aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2020-04-06 10:23:53 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2020-04-06 10:23:53 +0200
commita056118bbfabb53dc2856ff07d068cd57ddc8be3 (patch)
treee8972ade3b0137e8a61e10d9717a512787c16ba5 /id/server/modules/moa-id-modules-saml1/src/main/java
parent7fa91731a8b852e9a8a4ea1a152a5aa74523d47e (diff)
parentaebaed0e889413491b5769babf39a200bd312992 (diff)
downloadmoa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.tar.gz
moa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.tar.bz2
moa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.zip
Merge branch 'development_preview'
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src/main/java')
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java113
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java6
2 files changed, 114 insertions, 5 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 7a9557baf..73d3d369f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -53,6 +53,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -67,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
@@ -78,7 +82,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBui
import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -351,7 +354,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
if (Boolean.parseBoolean(
oaParam.getConfigurationValue(
MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
- String.valueOf(false)))) {
+ String.valueOf(false))) ||
+ Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE,
+ String.valueOf(false)))) {
Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
if (oaAttributes == null)
@@ -393,6 +400,42 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
+ try {
+ String onlineIDL = new EIDEIDTokenBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(onlineIDL)) {
+ Logger.trace("Adding Online-IDL: " + onlineIDL + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_E_ID_TOKEN_FRIENDLY_NAME, onlineIDL,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional 'Online-IDL' attribute. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String eidStatusLevel = new EidIdentityStatusLevelAttributeBuiler().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(eidStatusLevel)) {
+ Logger.trace("Adding IdentityStatusLevel: " + eidStatusLevel + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, eidStatusLevel,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional 'IdentityStatusLevel' attribute. Reason: " + e.getMessage());
+
+ }
+
//for mandates
try {
String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
@@ -429,12 +472,15 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
}
+
+
}
String samlAssertion = null;
//add mandate info's
if (authData.isUseMandate()) {
+
//only provide full mandate if it is included.
if (saml1parameter.isProvideFullMandatorData()
&& authData.getMISMandate() != null) {
@@ -506,8 +552,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
+ //build mandateDate Attribute
String mandateDate = generateMandateDate(oaParam, authData);
+ //build RepresentationType and
+ generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData);
+
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
prPerson,
@@ -553,6 +603,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
+ private void generateRepresentationTypeAndOWInfos(List<ExtendedSAMLAttribute> oaAttributes,
+ IOAAuthParameters oaParam, SAML1AuthenticationData authData) {
+ boolean isRepresentationTypeSet = false;
+ boolean isOWOIDSet = false;
+ boolean isOWFriendlyNameSet = false;
+
+ for (ExtendedSAMLAttribute el : oaAttributes) {
+ if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName()))
+ isRepresentationTypeSet = true;
+
+ if (EXT_SAML_MANDATE_OID.equals(el.getName()))
+ isOWOIDSet = true;
+
+ if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName()))
+ isOWFriendlyNameSet = true;
+ }
+
+
+ if (!isRepresentationTypeSet)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_REPRESENTATIONTYPE,
+ EXT_SAML_MANDATE_REPRESENTATIONTEXT,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+
+ String oid = null;
+ String oidDescription = null;
+
+ if (authData.getMISMandate() != null) {
+ oid = authData.getMISMandate().getProfRep();
+ oidDescription = authData.getMISMandate().getTextualDescriptionOfOID();
+
+ } else {
+ oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class);
+ oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class);
+
+ }
+
+
+
+
+ if (!isOWOIDSet && oid != null)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OID, oid,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ if (!isOWFriendlyNameSet && oidDescription != null)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+ oidDescription, SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+
+
+ }
+
+
private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 20c66d7a2..bb1f3c155 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -42,7 +42,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -66,7 +66,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
*/
@Controller
-public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo {
+public class SAML1Protocol extends AbstractController implements IModulInfo {
@Autowired private SAML1AuthenticationServer saml1AuthServer;
@@ -127,7 +127,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
//preProcess SAML1 Request
preProcess(req, resp, pendingReq);
- performAuthentication(req, resp, pendingReq);
+ protAuthService.performAuthentication(req, resp, pendingReq);
return;
}