aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorAlexander Marsalek <amarsalek@iaik.tugraz.at>2014-07-07 17:24:33 +0200
committerAlexander Marsalek <amarsalek@iaik.tugraz.at>2014-07-07 17:24:33 +0200
commit26a2ba4a0c171fb9cdf9ea2c769576b1062480eb (patch)
tree81eba1f7a442e7a121c2d1b783b1926a42e2a553 /id/server/idserverlib/src
parent8b8ea32ebd30b542a9b4ea1c797078377443f251 (diff)
parentb6b155c4d55a31a13d189f50831fb7fa8c504b90 (diff)
downloadmoa-id-spss-26a2ba4a0c171fb9cdf9ea2c769576b1062480eb.tar.gz
moa-id-spss-26a2ba4a0c171fb9cdf9ea2c769576b1062480eb.tar.bz2
moa-id-spss-26a2ba4a0c171fb9cdf9ea2c769576b1062480eb.zip
Merge branch 'moa-2.1-Snapshot' into authnrequest_signrequest_split
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java27
5 files changed, 63 insertions, 45 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index c0e1dd3ca..9af2f5ee5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -478,11 +478,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
authData.setDateOfBirth(identityLink.getDateOfBirth());
- authData.setQualifiedCertificate(verifyXMLSigResp
- .isQualifiedCertificate());
- authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
- authData.setPublicAuthorityCode(verifyXMLSigResp
- .getPublicAuthorityCode());
+
+ if (verifyXMLSigResp != null) {
+ authData.setQualifiedCertificate(verifyXMLSigResp
+ .isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp
+ .getPublicAuthorityCode());
+
+ } else {
+ Logger.warn("No signature verfication response found!");
+
+ }
+
authData.setBkuURL(session.getBkuURL());
authData.setStorkAttributes(session.getStorkAttributes());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 2d49eb809..5a2fda67f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -301,17 +301,14 @@ public class PEPSConnectorServlet extends AuthServlet {
// retrieve target
//TODO: check in case of SSO!!!
String targetType = null;
- String targetValue = null;
if(oaParam.getBusinessService()) {
String id = oaParam.getIdentityLinkDomainIdentifier();
if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- targetValue = id.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ targetType = id;
else
- targetValue = moaSession.getDomainIdentifier();
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_;
+ targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
} else {
- targetType = AuthenticationSession.TARGET_PREFIX_;
- targetValue = oaParam.getTarget();
+ targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
Logger.debug("Starting connecting SZR Gateway");
@@ -320,7 +317,7 @@ public class PEPSConnectorServlet extends AuthServlet {
try {
identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
oaParam.getFriendlyName(),
- targetType, targetValue,
+ targetType, null,
oaParam.getMandateProfiles());
} catch (STORKException e) {
// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 762d9af2c..547a86bd9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -288,15 +288,16 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
+ samlSpecialText = samlSpecialText.replaceAll("'", "&#39;");
- String text = "";
- try {
+ String text = "";
+ try {
OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
- }
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
@@ -516,22 +517,23 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
+ samlSpecialText = samlSpecialText.replaceAll("'", "&#39;");
- String text = "";
- try {
- if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
+ String text = "";
+ try {
+ if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
Logger.info("Use addional AuthBlock Text from SSO=" +text);
else
text = new String();
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
- }
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
+ }
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
- if (!samlSpecialText.equals(specialText)) {
- throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
- }
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
} else {
throw new ValidateException("validator.35", null);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index e6e77911a..864be253a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -29,7 +29,6 @@ import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URI;
-import java.net.URL;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
@@ -242,13 +241,19 @@ public class BuildFromLegacyConfig {
for (int i=0; i<transformsInfos.length; i++) {
TransformsInfoType transforminfotype = new TransformsInfoType();
-
- String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir);
- Path fileName_ = new File(new URI(fileURL)).toPath().getFileName();
- transforminfotype.setFilename(fileName_.toString());
- transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8"));
- auth_transformInfos.add(transforminfotype);
+ if (transformsInfoFileNames[i] != null &&
+ transformsInfos[i] != null) {
+ String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir);
+ Path fileName_ = new File(new URI(fileURL)).toPath().getFileName();
+ transforminfotype.setFilename(fileName_.toString());
+
+ transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8"));
+ auth_transformInfos.add(transforminfotype);
+
+ } else
+ Logger.warn("AuthBlock Transformation " + transformsInfoFileNames[i]
+ + "not found.");
}
}
@@ -448,6 +453,7 @@ public class BuildFromLegacyConfig {
oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
oa_saml1.setUseCondition(oa.getUseCondition());
oa_saml1.setIsActive(true);
+ oa_saml1.setProvideAllErrors(false);
//OA_PVP2
OAPVP2 oa_pvp2 = new OAPVP2();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 399e7fa22..9c8c52e87 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -166,21 +166,26 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
IRequest protocolRequest)
throws Throwable{
- SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+ if (!oa.getSAML1Parameter().isProvideAllErrors())
+ return false;
- String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+ else {
+ SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
+ String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
- String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
- url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
- url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- url = response.encodeRedirectURL(url);
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
+ url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = response.encodeRedirectURL(url);
- response.setContentType("text/html");
- response.setStatus(302);
- response.addHeader("Location", url);
- Logger.debug("REDIRECT TO: " + url);
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", url);
+ Logger.debug("REDIRECT TO: " + url);
- return true;
+ return true;
+ }
}
public IAction getAction(String action) {