aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-06-05 10:46:41 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-06-05 10:46:41 +0200
commitcd5cef47db73c85cbb2defdec3b283655fdc859b (patch)
tree97a3f3ba121babcc4850b5048e63aee831399676 /id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
parent84a55fe8bec3924102bd2217f7e39e7a698f2829 (diff)
downloadmoa-id-spss-cd5cef47db73c85cbb2defdec3b283655fdc859b.tar.gz
moa-id-spss-cd5cef47db73c85cbb2defdec3b283655fdc859b.tar.bz2
moa-id-spss-cd5cef47db73c85cbb2defdec3b283655fdc859b.zip
update SL20 implementation
Diffstat (limited to 'id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java')
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java62
1 files changed, 2 insertions, 60 deletions
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index b5c84d315..cc74bb11a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -6,14 +6,8 @@ import java.util.Calendar;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.opensaml.Configuration;
import org.opensaml.saml2.core.Assertion;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -28,9 +22,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moaspss.logging.Logger;
@@ -75,7 +67,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
IVerifiyXMLSignatureResponse authBlockVerificationResult = null;
try {
- Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64);
+ Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
@@ -126,55 +118,5 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
TransactionIDUtils.removeSessionId();
}
- }
-
- private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException {
- try {
- //parse authBlock into SAML2 Assertion
- byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);
- Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);
- XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
-
- //validate SAML2 Assertion
- SAML2Utils.schemeValidation(samlAssertion);
-
- if (samlAssertion instanceof Assertion)
- return (Assertion) samlAssertion;
- else
- throw new SL20eIDDataValidationException(
- new Object[] {
- SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
- "AuthBlock is NOT of type SAML2 Assertion"
- });
-
- } catch (SL20eIDDataValidationException e) {
- throw e;
-
- } catch (SAXException e) {
- Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage());
- throw new SL20eIDDataValidationException(
- new Object[] {
- SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
- e.getMessage()
- },
- e);
-
- } catch (Exception e) {
- Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage());
- Logger.trace("FullAuthBlock: " + authblockB64);
- throw new SL20eIDDataValidationException(
- new Object[] {
- SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
- e.getMessage()
- },
- e);
-
- }
-
- }
-
-
-
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 15:14:53 +0000