 +1,7 @@  package at.gv.egovernment.moa.id.auth.parser; +import java.io.UnsupportedEncodingException; +  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.servlet.http.HttpSession; @@ -19,7 +21,9 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.MiscUtil;  import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.URLEncoder;  public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ @@ -39,15 +43,14 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{  //	    String sso = req.getParameter(PARAM_SSO);  	    // escape parameter strings -	    //TODO: use URLEncoder.encode!! -	    target = StringEscapeUtils.escapeHtml(target); -	    oaURL = StringEscapeUtils.escapeHtml(oaURL); -	    bkuURL = StringEscapeUtils.escapeHtml(bkuURL); -	    templateURL = StringEscapeUtils.escapeHtml(templateURL); -	    useMandate = StringEscapeUtils.escapeHtml(useMandate); -	    ccc = StringEscapeUtils.escapeHtml(ccc); -//	    sso = StringEscapeUtils.escapeHtml(sso); -	     +		target = StringEscapeUtils.escapeHtml(target); +		oaURL = StringEscapeUtils.escapeHtml(oaURL); +		bkuURL = StringEscapeUtils.escapeHtml(bkuURL); +		templateURL = StringEscapeUtils.escapeHtml(templateURL); +		useMandate = StringEscapeUtils.escapeHtml(useMandate); +		ccc = StringEscapeUtils.escapeHtml(ccc); +			//	    sso = StringEscapeUtils.escapeHtml(sso); +  	      // check parameter  	    //pvp2.x can use general identifier (equals oaURL in SAML1) @@ -153,7 +156,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{  			moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); -			//TODO: check for SSO  			moasession.setTarget(target);  			moasession.setBusinessService(oaParam.getBusinessService());  			moasession.setTargetFriendlyName(targetFriendlyName); @@ -193,9 +195,12 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{  		moasession.setAuthURL(authURL); -//		//check and set SourceID -//		if (sourceID != null) -//			moasession.setSourceID(sourceID); +		//check and set SourceID +		if (oaParam.getSAML1Parameter() != null) { +			String sourceID = oaParam.getSAML1Parameter().getSourceID(); +			if (MiscUtil.isNotEmpty(sourceID)) +				moasession.setSourceID(sourceID); +		}  		// BKU URL has not been set yet, even if session already exists  		if (bkuURL == null) { @@ -208,14 +213,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{  		moasession.setBkuURL(bkuURL); -	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))  		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - -		// override template url by url from configuration file -		if (oaParam.getTemplateURL() != null) { -			templateURL = oaParam.getTemplateURL(); -		}  		moasession.setTemplateURL(templateURL); +		  		moasession.setCcc(ccc);  	} @@ -223,10 +224,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{  	public static void parse(HttpServletRequest req, HttpServletResponse resp,   			AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { -//	    //check Module and Action -//	    HttpSession httpSession = req.getSession();     -//	    IRequest request = RequestStorage.getPendingRequest(httpSession); -	     +		  	    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);  	    String action = request.requestedAction();//req.getParameter(PARAM_ACTION); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index f68e0361a..d4484a97c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -94,10 +94,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {  				//load Parameters from config  		    	String target = oaParam.getTarget(); -//		    	String sourceID = ""; //TODO: load from Config -//		    	String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); -//		    	String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam); -		    	 +		    			    	  		    	String bkuURL = oaParam.getBKUURL(bkuid);  		    	String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); @@ -119,7 +116,8 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {  			//store MOASession  			try { -				AuthenticationSessionStoreage.storeSession(moasession);				 +				AuthenticationSessionStoreage.storeSession(moasession); +				  			} catch (MOADatabaseException e) {  				Logger.error("Database Error! MOASession is not stored!");  				throw new MOAIDException("init.04", new Object[] { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 67932063a..e461197e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -186,13 +186,7 @@ public class GetMISSessionIDServlet extends AuthServlet {  				throw new AuthenticationException("auth.16",  						new Object[] { GET_MIS_SESSIONID });  			} -			 -			// TODO OW bPK (Offen: was bei saml:NameIdentifier -			// NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute -			// AttributeName="bPK" ) -			System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); -			// TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - +						  			