aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-08-16 10:58:18 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-08-16 10:58:18 +0200
commitae26c0ede1058643bfd2d1c1e7847cef452a1b54 (patch)
tree2523b8c71b0cdafd75e7b31473b0678e90153038 /id/server/modules/moa-id-module-eIDAS/src
parent3139b9126ae10976848be640d2b8648401e36137 (diff)
downloadmoa-id-spss-ae26c0ede1058643bfd2d1c1e7847cef452a1b54.tar.gz
moa-id-spss-ae26c0ede1058643bfd2d1c1e7847cef452a1b54.tar.bz2
moa-id-spss-ae26c0ede1058643bfd2d1c1e7847cef452a1b54.zip
add SSO/SLO container functionality to eIDAS protocol impl. to support SSO functionality
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java57
1 files changed, 51 insertions, 6 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 033052eed..0f17eccab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.StringWriter;
+import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import javax.servlet.http.HttpServletRequest;
@@ -46,13 +47,16 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGen
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -63,6 +67,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.protocol.IResponseMessage;
import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.SamlNameIdFormat;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
@@ -91,6 +96,8 @@ public class eIDASAuthenticationRequest implements IAction {
throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
+ String subjectNameID = null;
+
//gather attributes
ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();
ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder();
@@ -110,9 +117,17 @@ public class eIDASAuthenticationRequest implements IAction {
case Constants.eIDAS_ATTR_CURRENTGIVENNAME:
newValue = authData.getGivenName();
break;
- case Constants.eIDAS_ATTR_PERSONALIDENTIFIER:
+ case Constants.eIDAS_ATTR_PERSONALIDENTIFIER:
newValue = authData.getBPK();
isUniqueID = true;
+
+ //generate a transient unique identifier if it is requested
+ String reqNameIDFormat = eidasRequest.getEidasRequest().getNameIdFormat();
+ if (MiscUtil.isNotEmpty(reqNameIDFormat)
+ && reqNameIDFormat.equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
+ newValue = generateTransientNameID(newValue);
+
+ subjectNameID = newValue;
break;
case Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER:
newValue = new MandateLegalPersonSourcePinAttributeBuilder().build(
@@ -177,9 +192,7 @@ public class eIDASAuthenticationRequest implements IAction {
//set success statuscode
responseBuilder.statusCode(StatusCode.SUCCESS_URI);
-
-
-
+
//build response
AuthenticationResponse response = responseBuilder.build();
@@ -247,8 +260,24 @@ public class eIDASAuthenticationRequest implements IAction {
throw new MOAIDException("eIDAS.13", new Object[]{e.getMessage()}, e);
}
-
- return null;
+
+ SLOInformationInterface ssoContainer = null;
+ try {
+ ssoContainer = new SLOInformationImpl(
+ req.getAuthURL(),
+ eidasRequest.getEidasRequest().getIssuer(),
+ null,
+ subjectNameID,
+ eidasRequest.getEidasRequest().getNameIdFormat(),
+ EIDASProtocol.NAME);
+
+ } catch (Exception e) {
+ Logger.error("Can not generate container with SSO information!", e);
+
+ }
+
+ return ssoContainer;
+
}
@Override
@@ -262,4 +291,20 @@ public class eIDASAuthenticationRequest implements IAction {
}
+ private String generateTransientNameID(String nameID) {
+ String random = Random.nextLongRandom();
+
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));
+ return Base64Utils.encode(hash);
+
+ } catch (Exception e) {
+ Logger.error("Can not generate transient personal identifier!", e);
+ return null;
+
+ }
+
+ }
+
}