aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-16 19:03:20 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-02-16 19:03:20 +0000
commit92709b7a3e7c18583e127d2160cfd96361ac035b (patch)
treeef9c5b9f6e6211eb95d75d196c79d32cdbd901d8 /id/server
parent99ecae7954643c971d8a789a196a5d246507a83e (diff)
downloadmoa-id-spss-92709b7a3e7c18583e127d2160cfd96361ac035b.tar.gz
moa-id-spss-92709b7a3e7c18583e127d2160cfd96361ac035b.tar.bz2
moa-id-spss-92709b7a3e7c18583e127d2160cfd96361ac035b.zip
* Update sourceID Parameter
* Blacklist-Übergabe an iaik-moa * iaik-moa.jar zu repository hinzugefügt git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1250 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server')
-rw-r--r--id/server/doc/moa_id/id-anwendung_1.htm2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java49
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java2
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java8
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java12
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java2
9 files changed, 58 insertions, 52 deletions
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index ad45ff7e1..561f3f556 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -94,7 +94,7 @@ StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
</tr>
<tr>
<td id="klein2">sourceID=&lt;sourceID&gt;</td>
- <td id="klein2">optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) in der SAML-Assertion aufscheint</td>
+ <td id="klein2">optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) zur Berechnung des SAML-Artifacts herangezogen wird.</td>
</tr>
</tbody>
</table>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 5eb23cabc..093d22732 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1538,7 +1538,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
- session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1554,7 +1553,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
String samlArtifact =
- new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID());
storeAuthenticationData(samlArtifact, authData);
// invalidates the authentication session
@@ -1717,7 +1716,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
String samlArtifact =
- new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID());
storeAuthenticationData(samlArtifact, authData);
// invalidates the authentication session
@@ -1816,7 +1815,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
- session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1832,7 +1830,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
String samlArtifact =
- new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID());
storeAuthenticationData(samlArtifact, authData);
// invalidates the authentication session
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 410d045f0..bcad65eed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -114,25 +114,5 @@ public class AuthenticationAssertionBuilder {
return sb.toString();
}
- /**
- * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
- * delivered to the online application.
- * The method traverses through the list of given SAML attribute objects and builds an
- * XML structure (String representation) for each of the attributes.
- *
- * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
- * to the SAML assertion delivered to the online application.
- * @return A string representation including the XML structures of
- * the SAML attributes.
- *
- * @throws ParseException If an error occurs on serializing an SAML attribute.
- */
- protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException {
- StringBuffer sb = new StringBuffer();
- if (sourceID!=null)
- sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID}));
-
- return sb.toString();
- }
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 7032e09eb..b9e44544d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -72,7 +72,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
"{10}" +
"{11}" +
"{12}" +
- "{13}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
@@ -107,7 +106,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
"{11}" +
"{12}" +
"{13}" +
- "{14}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
/**
@@ -158,7 +156,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- String sourceID,
List extendedSAMLAttributes)
throws BuildException
{
@@ -210,7 +207,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlPersonData),
isQualifiedCertificate,
bkuURL,
- buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
@@ -301,7 +297,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlMandateData),
isQualifiedCertificate,
bkuURL,
- buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index 41e4cd37d..145664a2b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -67,7 +67,7 @@ public class SAMLArtifactBuilder {
* of <code>AssertionHandle</code>
* @return the 42-byte SAML artifact, encoded BASE64
*/
- public String build(String authURL, String sessionID) throws BuildException {
+ public String build(String authURL, String sessionID, String sourceIdParam) throws BuildException {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] sourceID;
@@ -77,16 +77,45 @@ public class SAMLArtifactBuilder {
//System.out.println("alternativeSourceID: " + alternativeSourceID);
//System.out.println("authURL: " + authURL);
- if (!ParepUtils.isEmpty(alternativeSourceID)) {
- // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL;
- sourceID = md.digest(alternativeSourceID.getBytes());
- Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\".");
- } else {
- sourceID = md.digest(authURL.getBytes());
+ // if sourceID is given in GET/POST param - use this as source id
+ if (!ParepUtils.isEmpty(sourceIdParam)) {
+ // if GET/POST parameter sourceID is set, use that sourceID instead of authURL;
+ sourceID = md.digest(sourceIdParam.getBytes());
+ Logger.info("Building SAMArtifact from sourceID \"" + sourceIdParam + "\" instead of authURL \"" + authURL + "\".");
+
+ byte[] assertionHandle = md.digest(sessionID.getBytes());
+ ByteArrayOutputStream out = new ByteArrayOutputStream(42);
+ out.write(0);
+ out.write(1);
+ out.write(sourceID, 0, 20);
+ out.write(assertionHandle, 0, 20);
+ byte[] samlArtifact = out.toByteArray();
+ //System.out.println("samlArtifact: " + new String(samlArtifact));