//check if it is a parsable XML  			byte[] byteMandate = mandate.getMandate();  			String stringMandate = new String(byteMandate); @@ -220,38 +214,8 @@ public class GetMISSessionIDServlet extends AuthServlet {  							session.getAction(), pendingRequestID), newMOASessionID);  			redirectURL = resp.encodeRedirectURL(redirectURL); -			 -//			String samlArtifactBase64 = AuthenticationServer.getInstance() -//					.verifyAuthenticationBlockMandate(session, mandateDoc); - -//			if (!samlArtifactBase64.equals("Redirect to Input Processor")) { -// -//				redirectURL = session.getOAURLRequested(); -//				if (!session.getBusinessService()) { -//					// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, -//					// URLEncoder.encode(session.getTarget(), "UTF-8")); -//				} -//				// redirectURL = addURLParameter(redirectURL, -//				// PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, -//				// "UTF-8")); -//				redirectURL = new DataURLBuilder().buildDataURL( -//						session.getAuthURL(), -//						ModulUtils.buildAuthURL(session.getModul(), -//								session.getAction()), samlArtifactBase64); -//				redirectURL = resp.encodeRedirectURL(redirectURL); -// -//			} else { -//				redirectURL = new DataURLBuilder().buildDataURL( -//						session.getAuthURL(), -//						AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, -//						session.getSessionID()); -// -//			} -			 -			  			resp.setContentType("text/html");  			resp.setStatus(302); -  			resp.addHeader("Location", redirectURL);  			Logger.debug("REDIRECT TO: " + redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 9e7c8536d..477d99220 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -155,7 +155,7 @@ public class VerifyCertificateServlet extends AuthServlet {  					throw new MOAIDException("session store error", null);  				} -	    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
 +	    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
  	    	}
  	    	else {
  	    		// Foreign Identities Modus	
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index ac7466c11..38f650a65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -190,29 +190,30 @@ public class VerifyIdentityLinkServlet extends AuthServlet {      		// AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen)      		//TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!! -//    		boolean useMandate = session.getUseMandate(); -//    		if (useMandate) { // Mandate modus -//    			// read certificate and set dataurl to  -//    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); -//    			 -//     -//     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); -// -//     		   // build dataurl (to the GetForeignIDSerlvet) -//     		   String dataurl = -//                 new DataURLBuilder().buildDataURL( -//                   session.getAuthURL(), -//                   REQ_VERIFY_CERTIFICATE, -//                   session.getSessionID()); -//            -//           -//     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); -//     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); -//     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); -//     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); -//    			 -//    		} -//    		else { +    		boolean useMandate = session.getUseMandate(); +    		 +    		if (useMandate) { // Mandate modus +    			// read certificate and set dataurl to  +    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); +    			 +     +     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + +     		   // build dataurl (to the GetForeignIDSerlvet) +     		   String dataurl = +                 new DataURLBuilder().buildDataURL( +                   session.getAuthURL(), +                   REQ_VERIFY_CERTIFICATE, +                   session.getSessionID()); +            +     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); +     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +     		    +     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); +     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +    			 +    		}	 +    		else {      			Logger.info("Normal");      			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() @@ -226,7 +227,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {      			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");      		} -//    	} +    	}  		try {  			AuthenticationSessionStoreage.storeSession(session); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 57f6ee4f1..c62594d6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -35,6 +35,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;  import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;  import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;  import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;  import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;  