aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-09-04 07:25:09 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-09-04 07:25:09 +0200
commit61362f940ca679fe215de34b1683e1110fea8d3e (patch)
tree0857aa21842a33d6e6e52d27b058c1af9831cb6b /id/server/idserverlib/src/main/java
parent8854b5c2c1e342b891271a04face4f4479653d46 (diff)
downloadmoa-id-spss-61362f940ca679fe215de34b1683e1110fea8d3e.tar.gz
moa-id-spss-61362f940ca679fe215de34b1683e1110fea8d3e.tar.bz2
moa-id-spss-61362f940ca679fe215de34b1683e1110fea8d3e.zip
MOA-ID Updates and Bugfixes
-- OW BPK calculation -- OA specific SL-Templates -- update MOA-ID configuration XML -- PVP2: QA Level and BPK calculation updated -- PVP2: add two attribute builder -- MOA-ID BKU selection: bugfix local BKU selection
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java375
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java159
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java10
22 files changed, 704 insertions, 341 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index f1c15e83b..89adbce3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -23,9 +23,11 @@
package at.gv.egovernment.moa.id.auth;
+import iaik.asn1.ObjectID;
import iaik.pki.PKIException;
import iaik.x509.CertificateFactory;
import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@@ -652,21 +654,27 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// check if person is a Organwalter
// if true - don't show bPK in AUTH Block
- boolean isOW = false;
-// String oid = null;
-// if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER))
-// isOW = true;
-//
-// AuthenticationSession session = getSession(sessionID);
-
+ try {
+ for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) {
+ if (certificate.getExtension(OWid) != null) {
+ session.setOW(true);
+ }
+
+ }
+
+ } catch (X509ExtensionInitException e) {
+ Logger.warn("Certificate extension is not readable.");
+ session.setOW(false);
+ }
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session,
- authConf, oaParam, isOW);
+ String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+ authConf, oaParam);
return returnvalue;
}
@@ -784,75 +792,77 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return createXMLSignatureRequest;
}
- /**
- *
- * @param session
- * @param authConf
- * @param oaParam
- * @return
- * @throws ConfigurationException
- * @throws BuildException
- * @throws ValidateException
- */
- public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
- AuthenticationSession session, AuthConfigurationProvider authConf,
- OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
- BuildException, ValidateException {
-
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = AuthConfigurationProvider.getInstance();
- if (oaParam == null)
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
- // BZ.., calculate bPK for signing to be already present in AuthBlock
- IdentityLink identityLink = session.getIdentityLink();
- if (identityLink.getIdentificationType().equals(
- Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we
- // have the Stammzahl
- if (isOW) {
- // if person is OW, delete identification value (bPK is calculated via MIS)
- identityLink.setIdentificationValue(null);
- identityLink.setIdentificationType(null);
- }
- else {
-
- //TODO: check correctness!!! bpk calcultion is done during Assertion generation
-// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
-// .getIdentificationValue(), session.getTarget());
-// identityLink.setIdentificationValue(bpkBase64);
-//
-// //TODO: insert correct Type!!!!
-// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
- }
- }
- // ..BZ
- // }
-
- // builds the AUTH-block
- String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
-
- // session.setAuthBlock(authBlock);
- // builds the <CreateXMLSignatureRequest>
- List<String> transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
- // no OA specific transforms specified, use default ones
- transformsInfos = authConf.getTransformsInfos();
- }
- String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.isSlVersion12());
-
- System.out.println("XML: " + createXMLSignatureRequest);
-
- return createXMLSignatureRequest;
- }
+// /**
+// *
+// * @param session
+// * @param authConf
+// * @param oaParam
+// * @return
+// * @throws ConfigurationException
+// * @throws BuildException
+// * @throws ValidateException
+// */
+// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
+// AuthenticationSession session, AuthConfigurationProvider authConf,
+// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
+// BuildException, ValidateException {
+//
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
+//
+// if (authConf == null)
+// authConf = AuthConfigurationProvider.getInstance();
+// if (oaParam == null)
+// oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(
+// session.getPublicOAURLPrefix());
+//
+// // BZ.., calculate bPK for signing to be already present in AuthBlock
+// IdentityLink identityLink = session.getIdentityLink();
+// if (identityLink.getIdentificationType().equals(
+// Constants.URN_PREFIX_BASEID)) {
+//
+// // only compute bPK if online application is a public service and we
+// // have the Stammzahl
+//// if (isOW) {
+//// // if person is OW, delete identification value (bPK is calculated via MIS)
+//// identityLink.setIdentificationValue(null);
+//// identityLink.setIdentificationType(null);
+//// }
+//// else {
+//
+// //TODO: check correctness!!! bpk calcultion is done during Assertion generation
+//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+//// .getIdentificationValue(), session.getTarget());
+//// identityLink.setIdentificationValue(bpkBase64);
+////
+//// //TODO: insert correct Type!!!!
+//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+//// }
+//
+// }
+// // ..BZ
+// // }
+//
+// // builds the AUTH-block
+// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
+//
+// // session.setAuthBlock(authBlock);
+// // builds the <CreateXMLSignatureRequest>
+// List<String> transformsInfos = oaParam.getTransformsInfos();
+// if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
+// // no OA specific transforms specified, use default ones
+// transformsInfos = authConf.getTransformsInfos();
+// }
+// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
+// .build(authBlock, oaParam.getKeyBoxIdentifier(),
+// transformsInfos, oaParam.isSlVersion12());
+//
+// System.out.println("XML: " + createXMLSignatureRequest);
+//
+// return createXMLSignatureRequest;
+// }
/**
* Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
* <ul>
@@ -1067,14 +1077,22 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} else {
identificationValue = identityLink.getIdentificationValue();
identificationType = identityLink.getIdentificationType();
- }
+ }
+
+ //set empty AuthBlock BPK in case of OW
+ if (session.isOW()) {
+ identificationType = "";
+ identificationValue = "";
+ }
+
String issueInstant = DateTimeUtils.buildDateTime(Calendar
.getInstance(), oaParam.getUseUTC());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
String targetFriendlyName = session.getTargetFriendlyName();
+
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
// String oaURL = session.getPublicOAURLPrefix();
@@ -1115,59 +1133,61 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- /**
- * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
- * given session data.
- *
- * @param session
- * authentication session
- *
- * @return <code>&lt;saml:Assertion&gt;</code> as a String
- *
- * @throws BuildException
- * If an error occurs on serializing an extended SAML attribute
- * to be appended to the AUTH-Block.
- */
- private String buildAuthenticationBlockForOW(AuthenticationSession session,
- OAAuthParameter oaParam, boolean isOW) throws BuildException {
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getName();
- String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
-
- String issueInstant = DateTimeUtils.buildDateTime(Calendar
- .getInstance(), oaParam.getUseUTC());
- session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String targetFriendlyName = session.getTargetFriendlyName();
- // Bug #485
- // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
- // String oaURL = session.getPublicOAURLPrefix();
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- Iterator it = extendedSAMLAttributes.iterator();
- // delete bPK attribute from extended SAML attributes
- if (isOW) {
- ExtendedSAMLAttribute toDelete = null;
- while (it.hasNext()) {
- ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
- if (attr.getName().equalsIgnoreCase("bPK"))
- toDelete = attr;
- }
- if (toDelete != null)
- extendedSAMLAttributes.remove(toDelete);
- }
-
- String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, target,
- targetFriendlyName, identificationValue,
- identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session, oaParam);
-
- return authBlock;
- }
+// /**
+// * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
+// * given session data.
+// *
+// * @param session
+// * authentication session
+// *
+// * @return <code>&lt;saml:Assertion&gt;</code> as a String
+// *
+// * @throws BuildException
+// * If an error occurs on serializing an extended SAML attribute
+// * to be appended to the AUTH-Block.