+ String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
+ //System.out.println("samlArtifact Base64: " + samlArtifactBase64);
+ return samlArtifactBase64;
}
- //System.out.println("sourceID: " + new String(sourceID));
+ // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL;
+ if (!ParepUtils.isEmpty(alternativeSourceID)) {
+ sourceID = md.digest(alternativeSourceID.getBytes());
+ Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\".");
+
+ byte[] assertionHandle = md.digest(sessionID.getBytes());
+ ByteArrayOutputStream out = new ByteArrayOutputStream(42);
+ out.write(0);
+ out.write(1);
+ out.write(sourceID, 0, 20);
+ out.write(assertionHandle, 0, 20);
+ byte[] samlArtifact = out.toByteArray();
+ System.out.println("samlArtifact: " + new String(samlArtifact));
+ String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
+ System.out.println("samlArtifact Base64: " + samlArtifactBase64);
+ return samlArtifactBase64;
+ }
+ // default: sourecID from authURL
+ sourceID = md.digest(authURL.getBytes());
byte[] assertionHandle = md.digest(sessionID.getBytes());
ByteArrayOutputStream out = new ByteArrayOutputStream(42);
out.write(0);
@@ -98,6 +127,10 @@ public class SAMLArtifactBuilder {
String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
//System.out.println("samlArtifact Base64: " + samlArtifactBase64);
return samlArtifactBase64;
+
+ //System.out.println("sourceID: " + new String(sourceID));
+
+
}
catch (Throwable ex) {
throw new BuildException(
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
index d9cd13259..a71fe0181 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, null);
+ authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null);
authData.setSamlAssertion(samlAssertion);
return authData;
}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
index 979a4aa24..915dc540c 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
@@ -51,9 +51,9 @@ public class SAMLArtifactBuilderTest extends UnitTestCase {
}
protected void setUp() throws Exception {
builder = new SAMLArtifactBuilder();
- artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false);
- artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2), false);
- artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3), false);
+ artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1, null), false);
+ artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2, null), false);
+ artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3, null), false);
}
public void testBuildArtifactLength() throws BuildException {
@@ -62,7 +62,7 @@ public class SAMLArtifactBuilderTest extends UnitTestCase {
assertEquals(42, artifact3.length);
}
public void testBuildSameArtifact() throws Exception {
- byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false);
+ byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1, null), false);
assertEquals(new String(artifact1), new String(artifact1Clone));
}
public void testBuildDifferentArtifacts() throws BuildException {
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
index 1dab28dea..d34678f0c 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
@@ -44,7 +44,7 @@ public class SAMLArtifactParserTest extends UnitTestCase {
public void testParseTypeCode() throws Exception {
String sessionID = Random.nextRandom();
- String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID);
+ String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null);
byte[] typeCode = new SAMLArtifactParser(samlArtifact).parseTypeCode();
assertEquals(typeCode[0], 0);
assertEquals(typeCode[1], 1);
@@ -52,8 +52,8 @@ public class SAMLArtifactParserTest extends UnitTestCase {
public void testParseAssertionHandleSameSessionID() throws Exception {
// SAML artifacts for different authURL's but same sessionID MUST give same assertion handle
String sessionID = Random.nextRandom();
- String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID);
- String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID);
+ String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID, null);
+ String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID, null);
String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle();
String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle();
assertEquals(assertionHandle1, assertionHandle2);
@@ -62,8 +62,8 @@ public class SAMLArtifactParserTest extends UnitTestCase {
// SAML artifacts for same authURL but different sessionID's MUST give different assertion handles
String sessionID1 = Random.nextRandom();
String sessionID2 = Random.nextRandom();
- String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1);
- String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2);
+ String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1, null);
+ String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2, null);
String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle();
String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle();
assertFalse(assertionHandle1.equals(assertionHandle2));
@@ -71,7 +71,7 @@ public class SAMLArtifactParserTest extends UnitTestCase {
public void testParseAssertionHandleSameSAMLArtifact() throws Exception {
// SAML artifact parsed twice MUST give same assertion handle each time
String sessionID = Random.nextRandom();
- String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID);
+ String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null);
String assertionHandle1 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
String assertionHandle2 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
assertEquals(assertionHandle1, assertionHandle2);
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
index 73085270f..467c6520e 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
@@ -43,7 +43,7 @@ public class SAMLRequestBuilderTest extends UnitTestCase {
public void testBuild() throws Exception {
String requestID = "123";
- String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890");
+ String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890", null);
String REQUEST_SHOULD = "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
requestID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"IGNORE\">" +
"<samlp:AssertionArtifact>" + samlArtifact + "</samlp:AssertionArtifact>" +