import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;  import at.gv.egovernment.moa.id.config.ConfigurationUtils; @@ -162,12 +163,13 @@ public List<String> getTransformsInfos() {  	/**  	 * @return the templateURL  	 */ -	public String getTemplateURL() { +	public List<TemplateType> getTemplateURL() {  		TemplatesType templates = oa_auth.getTemplates();  		if (templates != null) { -			if (templates.getTemplate() != null) -				return templates.getTemplate().getURL(); +			if (templates.getTemplate() != null) { +				return templates.getTemplate(); +			}  		}  		return null;  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index cb35e708c..1460668e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -435,7 +435,10 @@ public class BuildFromLegacyConfig {  	        	templates.setAditionalAuthBlockText("");  	        	TemplateType template = new TemplateType();  	        	template.setURL(oa.getTemplateURL()); -	        	templates.setTemplate(template); +	        	ArrayList<TemplateType> template_list = new ArrayList<TemplateType>(); +	        	template_list.add(template); +	        	templates.setTemplate(template_list); +	        	  	        	//set TransformsInfo  	        	String[] transforminfos = oa.getTransformsInfos(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 5875a37c7..e8b661362 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -2,10 +2,10 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;  public interface PVPConstants { -	public static final String STORK_QAA_1_1 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1"; -	public static final String STORK_QAA_1_2 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-2"; -	public static final String STORK_QAA_1_3 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-3"; -	public static final String STORK_QAA_1_4 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-4"; +	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; +	public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2"; +	public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; +	public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";  	public static final String URN_OID_PREFIX = "urn:oid:"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 11ec2fe25..60e510de2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -25,6 +25,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNatura  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder; @@ -62,6 +64,8 @@ public class PVPAttributeBuilder {  		addBuilder(new MandateNaturalPersonBPKAttributeBuilder());  		addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder());  		addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder()); +		addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder()); +		addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder());  		addBuilder(new MandateTypeAttributeBuilder());  		addBuilder(new MandateProfRepOIDAttributeBuilder());  		addBuilder(new MandateProfRepDescAttributeBuilder()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 2d29f7454..17fc52a8c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -1,6 +1,7 @@  package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;  import java.util.Iterator; +import java.util.List;  import org.joda.time.DateTime;  import org.opensaml.common.xml.SAMLConstants; @@ -25,9 +26,15 @@ import org.opensaml.saml2.metadata.EntityDescriptor;  import org.opensaml.saml2.metadata.NameIDFormat;  import org.opensaml.saml2.metadata.RequestedAttribute;  import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.w3c.dom.Element; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;  import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -37,11 +44,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MandateBuilder;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants;  public class PVP2AssertionBuilder implements PVPConstants {  	public static Assertion buildAssertion(AuthnRequest authnRequest, @@ -58,48 +68,64 @@ public class PVP2AssertionBuilder implements PVPConstants {  		boolean stork_qaa_1_4_found = false; -		Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext -				.getAuthnContextClassRefs().iterator(); - -		while (reqAuthnContextClassRefIt.hasNext()) { -			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt -					.next(); -			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( -					"\\s+"); -			for (int i = 0; i < qaa_uris.length; i++) { -				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) { -					stork_qaa_1_4_found = true; -					break; -				} -			} -		} +		AuthnContextClassRef authnContextClassRef = SAML2Utils +				.createSAMLObject(AuthnContextClassRef.class); + +		 List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext +				.getAuthnContextClassRefs(); +		 +		 if (reqAuthnContextClassRefIt.size() == 0) { +			 