+// */
+// private String buildAuthenticationBlockForOW(AuthenticationSession session,
+// OAAuthParameter oaParam, boolean isOW) throws BuildException {
+// IdentityLink identityLink = session.getIdentityLink();
+// String issuer = identityLink.getName();
+// String gebDat = identityLink.getDateOfBirth();
+// String identificationValue = identityLink.getIdentificationValue();
+// String identificationType = identityLink.getIdentificationType();
+//
+// String issueInstant = DateTimeUtils.buildDateTime(Calendar
+// .getInstance(), oaParam.getUseUTC());
+// session.setIssueInstant(issueInstant);
+// String authURL = session.getAuthURL();
+// String target = session.getTarget();
+// String targetFriendlyName = session.getTargetFriendlyName();
+// // Bug #485
+// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+// // String oaURL = session.getPublicOAURLPrefix();
+// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+//
+//
+// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+// Iterator it = extendedSAMLAttributes.iterator();
+// // delete bPK attribute from extended SAML attributes
+// if (session.isOW()) {
+// ExtendedSAMLAttribute toDelete = null;
+// while (it.hasNext()) {
+// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
+// if (attr.getName().equalsIgnoreCase("bPK"))
+// toDelete = attr;
+// }
+// if (toDelete != null)
+// extendedSAMLAttributes.remove(toDelete);
+// }
+//
+// String authBlock = new AuthenticationBlockAssertionBuilder()
+// .buildAuthBlock(issuer, issueInstant, authURL, target,
+// targetFriendlyName, identificationValue,
+// identificationType, oaURL, gebDat,
+// extendedSAMLAttributes, session, oaParam);
+//
+// return authBlock;
+// }
/**
* Verifies the infoboxes (except of the identity link infobox) returned by
@@ -2283,52 +2303,61 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//TODO: resign the IdentityLink!!!
- if (businessService) {
- //since we have foreigner, wbPK is not calculated in BKU
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ if (session.getUseMandate() && session.isOW()) {
+ MISMandate mandate = session.getMISMandate();
+ authData.setBPK(mandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+
+ } else {
+
+ if (businessService) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
- String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
+ }
+
+ Element idlassertion = session.getIdentityLink().getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
+
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink idl = idlparser.parseIdentityLink();
+ authData.setIdentityLink(idl);
} else {
- authData.setBPK(identityLink.getIdentificationValue());
- authData.setBPKType(identityLink.getIdentificationType());
- }
-
- Element idlassertion = session.getIdentityLink().getSamlAssertion();
- //set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- prIdentification.getFirstChild().setNodeValue(authData.getBPK());
- //set bkp/wpbk type
- Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
- prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
-
- IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IdentityLink idl = idlparser.parseIdentityLink();
- authData.setIdentityLink(idl);
-
- } else {
+
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ authData.setIdentityLink(identityLink);
}
-
- authData.setIdentityLink(identityLink);
}
return authData;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index e1552a5a6..edc43da0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -118,10 +118,19 @@ public interface MOAIDAuthConstants {
* used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
*/
public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
+
/** the number of the certifcate extension for party representatives */
public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
- /** the number of the certifcate extension for party organ representatives */
- public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+// /** the number of the certifcate extension for party organ representatives */
+// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+ /** OW */
+ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4";
+
+ /** List of OWs */
+ public static final List<ObjectID> OW_LIST = Arrays.asList(
+ new ObjectID(OW_ORGANWALTER));
/**BKU type identifiers to use bkuURI from configuration*/
public static final String REQ_BKU_TYPE_LOCAL = "local";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index abb33203c..ee2313070 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -179,6 +179,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String wbpkNSDeclaration = "";
if (target == null) {
+
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
// Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
@@ -195,6 +196,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
// We do not have a wbPK, therefore no SAML-Attribute is provided
session.setSAMLAttributeGebeORwbpk(false);
}
+
} else {
// OA is a govermental application
