aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-10-24 13:47:00 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-10-24 13:47:00 +0200
commitd553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d (patch)
tree527d9753615f28a555040b328dd1edc26788ad33 /id/server/idserverlib/src
parenta9e03893056cf1b349148b0f1048c37c9073e557 (diff)
downloadmoa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.gz
moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.bz2
moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.zip
update STORK <-> PVP gateway functionality
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
15 files changed, 164 insertions, 83 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index cd2bfcf91..2c20e96ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -78,6 +78,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -175,7 +176,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
//get OnlineApplication from MOA-ID-Auth configuration
oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(oaID);
-
+
+ //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
+ if (oaParam.isSTORKPVPGateway())
+ oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest);
+
} else {
//build OnlineApplication dynamic from requested attributes
oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
@@ -347,24 +352,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Logger.debug("Build AuthData from assertion starts ....");
- authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME));
- authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME));
- authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME));
- authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME));
- authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME));
- authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME));
- authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME));
- authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
+ authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME));
+ authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME));
+ authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME));
+ authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME));
+ authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME));
+ authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME));
+ authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME));
+ authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
if (extractor.containsAttribute(PVPConstants.BPK_NAME)) {
- String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME);
+ String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME);
authData.setBPK(pvpbPK.split(":")[1]);
}
boolean foundEncryptedbPKForOA = false;
if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) {
List<String> encbPKList = Arrays.asList(
- extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";"));
+ extractor.getSingleAttributeValue(PVPConstants.ENC_BPK_LIST_NAME).split(";"));
authData.setEncbPKList(encbPKList);
for (String fullEncbPK : encbPKList) {
int index = fullEncbPK.indexOf("|");
@@ -501,11 +506,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
- extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+ extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) {
try {
- byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false);
+ byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false);
authData.setAuthBlock(new String(authBlock, "UTF-8"));
} catch (IOException e) {
@@ -517,7 +522,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) {
try {
authData.setSignerCertificate(Base64Utils.decode(
- extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false));
+ extractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false));
} catch (IOException e) {
Logger.error("Received SignerCertificate is not valid", e);
@@ -527,7 +532,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) {
try {
- InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false);
+ InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false);
IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
buildOAspecificIdentityLink(oaParam, authData, idl);
@@ -542,12 +547,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
// set mandate attributes
- authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
+ authData.setMandateReferenceValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) {
try {
byte[] mandate = Base64Utils.decode(
- (extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false);
+ (extractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false);
if (authData.getMISMandate() == null)
authData.setMISMandate(new MISMandate());
@@ -588,9 +593,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
legalperson.getIdentification().add(legalID );
mandator.setCorporateBody(legalperson );
- legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME));
- legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
- idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME));
+ legalperson.setFullName(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME));
+ legalID.setType(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+ idvalue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME));
//build natural person short mandate
} else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) ||
@@ -610,18 +615,18 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Value idValue = new Value();
persID.setValue(idValue );
- String[] pvp2GivenName = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" ");
+ String[] pvp2GivenName = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" ");
for(int i=0; i<pvp2GivenName.length; i++)
persName.getGivenName().add(pvp2GivenName[i]);
- familyName.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME));
- physPerson.setDateOfBirth(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME));
+ familyName.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+ physPerson.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME));
if (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) {
persID.setType(Constants.URN_PREFIX_BASEID);
- idValue.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME));
+ idValue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME));
} else {
- String[] pvp2bPK = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":");
+ String[] pvp2bPK = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":");
if (pvp2bPK.length == 2) {
idValue.setValue(pvp2bPK[1]);