stork_qaa_1_4_found = true; +			 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); +			  +		 } else { +			 for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { +				 String qaa_uri = authnClassRef.getAuthnContextClassRef(); +				 if (qaa_uri.trim().equals(STORK_QAA_1_4) +						 || qaa_uri.trim().equals(STORK_QAA_1_3) +						 || qaa_uri.trim().equals(STORK_QAA_1_2) +						 || qaa_uri.trim().equals(STORK_QAA_1_1)) { +					 +					 if (authSession.isForeigner()) { +						 //TODO: insert QAA check +					 +						 stork_qaa_1_4_found = false; +					 +					 } else { +						 stork_qaa_1_4_found = true; +						 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); +					 } +					 break; +				 } +			 } +		 }  		if (!stork_qaa_1_4_found) {  			throw new QAANotSupportedException(STORK_QAA_1_4);  		} -		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() -				.iterator(); -		StringBuilder authContextsb = new StringBuilder(); -		while (reqAuthnContextClassRefIt.hasNext()) { -			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt -					.next(); -			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( -					"\\s+"); -			for (int i = 0; i < qaa_uris.length; i++) { -				if (qaa_uris[i].trim().equals(STORK_QAA_1_4) -						|| qaa_uris[i].trim().equals(STORK_QAA_1_3) -						|| qaa_uris[i].trim().equals(STORK_QAA_1_2) -						|| qaa_uris[i].trim().equals(STORK_QAA_1_1)) { -					authContextsb.append(qaa_uris[i].trim()); -					authContextsb.append(" "); -				} -			} - -		} -		AuthnContextClassRef authnContextClassRef = SAML2Utils -				.createSAMLObject(AuthnContextClassRef.class); -		authnContextClassRef.setAuthnContextClassRef(authContextsb.toString()); +//		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() +//				.iterator(); +//		 +//		StringBuilder authContextsb = new StringBuilder(); +//		 +//		while (reqAuthnContextClassRefIt.hasNext()) { +//			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt +//					.next(); +//			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( +//					"\\s+"); +//			for (int i = 0; i < qaa_uris.length; i++) { +//				if (qaa_uris[i].trim().equals(STORK_QAA_1_4) +//						|| qaa_uris[i].trim().equals(STORK_QAA_1_3) +//						|| qaa_uris[i].trim().equals(STORK_QAA_1_2) +//						|| qaa_uris[i].trim().equals(STORK_QAA_1_1)) { +//					authContextsb.append(qaa_uris[i].trim()); +//					authContextsb.append(" "); +//				} +//			} +// +//		} +		  		AuthnContext authnContext = SAML2Utils  				.createSAMLObject(AuthnContext.class);  		authnContext.setAuthnContextClassRef(authnContextClassRef); @@ -199,14 +225,63 @@ public class PVP2AssertionBuilder implements PVPConstants {  			assertion.getAttributeStatements().add(attributeStatement);  		} -		// TL: getIdentificationValue holds the baseID --> change to pBK -		// subjectNameID.setValue(authData.getIdentificationValue()); -  		subjectNameID.setFormat(NameID.PERSISTENT);  		//TLenz: set correct bPK Type and Value from AuthData -		subjectNameID.setNameQualifier(authData.getBPKType()); -		subjectNameID.setValue(authData.getBPK()); +		if (authSession.getUseMandate()) { +			Element mandate = authSession.getMandate(); +			if(mandate == null) { +				throw new NoMandateDataAvailableException(); +			} +			Mandate mandateObject = MandateBuilder.buildMandate(mandate); +			if(mandateObject == null) { +				throw new NoMandateDataAvailableException(); +			} +			CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); +			PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); +			 +			IdentificationType id; +			if(corporation != null && corporation.getIdentification().size() > 0) +				id = corporation.getIdentification().get(0); + +				 +			else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) +				id = pysicalperson.getIdentification().get(0); +				 +			else { +				Logger.error("Failed to generate IdentificationType"); +				throw new NoMandateDataAvailableException();		 +			} +		 +			String bpktype = id.getType(); +			String bpk = id.getValue().getValue(); +			 +			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { +				if (authSession.getBusinessService()) {						     +					subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); +					if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) +						subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); +					else +						subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier()); +					 +				} else { +					subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget())); +					if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) +						subjectNameID.setNameQualifier(oaParam.getTarget()); +					else +						subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); +				} +				 +				 +			} else { +				subjectNameID.setNameQualifier(bpktype); +				subjectNameID.setValue(bpk); +			} +			 +		} else { +			subjectNameID.setNameQualifier(authData.getBPKType()); +			