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 023b36d83..9bec06135 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -61,7 +61,12 @@ public class BPKBuilder {
new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",target=" + target});
}
- String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+ String basisbegriff;
+ if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
+ basisbegriff = identificationValue + "+" + target;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index e6de2ce02..4560e69cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -123,6 +123,9 @@ public class AuthenticationSession implements Serializable {
private boolean useMandate;
+ private boolean isOW = false;
+
+
/**
* STORK
*/
@@ -1114,5 +1117,20 @@ public class AuthenticationSession implements Serializable {
public void setSsoRequested(boolean ssoRequested) {
this.ssoRequested = ssoRequested;
}
+
+ /**
+ * @return the isOW
+ */
+ public boolean isOW() {
+ return isOW;
+ }
+
+ /**
+ * @param isOW the isOW to set
+ */
+ public void setOW(boolean isOW) {
+ this.isOW = isOW;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 58cea2926..58194361c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.auth.parser;
+import java.io.UnsupportedEncodingException;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -19,7 +21,9 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
@@ -39,15 +43,14 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
// String sso = req.getParameter(PARAM_SSO);
// escape parameter strings
- //TODO: use URLEncoder.encode!!
- target = StringEscapeUtils.escapeHtml(target);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- useMandate = StringEscapeUtils.escapeHtml(useMandate);
- ccc = StringEscapeUtils.escapeHtml(ccc);
-// sso = StringEscapeUtils.escapeHtml(sso);
-
+ target = StringEscapeUtils.escapeHtml(target);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+ templateURL = StringEscapeUtils.escapeHtml(templateURL);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ ccc = StringEscapeUtils.escapeHtml(ccc);
+ // sso = StringEscapeUtils.escapeHtml(sso);
+
// check parameter
//pvp2.x can use general identifier (equals oaURL in SAML1)
@@ -153,7 +156,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- //TODO: check for SSO
moasession.setTarget(target);
moasession.setBusinessService(oaParam.getBusinessService());
moasession.setTargetFriendlyName(targetFriendlyName);
@@ -193,9 +195,12 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
moasession.setAuthURL(authURL);
-// //check and set SourceID
-// if (sourceID != null)
-// moasession.setSourceID(sourceID);
+ //check and set SourceID
+ if (oaParam.getSAML1Parameter() != null) {
+ String sourceID = oaParam.getSAML1Parameter().getSourceID();
+ if (MiscUtil.isNotEmpty(sourceID))
+ moasession.setSourceID(sourceID);
+ }
// BKU URL has not been set yet, even if session already exists
if (bkuURL == null) {
@@ -208,14 +213,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
moasession.setBkuURL(bkuURL);
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
-
- // override template url by url from configuration file
- if (oaParam.getTemplateURL() != null) {
- templateURL = oaParam.getTemplateURL();
- }
moasession.setTemplateURL(templateURL);
+
moasession.setCcc(ccc);
}
@@ -223,10 +224,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
public static void parse(HttpServletRequest req, HttpServletResponse resp,
AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
-// //check Module and Action
-// HttpSession httpSession = req.getSession();
-// IRequest request = RequestStorage.getPendingRequest(httpSession);
-
+
String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index f68e0361a..d4484a97c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -94,10 +94,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
//load Parameters from config
String target = oaParam.getTarget();
-// String sourceID = ""; //TODO: load from Config
-// String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam);
-// String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);
-
+
String bkuURL = oaParam.getBKUURL(bkuid);
String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
@@ -119,7 +116,8 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
//store MOASession
try {
- AuthenticationSessionStoreage.storeSession(moasession);
+ AuthenticationSessionStoreage.storeSession(moasession);
+
} catch (MOADatabaseException e) {
Logger.error("Database Error! MOASession is not stored!");
throw new MOAIDException("init.04", new Object[] {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 67932063a..e461197e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -186,13 +186,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID });
}
-
- // TODO OW bPK (Offen: was bei saml:NameIdentifier
- // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute
- // AttributeName="bPK" )
- System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK());
- // TODO wenn OW bPK vorhanden - in SAML Assertion setzen!
