aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-07-16 18:34:17 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-07-16 18:34:17 +0200
commit43b57a3c903669fc9de36c46e99773bac97a2102 (patch)
tree1e5cd74c040f79709d0265acb134bb50085848e3 /id/server/modules/moa-id-modules-saml1
parent05d5c29bb3be38d40484f9c5bb5fdbdc131cba9f (diff)
parent4ae32fabc822b3c8ed51d380969f7db682d1bfae (diff)
downloadmoa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.gz
moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.bz2
moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.zip
Merge branch 'huge_refactoring' into development_preview
# Conflicts: # id/server/doc/handbook/config/config.html # id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java # id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java # id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java # id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1')
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml1
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java19
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java24
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java28
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java12
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java69
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java63
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java59
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java4
9 files changed, 145 insertions, 134 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 0463bf8d9..8b232cf29 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -6,7 +6,6 @@
<version>${moa-id-version}</version>
</parent>
- <groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-saml1</artifactId>
<packaging>jar</packaging>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index f6c8cb6e3..7ab222fa0 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -32,7 +32,6 @@ import java.util.List;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -41,7 +40,7 @@ import at.gv.egovernment.moa.util.StringUtils;
/**
* Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
- * to be provided by the MOA ID Auth component.
+ * to be provided by the MOA ID Auth component.
*
* @author Paul Ivancsics
* @version $Id$
@@ -277,8 +276,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
if (!useCondition) {
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstantString(),
+ authData.getAuthenticationIssuer(),
+ authData.getAuthenticationIssueInstantString(),
pkType,
pkValue,
StringUtils.removeXMLDeclaration(xmlAuthBlock),
@@ -302,8 +301,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] {
authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstantString(),
+ authData.getAuthenticationIssuer(),
+ authData.getAuthenticationIssueInstantString(),
notBefore,
notOnOrAfter,
pkType,
@@ -400,8 +399,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
if (!useCondition) {
assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstantString(),
+ authData.getAuthenticationIssuer(),
+ authData.getAuthenticationIssueInstantString(),
pkType,
pkValue,
StringUtils.removeXMLDeclaration(xmlAuthBlock),
@@ -426,8 +425,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] {
authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstantString(),
+ authData.getAuthenticationIssuer(),
+ authData.getAuthenticationIssueInstantString(),
notBefore,
notOnOrAfter,
pkType,
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 99d5d9063..21dbb573a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -28,15 +28,15 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -49,9 +49,9 @@ public class GetArtifactAction implements IAction {
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException {
- String oaURL = (String) req.getOAURL();
+ String oaURL = (String) req.getSPEntityId();
- String sourceID = null;
+ String sourceID = null;
if (req instanceof SAML1RequestImpl) {
SAML1RequestImpl saml1req = (SAML1RequestImpl) req;
sourceID = saml1req.getSourceID();
@@ -68,7 +68,7 @@ public class GetArtifactAction implements IAction {
}
try {
- IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
+ IOAAuthParameters oaParam = req.getServiceProviderConfiguration(IOAAuthParameters.class);
//TODO: add eIDAS to SAML1 protocol if it is really necessary
@@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction {
String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
- String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class);
+ String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class);
if (authData.isSsoSession()) {
String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT;
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
if (MiscUtil.isNotEmpty(oaTargetArea))
url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
- URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+ URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = httpResp.encodeRedirectURL(url);
@@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction {
String redirectURL = oaURL;
if (MiscUtil.isNotEmpty(oaTargetArea)) {
redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
- URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+ URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
}
@@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction {
new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule());
return sloInformation;
-
+
} catch (Exception ex) {
Logger.error("SAML1 Assertion build error", ex);
throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 13df30862..dcb7cb7ee 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -72,20 +72,19 @@ import org.xml.sax.SAXException;
import com.google.common.net.MediaType;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
/**
* Web service for picking up authentication data created in the MOA-ID Auth component.