@@ -633,7 +638,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
persID.setType(Constants.URN_PREFIX_WBPK + "+" + pvp2bPK[0]);
} else {
- Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME));
+ Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME));
throw new AssertionAttributeExtractorExeption("Receive mandator bPK from federation with an unsupported format.");
}
@@ -671,14 +676,25 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (authData.getMISMandate() == null)
authData.setMISMandate(new MISMandate());
authData.getMISMandate().setProfRep(
- extractor.getAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME));
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME));
}
-
+
+ //set PVP role attribute
+ if (extractor.containsAttribute(PVPConstants.ROLES_NAME)) {
+ String pvpRoles = extractor.getSingleAttributeValue(PVPConstants.ROLES_NAME);
+ if (MiscUtil.isNotEmpty(pvpRoles)) {
+ List<String> roles = Arrays.asList(pvpRoles.split(";"));
+ for (String role : roles) {
+ authData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole(role));
+ }
+ }
+ }
+
//set STORK attributes
if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {
- authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME));
+ authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
authData.setForeigner(true);
}
@@ -712,10 +728,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
String oaTarget = null;
if (oaParam.getBusinessService()) {
- if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK))
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK) ||
+ oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_STORK))
oaTarget = oaParam.getIdentityLinkDomainIdentifier();
- else
- oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
+
+ else {
+ Logger.warn("BusinessIdentifier can not be clearly assigned, because it starts without a prefix.");
+ return false;
+
+ }
} else {
oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget();
@@ -891,22 +912,10 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (oaParam.getBusinessService()) {
//since we have foreigner, wbPK is not calculated in BKU
if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
-
String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
- String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
+ authData.setBPK(new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr));
+ authData.setBPKType(registerAndOrdNr);
+
} else {
authData.setBPK(baseID);
authData.setBPKType(baseIDType);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 6fd327add..050706d7a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -26,6 +26,7 @@ import java.io.Serializable;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -129,6 +130,7 @@ public class AuthenticationData implements IAuthData, Serializable {
private String authBlock = null;
private List<String> encbPKList = null;
+ private List<AuthenticationRole> roles = null;
private boolean useMandate = false;
private MISMandate mandate = null;
@@ -688,6 +690,24 @@ public class AuthenticationData implements IAuthData, Serializable {
public void setEncbPKList(List<String> encbPKList) {
this.encbPKList = encbPKList;
}
+
+ /**
+ * @return the roles
+ */
+ public List<AuthenticationRole> getAuthenticationRoles() {
+ return roles;
+ }
+
+ /**
+ * @param roles the roles to set
+ */
+ public void addAuthenticationRole(AuthenticationRole role) {
+ if (this.roles == null)
+ this.roles = new ArrayList<AuthenticationRole>();
+
+ this.roles.add(role);
+ }
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index 8ce33021d..0d55dbdd1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -69,6 +69,8 @@ public interface IAuthData {
byte[] getSignerCertificate();
String getAuthBlock();
+ List<AuthenticationRole> getAuthenticationRoles();
+
boolean isPublicAuthority();
String getPublicAuthorityCode();
boolean isQualifiedCertificate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 1e38bd4ff..03cb6c1c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -276,11 +276,27 @@ public class DispatcherServlet extends AuthServlet{
Logger.info("PreProcessing of SSO interfederation response complete. ");
- //request is a not valid interfederation response -> Restart local authentication
+ //request is a not valid interfederation response
} else if (protocolRequest != null &&
MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
- Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()
- + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
+
+ OAAuthParameter oaParams = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+ if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
+ // -> send end error to service provider
+ Logger.info("Federated authentication for entity " + protocolRequest.getOAURL()
+ + " FAILED. Sending error message to service provider.");
+ MOAIDException e = new MOAIDException("auth.27", new Object[]{});
+ IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
+ if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest))
+ handleErrorNoRedirect(e.getMessage(), e, req,
+ resp);
+
+ return;
+
+ } else
+ //-> Restart local authentication
+ Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()
+ + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
//request is a new authentication request
} else if (protocolRequest != null &&
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index daa70efce..a4d63b144 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -381,14 +381,15 @@ public class AuthenticationManager extends AuthServlet {
//get IDP metadata
try {
OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+
if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
Logger.info("Switch to local authentication on this IDP ... ");
perfomLocalAuthentication(request, response, target);
return;
- }
-
+ }
+
EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
getEntityDescriptor(target.getRequestedIDP());
@@ -417,7 +418,7 @@ public class AuthenticationManager extends AuthServlet {
authReq.setID(gen.generateIdentifier());
//send passive AuthnRequest
- authReq.setIsPassive(true);
+ authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation());
authReq.setAssertionConsumerServiceIndex(0);
authReq.setIssueInstant(new DateTime());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 0da846f9e..cf20db7d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -664,7 +664,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
} else {
Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
+ " from interfederated IDP.");
-
+
}
} catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 47c297914..1f3e86ff6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -41,7 +41,7 @@ public interface PVPConstants {
public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
- public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/";
+ public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
public static final String URN_OID_PREFIX = "urn:oid:";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index 6296d102f..91888df5c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,6 +49,7 @@ import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
@@ -66,7 +67,7 @@ import at.gv.egovernment.moa.util.Constants;
*/
public class AttributQueryBuilder {
- public static List<Attribute> buildSAML2AttributeList(OAAuthParameter oa, Iterator<String> iterator) {
+ public static List<Attribute> buildSAML2AttributeList(IOAAuthParameters oa, Iterator<String> iterator) {
Logger.debug("Build OA specific Attributes for AttributQuery request");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index a16fed9cd..c5ad26744 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -36,6 +36,7 @@ import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.core.Subject;
+import org.opensaml.xml.XMLObject;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
@@ -48,7 +49,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class AssertionAttributeExtractor {
private Assertion assertion = null;
- private Map<String, String> attributs = new HashMap<String, String>();
+ private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
private PersonalAttributeList storkAttributes = new PersonalAttributeList();
private final List<String> minimalAttributeNameList = Arrays.asList(
@@ -74,13 +75,21 @@ public class AssertionAttributeExtractor {
for (Attribute attr : attrStat.getAttributes()) {
if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {
List<String> storkAttrValues = new ArrayList<String>();
- storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ for (XMLObject el : attr.getAttributeValues())
+ storkAttrValues.add(el.getDOM().getTextContent());
+
PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
false, storkAttrValues , "Available");
storkAttributes.put(attr.getName(), storkAttr );
- } else
- attributs.put(attr.getName(), attr.getAttributeValues().get(0).getDOM().getTextContent());
+ } else {
+ List<String> attrList = new ArrayList<String>();
+ for (XMLObject el : attr.getAttributeValues())
+ attrList.add(el.getDOM().getTextContent());
+
+ attributs.put(attr.getName(), attrList);
+
+ }
}
}
@@ -129,7 +138,15 @@ public class AssertionAttributeExtractor {
}
- public String getAttribute(String attributeName) {
+ public String getSingleAttributeValue(String attributeName) {
+ if (attributs.containsKey(attributeName))
+ return attributs.get(attributeName).get(0);
+ else
+ return null;
+
+ }
+
+ public List<String> getAttributeValues(String attributeName) {
return attributs.get(attributeName);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
index a1525db0a..10b325234 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
@@ -54,7 +54,7 @@ public class AttributeProviderFactory {
result.add("EHvdAttributeProvider");
result.add("SignedDocAttributeRequestProvider");
result.add("MandateAttributeRequestProvider");
-
+ result.add("PVPAuthenticationProvider");
return result;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 95597e0ad..aa018d5a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -455,7 +455,7 @@ public class AuthenticationRequest implements IAction {
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
- MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest);
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest);
try {
for (PersonalAttribute personalAttribute : attrLst) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 076139018..f4b02ee2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -22,13 +22,23 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.stork2;
+import java.util.ArrayList;
import java.util.List;
import org.opensaml.saml2.core.Attribute;
+import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
@@ -206,29 +216,31 @@ public class MOASTORKRequest extends RequestImpl {
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
- */
- @Override
- public String getRequestedIDP() {
- // TODO Auto-generated method stub
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse()
- */
- @Override
- public MOAResponse getInterfederationResponse() {
- // TODO Auto-generated method stub
- return null;
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
*/
@Override
public List<Attribute> getRequestedAttributes() {
- // TODO Auto-generated method stub
- return null;
+// //TODO: only for testing with MOA-ID as PVP Stammportal
+// IOAAuthParameters oa;
+// try {
+// List<String> reqAttr = new ArrayList<String>();
+// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
+//
+// oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+// oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this);
+//
+// DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa;
+// tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF");
+//
+// return AttributQueryBuilder.buildSAML2AttributeList(tmp, reqAttr.iterator());
+//
+// } catch (ConfigurationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// return null;
+// }
+
+ return new ArrayList<Attribute>();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
index 95af3565e..88c59ccf9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
@@ -129,6 +129,7 @@ public class PVPAuthenticationProvider extends AttributeProvider {
authRequest.setCountry(spCountryCode);
authRequest.setSpCountry(spCountryCode);
authRequest.setSpApplication(spApplication);
+ authRequest.setProviderName(spApplication);
authRequest.setSpSector(spSector);
authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList());
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 361c6b5ee..848866090 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -44,6 +44,7 @@ auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID
auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.25=Fehler beim validieren der SZR-Gateway Response.
auth.26=SessionID unbekannt.
+auth.27=Federated authentication FAILED.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 085625972..27f735028 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -24,6 +24,7 @@ auth.23=9000
auth.24=9001
auth.25=1109
auth.26=1100
+auth.27=4401
init.00=9199
init.01=9199