-
+
//check if it is a parsable XML
byte[] byteMandate = mandate.getMandate();
String stringMandate = new String(byteMandate);
@@ -220,38 +214,8 @@ public class GetMISSessionIDServlet extends AuthServlet {
session.getAction(), pendingRequestID), newMOASessionID);
redirectURL = resp.encodeRedirectURL(redirectURL);
-
-// String samlArtifactBase64 = AuthenticationServer.getInstance()
-// .verifyAuthenticationBlockMandate(session, mandateDoc);
-
-// if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
-//
-// redirectURL = session.getOAURLRequested();
-// if (!session.getBusinessService()) {
-// // redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// // URLEncoder.encode(session.getTarget(), "UTF-8"));
-// }
-// // redirectURL = addURLParameter(redirectURL,
-// // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64,
-// // "UTF-8"));
-// redirectURL = new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// ModulUtils.buildAuthURL(session.getModul(),
-// session.getAction()), samlArtifactBase64);
-// redirectURL = resp.encodeRedirectURL(redirectURL);
-//
-// } else {
-// redirectURL = new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
-// session.getSessionID());
-//
-// }
-
-
resp.setContentType("text/html");
resp.setStatus(302);
-
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 9e7c8536d..477d99220 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -155,7 +155,7 @@ public class VerifyCertificateServlet extends AuthServlet {
throw new MOAIDException("session store error", null);
}
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
// Foreign Identities Modus
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index ac7466c11..38f650a65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -190,29 +190,30 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
// AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen)
//TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!!
-// boolean useMandate = session.getUseMandate();
-// if (useMandate) { // Mandate modus
-// // read certificate and set dataurl to
-// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
-//
-//
-// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-//
-// // build dataurl (to the GetForeignIDSerlvet)
-// String dataurl =
-// new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// REQ_VERIFY_CERTIFICATE,
-// session.getSessionID());
-//
-//
-// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
-// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
-// ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-//
-// }
-// else {
+ boolean useMandate = session.getUseMandate();
+
+ if (useMandate) { // Mandate modus
+ // read certificate and set dataurl to
+ Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+
+ String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+ // build dataurl (to the GetForeignIDSerlvet)
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_CERTIFICATE,
+ session.getSessionID());
+
+ //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+ //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+ Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+ }
+ else {
Logger.info("Normal");
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
@@ -226,7 +227,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
}
-// }
+ }
try {
AuthenticationSessionStoreage.storeSession(session);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 57f6ee4f1..c62594d6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -35,6 +35,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
@@ -162,12 +163,13 @@ public List<String> getTransformsInfos() {
/**
* @return the templateURL
*/
- public String getTemplateURL() {
+ public List<TemplateType> getTemplateURL() {
TemplatesType templates = oa_auth.getTemplates();
if (templates != null) {
- if (templates.getTemplate() != null)
- return templates.getTemplate().getURL();
+ if (templates.getTemplate() != null) {
+ return templates.getTemplate();
+ }
}
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index cb35e708c..1460668e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -435,7 +435,10 @@ public class BuildFromLegacyConfig {
templates.setAditionalAuthBlockText("");
TemplateType template = new TemplateType();
template.setURL(oa.getTemplateURL());
- templates.setTemplate(template);
+ ArrayList<TemplateType> template_list = new ArrayList<TemplateType>();
+ template_list.add(template);
+ templates.setTemplate(template_list);
+
//set TransformsInfo
String[] transforminfos = oa.getTransformsInfos();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 5875a37c7..e8b661362 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -2,10 +2,10 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
public interface PVPConstants {
- public static final String STORK_QAA_1_1 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1";
- public static final String STORK_QAA_1_2 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-2";
- public static final String STORK_QAA_1_3 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-3";