@@ -98,7 +97,7 @@ import at.gv.egovernment.moa.util.XPathUtils;
* since SAML1 is deprecated MOA-ID >= 2.0.0
*
* @author tlenz
- */
+ */
@Controller
public class GetAuthenticationDataService extends AbstractController implements Constants {
@@ -257,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements
// no SAML artifact given in request
statusCode = "samlp:Requester";
statusMessageCode = "1202";
-
+
} else if (samlArtifactList.getLength() > 1) {
// too many SAML artifacts given in request
statusCode = "samlp:Requester";
@@ -280,9 +279,7 @@ public class GetAuthenticationDataService extends AbstractController implements
try {
Throwable error = saml1AuthServer.getErrorResponse(samlArtifact);
statusCode = "samlp:Responder";
-
- ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
-
+
if (error instanceof MOAIDException) {
statusMessageCode = ((MOAIDException)error).getMessageId();
statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
@@ -291,8 +288,9 @@ public class GetAuthenticationDataService extends AbstractController implements
statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
}
- subStatusCode = errorUtils.getResponseErrorCode(error);
-
+ subStatusCode = statusMessager.getResponseErrorCode(error);
+
+
} catch (Exception e) {
//no authentication data for given SAML artifact
statusCode = "samlp:Requester";
@@ -340,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements
is = Thread.currentThread()
.getContextClassLoader()
.getResourceAsStream(templateURL);
-
+
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
StringWriter writer = new StringWriter();
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
index 2a7cce89e..51d722dc4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -49,9 +49,10 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.text.ParseException;
import java.util.List;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
* @version $Id$
*/
-public class SAML1AuthenticationData extends AuthenticationData {
+public class SAML1AuthenticationData extends MOAAuthenticationData {
/**
*
*/
@@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends AuthenticationData {
private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
- public SAML1AuthenticationData() {
+ public SAML1AuthenticationData(LoALevelMapper loaMapper) {
+ super(loaMapper);
this.setMajorVersion(1);
this.setMinorVersion(0);
this.setAssertionID(Random.nextRandom());
@@ -137,7 +139,7 @@ public void setAssertionID(String assertionID) {
public void setIssueInstant(String date) {
try {
- setIssueInstant(DateTimeUtils.parseDateTime(date));
+ setAuthenticationIssueInstant(DateTimeUtils.parseDateTime(date));
} catch (ParseException e) {
Logger.error("Parse IssueInstant element FAILED.", e);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index bf4a55e46..c8f01f67d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -43,11 +44,21 @@ import org.xml.sax.SAXException;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -57,21 +68,14 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.persondata.IdentificationType;
@@ -86,7 +90,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
@Autowired private ITransactionStorage authenticationDataStore;
- /**
+ /**
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
@@ -103,8 +107,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
Throwable error = null;
try {
- error = authenticationDataStore
- .get(samlArtifact, Throwable.class);
+ error = authenticationDataStore.get(samlArtifact, Throwable.class);
if (error == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
@@ -114,7 +117,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
authenticationDataStore.remove(samlArtifact);
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
@@ -189,7 +192,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
@@ -201,10 +204,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
public String BuildErrorAssertion(Throwable error, IRequest protocolRequest)
- throws BuildException, MOADatabaseException {
+ throws EAAFException {
String samlArtifact = new SAMLArtifactBuilder().build(
- protocolRequest.getOAURL(), protocolRequest.getRequestID(),
+ protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(),
null);
authenticationDataStore.put(samlArtifact, error, authDataTimeOut);
@@ -319,12 +322,26 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- String samlAssertion;
- //add mandate info's
- if (authData.isUseMandate()) {
- List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
+ List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
+
+ //add additional SAML1 attribute that containts the CountryCode in case of foreigners
+ if (authData.isForeigner()) {
+ if (oaAttributes == null)
+ oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+ Logger.trace("Entity is marked as foreigner. Adding CountryCode: "
+ + authData.getCiticenCountryCode() + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, authData.getCiticenCountryCode(),
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+ }
+
+ String samlAssertion = null;
+ //add mandate info's
+ if (authData.isUseMandate()) {
//only provide full mandate if it is included.
