aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-26 15:34:18 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-26 15:34:18 +0200
commitb3e9fbc02bce967d7303a024c68851d6471b2685 (patch)
tree4d44ec6f71b585da5e9570658ff9dc198d8a1778 /id/server/idserverlib
parent36fccc971da91b5bfa0eb2adbee2c086e2ac3862 (diff)
downloadmoa-id-spss-b3e9fbc02bce967d7303a024c68851d6471b2685.tar.gz
moa-id-spss-b3e9fbc02bce967d7303a024c68851d6471b2685.tar.bz2
moa-id-spss-b3e9fbc02bce967d7303a024c68851d6471b2685.zip
PVP2 Stork authentication
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java36
7 files changed, 57 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 4f35b084f..d9f3ef7e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -454,6 +454,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setTemplateURL(templateURL);
session.setBusinessService(oaParam.getBusinessService());
session.setModul(modul);
+ session.setForeignMode(false);
session.setAction(action);
if (sourceID != null)
session.setSourceID(sourceID);
@@ -2850,6 +2851,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
moaSession.setAction(action);
moaSession.setModul(modul);
+ moaSession.setForeignMode(true);
if (sourceID != null)
moaSession.setSourceID(sourceID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index aaad1cc1e..e7bd5f511 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -267,6 +267,8 @@ public class AuthenticationSession {
private boolean authenticated;
private boolean authenticatedUsed = false;
+
+ private boolean foreignMode = false;
public boolean isAuthenticatedUsed() {
return authenticatedUsed;
@@ -1020,4 +1022,12 @@ public class AuthenticationSession {
this.mandate = mandate;
}
+ public boolean isForeignMode() {
+ return foreignMode;
+ }
+
+ public void setForeignMode(boolean foreignMode) {
+ this.foreignMode = foreignMode;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 6516e64b7..3f775f38e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -179,11 +180,14 @@ public class GetForeignIDServlet extends AuthServlet {
String samlArtifactBase64 =
AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
+ /*redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);*/
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
redirectURL = resp.encodeRedirectURL(redirectURL);
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4ec894d47..731c7581c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -23,6 +23,7 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -200,11 +201,14 @@ public class PEPSConnectorServlet extends AuthServlet {
//redirect
String redirectURL = null;
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = moaSession.getOAURLRequested();
+ /*redirectURL = moaSession.getOAURLRequested();
if (!moaSession.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = response.encodeRedirectURL(redirectURL);*/
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction()), samlArtifactBase64);
redirectURL = response.encodeRedirectURL(redirectURL);
} else {
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 51ec82e2d..d5198a862 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -146,7 +146,7 @@ public class VerifyCertificateServlet extends AuthServlet {
}
else {
// Foreign Identities Modus
-
+ session.setForeignMode(true);
String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 61b55f73d..f2c41a051 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -141,7 +141,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
if (createXMLSignatureRequestOrRedirect == null) {
// no identity link found
-
+
boolean useMandate = session.getUseMandate();
if (useMandate) {
Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
index 251d263d9..2452e35c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -1,8 +1,14 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import iaik.x509.X509Certificate;
+
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
@@ -12,13 +18,37 @@ public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
public Attribute build(AuthenticationSession authSession) {
String countryCode = "AT";
- if(authSession.getStorkAuthnRequest() != null) {
- countryCode = authSession.getStorkAuthnRequest().getCitizenCountryCode();
+
+
+ if (authSession.getStorkAuthnRequest() != null) {
+ countryCode = authSession.getStorkAuthnRequest()
+ .getCitizenCountryCode();
+ } else {
+
+ //TODO: replace with TSL lookup when TSL is ready!
+ X509Certificate certificate = authSession.getSignerCertificate();
+
+ if (certificate != null) {
+ try {
+ LdapName ln = new LdapName(certificate.getIssuerDN()
+ .getName());
+ for (Rdn rdn : ln.getRdns()) {
+ if (rdn.getType().equalsIgnoreCase("C")) {
+ Logger.info("C is: " + rdn.getValue());
+ countryCode = rdn.getValue().toString();
+ break;
+ }
+ }
+ } catch (Exception e) {
+ Logger.error("Failed to extract country code from certificate", e);
+ }
+ }
}
+
return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
EID_ISSUING_NATION_NAME, countryCode);
}
-
+
public Attribute buildEmpty() {
return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
EID_ISSUING_NATION_NAME);