- public static final String STORK_QAA_1_4 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-4";
+ public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
+ public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";
+ public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
+ public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
public static final String URN_OID_PREFIX = "urn:oid:";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 11ec2fe25..60e510de2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -25,6 +25,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNatura
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder;
@@ -62,6 +64,8 @@ public class PVPAttributeBuilder {
addBuilder(new MandateNaturalPersonBPKAttributeBuilder());
addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder());
addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder());
+ addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder());
+ addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
addBuilder(new MandateTypeAttributeBuilder());
addBuilder(new MandateProfRepOIDAttributeBuilder());
addBuilder(new MandateProfRepDescAttributeBuilder());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 2d29f7454..17fc52a8c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
import java.util.Iterator;
+import java.util.List;
import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
@@ -25,9 +26,15 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.w3c.dom.Element;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -37,11 +44,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
public class PVP2AssertionBuilder implements PVPConstants {
public static Assertion buildAssertion(AuthnRequest authnRequest,
@@ -58,48 +68,64 @@ public class PVP2AssertionBuilder implements PVPConstants {
boolean stork_qaa_1_4_found = false;
- Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
- .getAuthnContextClassRefs().iterator();
-
- while (reqAuthnContextClassRefIt.hasNext()) {
- AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
- .next();
- String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
- "\\s+");
- for (int i = 0; i < qaa_uris.length; i++) {
- if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
- stork_qaa_1_4_found = true;
- break;
- }
- }
- }
+ AuthnContextClassRef authnContextClassRef = SAML2Utils
+ .createSAMLObject(AuthnContextClassRef.class);
+
+ List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs();
+
+ if (reqAuthnContextClassRefIt.size() == 0) {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+
+ } else {
+ for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+ String qaa_uri = authnClassRef.getAuthnContextClassRef();
+ if (qaa_uri.trim().equals(STORK_QAA_1_4)
+ || qaa_uri.trim().equals(STORK_QAA_1_3)
+ || qaa_uri.trim().equals(STORK_QAA_1_2)
+ || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+
+ if (authSession.isForeigner()) {
+ //TODO: insert QAA check
+
+ stork_qaa_1_4_found = false;
+
+ } else {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ }
+ break;
+ }
+ }
+ }
if (!stork_qaa_1_4_found) {
throw new QAANotSupportedException(STORK_QAA_1_4);
}
- reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
- .iterator();
- StringBuilder authContextsb = new StringBuilder();
- while (reqAuthnContextClassRefIt.hasNext()) {
- AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
- .next();
- String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
- "\\s+");
- for (int i = 0; i < qaa_uris.length; i++) {
- if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
- || qaa_uris[i].trim().equals(STORK_QAA_1_3)
- || qaa_uris[i].trim().equals(STORK_QAA_1_2)
- || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
- authContextsb.append(qaa_uris[i].trim());
- authContextsb.append(" ");
- }
- }
-
- }
- AuthnContextClassRef authnContextClassRef = SAML2Utils
- .createSAMLObject(AuthnContextClassRef.class);
- authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
+// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
+// .iterator();
+//
+// StringBuilder authContextsb = new StringBuilder();
+//
+// while (reqAuthnContextClassRefIt.hasNext()) {
+// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+// .next();
+// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+// "\\s+");
+// for (int i = 0; i < qaa_uris.length; i++) {
+// if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_3)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_2)
+// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+// authContextsb.append(qaa_uris[i].trim());
+// authContextsb.append(" ");
+// }
+// }
+//
+// }
+
AuthnContext authnContext = SAML2Utils
.createSAMLObject(AuthnContext.class);
authnContext.setAuthnContextClassRef(authnContextClassRef);
@@ -199,14 +225,63 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.getAttributeStatements().add(attributeStatement);
}
- // TL: getIdentificationValue holds the baseID --> change to pBK
- // subjectNameID.setValue(authData.getIdentificationValue());