if (saml1parameter.isProvideFullMandatorData()
&& authData.getMISMandate() != null) {
@@ -420,7 +437,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
authData.getBkuURL(),
signerCertificateBase64,
oaParam.hasBaseIdTransferRestriction(),
- authData.getExtendedSAMLAttributesOA(),
+ oaAttributes,
useCondition,
conditionLength);
}
@@ -428,7 +445,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//authData.setSamlAssertion(samlAssertion);
String samlArtifact = new SAMLArtifactBuilder().build(
- authData.getIssuer(), Random.nextRandom(),
+ authData.getAuthenticationIssuer(), Random.nextRandom(),
sourceID);
storeAuthenticationData(samlArtifact, samlAssertion);
@@ -443,10 +460,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
+ private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
- ValidateException {
+ ValidateException, EAAFBuilderException {
if (authData == null)
throw new AuthenticationException("auth.10", new Object[] {
@@ -491,7 +508,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
&& Constants.URN_PREFIX_BASEID
.equals(identificationType)) {
// now we calculate the wbPK and do so if we got it from the
- // BKU
+ // BKU
//load IdentityLinkDomainType from OAParam
Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
@@ -548,7 +565,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
} else {
;
- }
+ }
return DOMUtils.serializeNode(prPerson);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 19fadb318..30d740a2a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -35,18 +35,20 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -59,10 +61,10 @@ import at.gv.egovernment.moa.util.URLEncoder;
* @deprecated
* @author tlenz
*
- */
+ */
@Controller
-public class SAML1Protocol extends AbstractAuthProtocolModulController {
+public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo {
@Autowired private SAML1AuthenticationServer saml1AuthServer;
@@ -92,21 +94,22 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
return NAME;
}
- public String getPath() {
+ @Override
+ public String getAuthProtocolIdentifier() {
return PATH;
+
}
-
@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
- public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
- if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
- Logger.info("SAML1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
-
- }
+ public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
+// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
+// Logger.info("SAML1 is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+//
+// }
SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
- pendingReq.initialize(req);
+ pendingReq.initialize(req, authConfig);
pendingReq.setModule(NAME);
revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
@@ -127,15 +130,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
public void preProcess(HttpServletRequest request,
- HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
+ HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException {
try {
- String oaURL = (String) request.getParameter(PARAM_OA);
+ String oaURL = (String) request.getParameter(MOAIDAuthConstants.PARAM_OA);
//oaURL = StringEscapeUtils.escapeHtml(oaURL);
- String target = (String) request.getParameter(PARAM_TARGET);
+ String target = (String) request.getParameter(MOAIDAuthConstants.PARAM_TARGET);
target = StringEscapeUtils.escapeHtml(target);
- String sourceID = request.getParameter(PARAM_SOURCEID);
+ String sourceID = request.getParameter(MOAIDAuthConstants.PARAM_SOURCEID);
sourceID = StringEscapeUtils.escapeHtml(sourceID);
//the target parameter is used to define the OA in SAML1 standard
@@ -146,25 +149,25 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
if (MiscUtil.isEmpty(oaURL)) {
Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA,
"auth.12");
}
if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA,
"auth.12");
- pendingRequest.setOAURL(oaURL);
+ pendingRequest.setSPEntityId(oaURL);
Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+ throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_SOURCEID, "auth.12");
//load Target only from OA config
- IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL);
+ IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class);
if (oaParam == null)
throw new InvalidProtocolRequestException("auth.00",
@@ -190,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
if (MiscUtil.isNotEmpty(target)) {
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+ pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target);
pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target);
} else {
@@ -198,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
pendingRequest.setTarget(targetArea);
if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID))
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET,
+ pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET,
targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length()));
@@ -225,15 +228,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest)
throws Throwable{
- if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors())
+ if (!protocolRequest.getServiceProviderConfiguration(IOAAuthParameters.class).getSAML1Parameter().isProvideAllErrors())
return false;
else {
String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest);
String url = protocolRequest.getAuthURL() + "/RedirectServlet";
- url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
- url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getSPEntityId(), "UTF-8"));
+ url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = response.encodeRedirectURL(url);
response.setContentType("text/html");
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 1d3525626..4d3e60dd7 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -22,18 +22,11 @@
*/
package at.gv.egovernment.moa.id.protocols.saml1;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
/**
* @author tlenz
@@ -45,7 +38,7 @@ public class SAML1RequestImpl extends RequestImpl {
private static final long serialVersionUID = -4961979968425683115L;
- private String sourceID = null;
+ private String sourceID = null;
private String target = null;
/**
@@ -78,29 +71,29 @@ public class SAML1RequestImpl extends RequestImpl {
this.target = target;
}
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
- */
- @Override
- public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-
- List<String> reqAttr = new ArrayList<String>();
- reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
-
- SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
- if (saml1 != null) {
- if (saml1.isProvideAUTHBlock())
- reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
-
- if (saml1.isProvideCertificate())
- reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
-
- if (saml1.isProvideFullMandatorData())
- reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
- }
-
- return reqAttr;
-
- }
+// /* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+// */
+// @Override
+// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//
+// List<String> reqAttr = new ArrayList<String>();
+// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
+//
+// SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
+// if (saml1 != null) {
+// if (saml1.isProvideAUTHBlock())
+// reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
+//
+// if (saml1.isProvideCertificate())
+// reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+//
+// if (saml1.isProvideFullMandatorData())
+// reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+// }
+//
+// return reqAttr;
+//
+// }
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
index 961c8d0b5..4591e456f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
+++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
@@ -46,9 +46,9 @@
package test.at.gv.egovernment.moa.id.auth.parser;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
-import at.gv.egovernment.moa.id.util.Random;
import test.at.gv.egovernment.moa.id.UnitTestCase;
/*
@@ -63,7 +63,7 @@ public class SAMLArtifactParserTest extends UnitTestCase {
public SAMLArtifactParserTest(String name) {
super(name);
}
-
+
public void testParseTypeCode() throws Exception {
String sessionID = Random.nextRandom();
String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null);