subjectNameID.setValue(authData.getBPK()); +		}  		subject.setNameID(subjectNameID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index bbb610d62..49e013fe0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -6,6 +6,8 @@ import org.w3c.dom.Element;  import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;  import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -13,6 +15,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailabl  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;  import at.gv.egovernment.moa.id.util.MandateBuilder;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants;  public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder { @@ -39,17 +42,40 @@ public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilde  			}  			IdentificationType id = null;  			id = physicalPerson.getIdentification().get(0); -			/*if(authSession.getBusinessService()) { -				id = MandateBuilder.getWBPKIdentification(physicalPerson); -			} else { -				id = MandateBuilder.getBPKIdentification(physicalPerson); -			}*/ +//			if(authSession.getBusinessService()) { +//				id = MandateBuilder.getWBPKIdentification(physicalPerson); +//			} else { +//				id = MandateBuilder.getBPKIdentification(physicalPerson); +//			}  			if(id == null) {  				Logger.error("Failed to generate IdentificationType");  				throw new NoMandateDataAvailableException();  			} +			 +			String bpk; +			try { +			 +				if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { +					if (authSession.getBusinessService()) {						     +						bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); +						 +					} +					 +					else { +						bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); +						 +					} +								 +				} else  +					bpk = id.getValue().getValue(); +				 +			} catch (BuildException e ){ +				Logger.error("Failed to generate IdentificationType"); +				throw new NoMandateDataAvailableException(); +			} +		  			return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,  -					MANDATE_NAT_PER_BPK_NAME, id.getValue().getValue()); +					MANDATE_NAT_PER_BPK_NAME, bpk);  		}  		return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..eaa7e88af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinAttributeBuilder extends +		BaseAttributeBuilder { + +	public String getName() { +		return MANDATE_NAT_PER_SOURCE_PIN_OID; +	} + +	public Attribute build(AuthenticationSession authSession, +			OAAuthParameter oaParam, AuthenticationData authData) +			throws PVP2Exception { +		if(authSession.getUseMandate()) { +			Element mandate = authSession.getMandate(); +			if(mandate == null) { +				throw new NoMandateDataAvailableException(); +			} +			Mandate mandateObject = MandateBuilder.buildMandate(mandate); +			if(mandateObject == null) { +				throw new NoMandateDataAvailableException(); +			} +			PhysicalPersonType physicalPerson = mandateObject.getMandator() +					.getPhysicalPerson(); +			if (physicalPerson == null) { +				Logger.error("No physicalPerson mandate"); +				throw new NoMandateDataAvailableException(); +			} +			IdentificationType id = null; +			id = physicalPerson.getIdentification().get(0); +			/*if(authSession.getBusinessService()) { +				id = MandateBuilder.getWBPKIdentification(physicalPerson); +			} else { +				id = MandateBuilder.getBPKIdentification(physicalPerson); +			}*/ +			if(id == null) { +				Logger.error("Failed to generate IdentificationType"); +				throw new NoMandateDataAvailableException(); +			} +			 +			return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, +					MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); +		} +		return null; +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,  +				MANDATE_NAT_PER_SOURCE_PIN_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..7b8f59dd2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends +		BaseAttributeBuilder { + +	public String getName() { +		return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; +	} + +	public Attribute build(AuthenticationSession authSession, +			OAAuthParameter oaParam, AuthenticationData authData) +			throws PVP2Exception { +		if(authSession.getUseMandate()) { +			Element mandate = authSession.getMandate(); +			if(mandate == null) { +				throw new NoMandateDataAvailableException(); +			} +			Mandate mandateObject = MandateBuilder.buildMandate(mandate); +			if(mandateObject == null) { +				throw new NoMandateDataAvailableException(); +			} +			PhysicalPersonType physicalPerson = mandateObject.getMandator() +					.getPhysicalPerson(); +			if (physicalPerson == null) { +				Logger.error("No physicalPerson mandate"); +				throw new NoMandateDataAvailableException(); +			} +			IdentificationType id = null; +			id = physicalPerson.getIdentification().get(0); +			/*if(authSession.getBusinessService()) { +				id = MandateBuilder.getWBPKIdentification(physicalPerson); +			} else { +				id = MandateBuilder.getBPKIdentification(physicalPerson); +			}*/ +			if(id == null) { +				Logger.error("Failed to generate IdentificationType"); +				throw new NoMandateDataAvailableException(); +			} +			 +			return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, +					MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); +		} +		return null; +	} + +	public Attribute buildEmpty() { +		return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,  +				MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index c8a9a24ad..1fbcb9a46 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -27,6 +27,7 @@ package at.gv.egovernment.moa.id.protocols.saml1;  import java.util.Calendar;  import org.apache.axis.AxisFault; +import org.apache.commons.lang3.StringEscapeUtils;  import org.w3c.dom.Element;  import org.w3c.dom.NodeList; @@ -78,12 +79,12 @@ public class GetAuthenticationDataService implements Constants {    	throws AxisFault {  		Element request = requests[0]; -    Element[] responses = new Element[1]; +		Element[] responses = new Element[1];  		String requestID = "";  		String statusCode = "";  		String subStatusCode = null;  		String statusMessageCode = null; -    String statusMessage = null; +		String statusMessage = null;  		String samlAssertion = "";  		boolean useUTC = false;  		if (requests.length > 1) { @@ -107,14 +108,15 @@ public class GetAuthenticationDataService implements Constants {  					subStatusCode = "samlp:TooManyResponses";  					statusMessageCode = "1203";  				} +				  				else {  					Element samlArtifactElem = (Element)samlArtifactList.item(0);                      requestID = request.getAttribute("RequestID");  					String samlArtifact = DOMUtils.getText(samlArtifactElem); +					SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); +					  					try { -						 -						SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); -						 +							  						AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);  						useUTC = authData.getUseUTC(); @@ -123,9 +125,36 @@ public class GetAuthenticationDataService implements Constants {  						samlAssertion = authData.getSamlAssertion();  						statusCode = "samlp:Success";  						statusMessageCode = "1200"; -          } -          catch (AuthenticationException ex) { -						// no authentication data for given SAML artifact +					} +					 +					catch (ClassCastException ex) { +					 +						try { +							Throwable error = saml1server.getErrorResponse(samlArtifact); +							statusCode = "samlp:Responder"; +							subStatusCode = "samlp:RequestDenied"; +							 +							if (error instanceof MOAIDException) { +								statusMessageCode = ((MOAIDException)error).getMessageId();	 +								statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); +								 +							} else { +								statusMessage = StringEscapeUtils.escapeXml(error.getMessage());	 +							} +							 +							 +									 +						} catch (Exception e) { +							//no authentication data for given SAML artifact +							statusCode = "samlp:Requester"; +							subStatusCode = "samlp:ResourceNotRecognized"; +							statusMessage = ex.toString(); +						} +						 +					} +					 +					catch (AuthenticationException ex) { +						//no authentication data for given SAML artifact  						statusCode = "samlp:Requester";  						subStatusCode = "samlp:ResourceNotRecognized";  						statusMessage = ex.toString(); @@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants {  				statusCode = "samlp:Requester";  				statusMessageCode = "1204";  	    } -		} +	} +		      try {  			String responseID = Random.nextRandom();			  			String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); +			        if (statusMessage == null)  			  statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);  	    responses[0] = new SAMLResponseBuilder().build( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 2a7147bcb..fec2d2b35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -1,13 +1,8 @@  package at.gv.egovernment.moa.id.protocols.saml1; -import iaik.x509.X509Certificate; - -import java.io.File;  import java.io.IOException; -import java.security.cert.CertificateEncodingException;  import java.util.Date;  import java.util.List; -import java.util.Vector;  import javax.xml.parsers.ParserConfigurationException;  import javax.xml.transform.TransformerException; @@ -27,16 +22,15 @@ import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;  import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;  import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;  import at.gv.egovernment.moa.id.auth.validator.ValidateException;  import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;  import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Base64Utils; @@ -66,6 +60,33 @@ public class