-
subjectNameID.setFormat(NameID.PERSISTENT);
//TLenz: set correct bPK Type and Value from AuthData
- subjectNameID.setNameQualifier(authData.getBPKType());
- subjectNameID.setValue(authData.getBPK());
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+
+ IdentificationType id;
+ if(corporation != null && corporation.getIdentification().size() > 0)
+ id = corporation.getIdentification().get(0);
+
+
+ else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+ id = pysicalperson.getIdentification().get(0);
+
+ else {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String bpktype = id.getType();
+ String bpk = id.getValue().getValue();
+
+ if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
+ if (authSession.getBusinessService()) {
+ subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
+ else
+ subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier());
+
+ } else {
+ subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget()));
+ if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+"))
+ subjectNameID.setNameQualifier(oaParam.getTarget());
+ else
+ subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
+
+
+ } else {
+ subjectNameID.setNameQualifier(bpktype);
+ subjectNameID.setValue(bpk);
+ }
+
+ } else {
+ subjectNameID.setNameQualifier(authData.getBPKType());
+ subjectNameID.setValue(authData.getBPK());
+ }
subject.setNameID(subjectNameID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index bbb610d62..49e013fe0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -6,6 +6,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -13,6 +15,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailabl
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder {
@@ -39,17 +42,40 @@ public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilde
}
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- /*if(authSession.getBusinessService()) {
- id = MandateBuilder.getWBPKIdentification(physicalPerson);
- } else {
- id = MandateBuilder.getBPKIdentification(physicalPerson);
- }*/
+// if(authSession.getBusinessService()) {
+// id = MandateBuilder.getWBPKIdentification(physicalPerson);
+// } else {
+// id = MandateBuilder.getBPKIdentification(physicalPerson);
+// }
if(id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAvailableException();
}
+
+ String bpk;
+ try {
+
+ if (id.getType().equals(Constants.URN_PREFIX_BASEID)) {
+ if (authSession.getBusinessService()) {
+ bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier());
+
+ }
+
+ else {
+ bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget());
+
+ }
+
+ } else
+ bpk = id.getValue().getValue();
+
+ } catch (BuildException e ){
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
- MANDATE_NAT_PER_BPK_NAME, id.getValue().getValue());
+ MANDATE_NAT_PER_BPK_NAME, bpk);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
new file mode 100644
index 000000000..eaa7e88af
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonSourcePinAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_SOURCE_PIN_OID;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ } else {
+ id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }*/
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
+ }
+ return null;
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
new file mode 100644
index 000000000..7b8f59dd2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ } else {
+ id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }*/
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+ return null;
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index c8a9a24ad..1fbcb9a46 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -27,6 +27,7 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.Calendar;
import org.apache.axis.AxisFault;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -78,12 +79,12 @@ public class GetAuthenticationDataService implements Constants {
throws AxisFault {
Element request = requests[0];
- Element[] responses = new Element[1];
+ Element[] responses = new Element[1];
String requestID = "";
String statusCode = "";
String subStatusCode = null;
String statusMessageCode = null;
- String statusMessage = null;
+ String statusMessage = null;
String samlAssertion = "";
boolean useUTC = false;
if (requests.length > 1) {
@@ -107,14 +108,15 @@ public class GetAuthenticationDataService implements Constants {
subStatusCode = "samlp:TooManyResponses";
statusMessageCode = "1203";
}
+
else {
Element samlArtifactElem = (Element)samlArtifactList.item(0);
requestID = request.getAttribute("RequestID");
String samlArtifact = DOMUtils.getText(samlArtifactElem);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
try {
-
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
-
+
AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
useUTC = authData.getUseUTC();
@@ -123,9 +125,36 @@ public class GetAuthenticationDataService implements Constants {
samlAssertion = authData.getSamlAssertion();
statusCode = "samlp:Success";
statusMessageCode = "1200";
- }
- catch (AuthenticationException ex) {
