diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2020-04-06 10:23:53 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2020-04-06 10:23:53 +0200 |
commit | a056118bbfabb53dc2856ff07d068cd57ddc8be3 (patch) | |
tree | e8972ade3b0137e8a61e10d9717a512787c16ba5 /id/server/modules/moa-id-modules-saml1 | |
parent | 7fa91731a8b852e9a8a4ea1a152a5aa74523d47e (diff) | |
parent | aebaed0e889413491b5769babf39a200bd312992 (diff) | |
download | moa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.tar.gz moa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.tar.bz2 moa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.zip |
Merge branch 'development_preview'
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1')
3 files changed, 115 insertions, 6 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 3a401d80e..26e164b83 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>${moa-id-version}</version> + <version>4.1.2-SNAPSHOT</version> </parent> <artifactId>moa-id-module-saml1</artifactId> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 7a9557baf..73d3d369f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -53,6 +53,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -67,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; @@ -78,7 +82,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBui import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -351,7 +354,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer { if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); if (oaAttributes == null) @@ -393,6 +400,42 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + try { + String onlineIDL = new EIDEIDTokenBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(onlineIDL)) { + Logger.trace("Adding Online-IDL: " + onlineIDL + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_E_ID_TOKEN_FRIENDLY_NAME, onlineIDL, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'Online-IDL' attribute. Reason: " + e.getMessage()); + + } + + try { + String eidStatusLevel = new EidIdentityStatusLevelAttributeBuiler().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(eidStatusLevel)) { + Logger.trace("Adding IdentityStatusLevel: " + eidStatusLevel + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, eidStatusLevel, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'IdentityStatusLevel' attribute. Reason: " + e.getMessage()); + + } + //for mandates try { String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( @@ -429,12 +472,15 @@ public class SAML1AuthenticationServer extends AuthenticationServer { Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); } + + } String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { + //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { @@ -506,8 +552,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } + //build mandateDate Attribute String mandateDate = generateMandateDate(oaParam, authData); + //build RepresentationType and + generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData); + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, prPerson, @@ -553,6 +603,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + private void generateRepresentationTypeAndOWInfos(List<ExtendedSAMLAttribute> oaAttributes, + IOAAuthParameters oaParam, SAML1AuthenticationData authData) { + boolean isRepresentationTypeSet = false; + boolean isOWOIDSet = false; + boolean isOWFriendlyNameSet = false; + + for (ExtendedSAMLAttribute el : oaAttributes) { + if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName())) + isRepresentationTypeSet = true; + + if (EXT_SAML_MANDATE_OID.equals(el.getName())) + isOWOIDSet = true; + + if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName())) + isOWFriendlyNameSet = true; + } + + + if (!isRepresentationTypeSet) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + String oid = null; + String oidDescription = null; + + if (authData.getMISMandate() != null) { + oid = authData.getMISMandate().getProfRep(); + oidDescription = authData.getMISMandate().getTextualDescriptionOfOID(); + + } else { + oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class); + oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class); + + } + + + + + if (!isOWOIDSet && oid != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + if (!isOWFriendlyNameSet && oidDescription != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + + } + + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 20c66d7a2..bb1f3c155 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -42,7 +42,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; @@ -66,7 +66,7 @@ import at.gv.egovernment.moa.util.URLEncoder; */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { +public class SAML1Protocol extends AbstractController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; @@ -127,7 +127,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement //preProcess SAML1 Request preProcess(req, resp, pendingReq); - performAuthentication(req, resp, pendingReq); + protAuthService.performAuthentication(req, resp, pendingReq); return; } |