aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-10-13 13:18:11 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-10-13 13:18:11 +0200
commitd703b4201def4ea55bc865da87010972d13a434e (patch)
treed9be30af066c7cf6281a15954318d40bf37131b5 /id/server/modules/moa-id-modules-saml1/src/main/java
parent1a80e310ed77110a8757b78b750a6a000495b16f (diff)
downloadmoa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.gz
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.bz2
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.zip
enable mandates for eIDAS nodes
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src/main/java')
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java7
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java50
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java18
3 files changed, 33 insertions, 42 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index d3ebffdfd..9981e8156 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
@Service("SAML1_GetArtifactAction")
@@ -84,10 +85,12 @@ public class GetArtifactAction implements IAction {
String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
+ String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class);
+
if (authData.isSsoSession()) {
String url = req.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
- if (!oaParam.getBusinessService())
+ if (MiscUtil.isNotEmpty(oaTargetArea))
url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
@@ -99,7 +102,7 @@ public class GetArtifactAction implements IAction {
} else {
String redirectURL = oaURL;
- if (!oaParam.getBusinessService()) {
+ if (MiscUtil.isNotEmpty(oaTargetArea)) {
redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index df8f13544..bf4a55e46 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,7 +48,6 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -65,6 +64,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.Random;
@@ -239,7 +239,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set prPersion
boolean provideStammzahl = saml1parameter.isProvideStammzahl()
- || oaParam.getBusinessService();
+ || oaParam.hasBaseIdTransferRestriction();
String prPerson = "";
String ilAssertion = "";
@@ -268,7 +268,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
id.setValue(value );
if ( MiscUtil.isNotEmpty(authData.getIdentificationValue()) &&
- saml1parameter.isProvideIdentityLink() && !authData.isBusinessService()) {
+ saml1parameter.isProvideIdentityLink() && !authData.isBaseIDTransferRestrication()) {
//add baseID if it is requested and available and SP is publicService
value.setValue(authData.getIdentificationValue());
id.setType(authData.getIdentificationType());
@@ -332,7 +332,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
try {
ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
- authData.getMISMandate(), oaParam.getBusinessService(),
+ authData.getMISMandate(), oaParam.hasBaseIdTransferRestriction(),
saml1parameter.isProvideStammzahl());
if (extendedSAMLAttributes != null) {
@@ -406,7 +406,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
ilAssertion,
authData.getBkuURL(),
signerCertificateBase64,
- oaParam.getBusinessService(),
+ oaParam.hasBaseIdTransferRestriction(),
oaAttributes,
useCondition,
conditionLength);
@@ -419,7 +419,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
ilAssertion,
authData.getBkuURL(),
signerCertificateBase64,
- oaParam.getBusinessService(),
+ oaParam.hasBaseIdTransferRestriction(),
authData.getExtendedSAMLAttributesOA(),
useCondition,
conditionLength);
@@ -486,27 +486,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
if (physical
- && oaParam.getBusinessService()
+ && oaParam.hasBaseIdTransferRestriction()
&& identificationType != null
&& Constants.URN_PREFIX_BASEID
.equals(identificationType)) {
// now we calculate the wbPK and do so if we got it from the
// BKU
-
- //load IdentityLinkDomainType from OAParam
- String type = oaParam.getIdentityLinkDomainIdentifier();
- if (type.startsWith(Constants.URN_PREFIX_WBPK + "+"))
- identificationType = type;
- else
- identificationType = Constants.URN_PREFIX_WBPK + "+"
- + type;
-
-
- identificationValue = new BPKBuilder().buildWBPK(
- identificationValue, identificationType);
- ParepUtils
- .HideStammZahlen(prPerson, true, null, null, true);
+ //load IdentityLinkDomainType from OAParam
+ Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ identificationValue, oaParam.getAreaSpecificTargetIdentifier());
+ identificationValue = targedId.getFirst();
+ identificationType = targedId.getSecond();
+
+ ParepUtils.HideStammZahlen(prPerson, true, null, true);
}
}
@@ -520,18 +513,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
try {
boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl();
- String oatargetType;
- if(oaParam.getBusinessService()) {
- if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- oatargetType = oaParam.getIdentityLinkDomainIdentifier();
- else
- oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier();
-
- } else {
- oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
-
- }
-
+ String oatargetType = oaParam.getAreaSpecificTargetIdentifier();
Element prIdentification = (Element) prPerson.
getElementsByTagNameNS(Constants.PD_NS_URI,"Identification").item(0);
@@ -544,7 +526,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String baseid = getBaseId(prPerson);
Element identificationBpK;
if (MiscUtil.isNotEmpty(baseid)) {
- identificationBpK = createIdentificationBPK(prPerson, baseid, oaParam.getTarget());
+ identificationBpK = createIdentificationBPK(prPerson, baseid, oatargetType);
if (!provideStammzahl) {
prIdentification.getFirstChild().setTextContent("");
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 37d66d29b..19fadb318 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
@@ -118,7 +119,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
//preProcess SAML1 Request
preProcess(req, resp, pendingReq);
-
+
performAuthentication(req, resp, pendingReq);
return;
@@ -190,14 +191,19 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
if (MiscUtil.isNotEmpty(target)) {
pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
- pendingRequest.setTarget(target);
+ pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target);
+
+ } else {
+ String targetArea = oaParam.getAreaSpecificTargetIdentifier();
+ pendingRequest.setTarget(targetArea);
+
+ if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID))
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET,
+ targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length()));
- }
- else {
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
- pendingRequest.setTarget(oaParam.getTarget());
}
+
//AuthnRequest needs authentication
pendingRequest.setNeedAuthentication(true);