- // no authentication data for given SAML artifact
+ }
+
+ catch (ClassCastException ex) {
+
+ try {
+ Throwable error = saml1server.getErrorResponse(samlArtifact);
+ statusCode = "samlp:Responder";
+ subStatusCode = "samlp:RequestDenied";
+
+ if (error instanceof MOAIDException) {
+ statusMessageCode = ((MOAIDException)error).getMessageId();
+ statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
+
+ } else {
+ statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
+ }
+
+
+
+ } catch (Exception e) {
+ //no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
+ }
+
+ }
+
+ catch (AuthenticationException ex) {
+ //no authentication data for given SAML artifact
statusCode = "samlp:Requester";
subStatusCode = "samlp:ResourceNotRecognized";
statusMessage = ex.toString();
@@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants {
statusCode = "samlp:Requester";
statusMessageCode = "1204";
}
- }
+ }
+
try {
String responseID = Random.nextRandom();
String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
+
if (statusMessage == null)
statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
responses[0] = new SAMLResponseBuilder().build(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 2a7147bcb..fec2d2b35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -1,13 +1,8 @@
package at.gv.egovernment.moa.id.protocols.saml1;
-import iaik.x509.X509Certificate;
-
-import java.io.File;
import java.io.IOException;
-import java.security.cert.CertificateEncodingException;
import java.util.Date;
import java.util.List;
-import java.util.Vector;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
@@ -27,16 +22,15 @@ import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -66,6 +60,33 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
*/
private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+
+ public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException {
+ try {
+ new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ Throwable error = null;
+ synchronized (authenticationDataStore) {
+ try {
+ error = authenticationDataStore
+ .get(samlArtifact, Throwable.class);
+
+ authenticationDataStore.remove(samlArtifact);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+
+ }
+
+ return error;
+ }
+
/**
* Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
* The <code>AuthenticationData</code> is deleted from the store upon end of
@@ -77,6 +98,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throws AuthenticationException {
try {
new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+
} catch (ParseException ex) {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
@@ -123,6 +145,18 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return authData;
}
+ public String BuildErrorAssertion(Throwable error, IRequest protocolRequest)
+ throws BuildException, MOADatabaseException {
+
+ String samlArtifact = new SAMLArtifactBuilder().build(
+ protocolRequest.getOAURL(), protocolRequest.getRequestID(),
+ null);
+
+ authenticationDataStore.put(samlArtifact, error);
+
+ return samlArtifact;
+ }
+
public String BuildSAMLArtifact(AuthenticationSession session,
OAAuthParameter oaParam,
AuthenticationData authData)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index fad25bc20..a310b16ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -22,6 +23,8 @@ import at.gv.egovernment.moa.id.moduls.ServletInfo;
import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
@@ -107,8 +110,22 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest)
throws Throwable{
- // TODO Auto-generated method stub
- return false;
+
+ SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
+
+ String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+
+ String url = "RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
+ url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = response.encodeRedirectURL(url);
+
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", url);
+ Logger.debug("REDIRECT TO: " + url);
+
+ return true;
}
public IAction getAction(String action) {
@@ -145,5 +162,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
return true;
}
+
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index d6bef8d53..ea823889f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -43,6 +43,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -237,7 +238,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
* @param template
* @return
*/
- public static boolean isValidTemplate(HttpServletRequest req, String template) {
+ public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
@@ -267,6 +268,13 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
//check against configured trustet template urls
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
+
+ //get OA specific template URLs
+ if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
+ for (TemplateType el : oaSlTemplates)
+ trustedTemplateURLs.add(el.getURL());
+ }
+
boolean b = trustedTemplateURLs.contains(template);
if (b) {
Logger.debug("Parameter Template erfolgreich ueberprueft");