SAML1AuthenticationServer extends AuthenticationServer {  	 */  	private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes +	 +	public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException { +		try { +			new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); +			 +		} catch (ParseException ex) { +			throw new AuthenticationException("1205", new Object[] { +					samlArtifact, ex.toString() }); +		} +		Throwable error = null; +		synchronized (authenticationDataStore) { +			try { +				error = authenticationDataStore +						.get(samlArtifact, Throwable.class); +			 +				authenticationDataStore.remove(samlArtifact); +				 +			} catch (MOADatabaseException e) { +				Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); +				throw new AuthenticationException("1206", new Object[] { samlArtifact }); +			} +			 +		} +		 +		return error; +	} +	  	/**  	 * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.  	 * The <code>AuthenticationData</code> is deleted from the store upon end of @@ -77,6 +98,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {  			throws AuthenticationException {  		try {  			new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); +			  		} catch (ParseException ex) {  			throw new AuthenticationException("1205", new Object[] {  					samlArtifact, ex.toString() }); @@ -123,6 +145,18 @@ public class SAML1AuthenticationServer extends AuthenticationServer {  		return authData;  	} +	public String BuildErrorAssertion(Throwable error, IRequest protocolRequest)  +			throws BuildException, MOADatabaseException { +		 +		String samlArtifact = new SAMLArtifactBuilder().build( +				protocolRequest.getOAURL(), protocolRequest.getRequestID(), +				null); +		 +		authenticationDataStore.put(samlArtifact, error); +		 +		return samlArtifact; +	} +	  	public String BuildSAMLArtifact(AuthenticationSession session,   			OAAuthParameter oaParam,   			AuthenticationData authData)  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index fad25bc20..a310b16ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.AuthenticationException;  import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.moduls.IAction; @@ -22,6 +23,8 @@ import at.gv.egovernment.moa.id.moduls.ServletInfo;  import at.gv.egovernment.moa.id.moduls.ServletType;  import at.gv.egovernment.moa.id.moduls.RequestImpl;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder;  public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { @@ -107,8 +110,22 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {  			HttpServletRequest request, HttpServletResponse response,  			IRequest protocolRequest)   					throws Throwable{ -		// TODO Auto-generated method stub -		return false; +		 +		SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); +		 +		String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); +		 +		String url = "RedirectServlet"; +		url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); +		url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); +		url = response.encodeRedirectURL(url); +		 +		response.setContentType("text/html"); +		response.setStatus(302); +		response.addHeader("Location", url); +		Logger.debug("REDIRECT TO: " + url); +		 +		return true;  	}  	public IAction getAction(String action) { @@ -145,5 +162,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {  		return true;  	} +	 +	protected static String addURLParameter(String url, String paramname, +			String paramvalue) { +		String param = paramname + "=" + paramvalue; +		if (url.indexOf("?") < 0) +			return url + "?" + param; +		else +			return url + "&" + param; +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index d6bef8d53..ea823889f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -43,6 +43,7 @@ import org.xml.sax.SAXException;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.logging.Logger; @@ -237,7 +238,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{      * @param template
      * @return
      */
 -   public static boolean isValidTemplate(HttpServletRequest req, String template) {
 +   public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
  	   Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
 @@ -267,6 +268,13 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{      			  //check against configured trustet template urls      			  AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();      			  List<String> trustedTemplateURLs = authConf.getSLRequestTemplates(); +    			   +    			  //get OA specific template URLs +    			  if (oaSlTemplates != null && oaSlTemplates.size() > 0) { +    			    for (TemplateType el : oaSlTemplates) +    			    	trustedTemplateURLs.add(el.getURL());    				   +    			  } +    			    	    		  boolean b = trustedTemplateURLs.contains(template);  	    		  if (b) {  	    			  Logger.debug("Parameter Template erfolgreich ueberprueft"); | 
