diff options
10 files changed, 44 insertions, 20 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 83b7ae592..a81baafac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -5,6 +5,7 @@ import java.io.StringWriter;  import org.apache.commons.io.IOUtils; +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;  import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;  import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 29d407dc7..e6eecd11b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -140,9 +140,9 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {  		//TODO: CHANGE to real OA config  		List<String> bkuURIs = Arrays.asList( -				"http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html", -				"http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html", -				"http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html"); +				"http://localhost:8080/moa-id-auth/template_onlineBKU.html", +				"http://localhost:8080/moa-id-auth/template_handyBKU.html", +				"http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");  //		List<String> bkuURIs = Arrays.asList(  //				"http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 4c4671084..930fedfd4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -148,7 +148,6 @@ public class VerifyCertificateServlet extends AuthServlet {  	    	}
  	    	else {
  	    		// Foreign Identities Modus	
 -		    	session.setForeignMode(true);
  		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
  		      // build dataurl (to the GetForeignIDSerlvet)
  		    	String dataurl =
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index d798ce9d6..d85d61bc7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -38,10 +38,6 @@ import org.hibernate.cfg.Configuration;  import org.w3c.dom.Element;  import org.w3c.dom.Node; -import test.tlenz.simpletest; - -import eu.stork.vidp.messages.common.STORKBootstrap; -  import at.gv.egovernment.moa.id.commons.db.HibernateUtil;  import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;  import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; @@ -56,8 +52,8 @@ import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.FileUtils;  import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils;  import at.gv.egovernment.moa.util.XPathUtils; +import eu.stork.vidp.messages.common.STORKBootstrap;  /**   * A class providing access to the Auth Part of the MOA-ID configuration data. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 5e792ab78..58fec9790 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -319,7 +319,7 @@ public class AuthenticationManager extends AuthServlet {  		} catch (MOADatabaseException e) {  			try {  				moasession = AuthenticationSessionStoreage.createSession(); -				Logger.info("Create a new MOASession with sessionID=" + sessionID + "."); +				Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + ".");  			} catch (MOADatabaseException e1) {  				Logger.error("Database Error! MOASession are not created."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 41aa459ec..9dcef5778 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -132,6 +132,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {  		try {  			PVPTargetConfiguration config = new PVPTargetConfiguration(); +  			MOARequest moaRequest = decoder.decodeRequest(request, response);  			RequestAbstractType samlReq =  moaRequest.getSamlRequest(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 2038ef5a5..c438cb18c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -26,7 +26,12 @@ import org.opensaml.saml2.metadata.NameIDFormat;  import org.opensaml.saml2.metadata.RequestedAttribute;  import org.opensaml.saml2.metadata.SPSSODescriptor; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; @@ -39,8 +44,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;  import at.gv.egovernment.moa.logging.Logger;  public class PVP2AssertionBuilder implements PVPConstants { -	public static Assertion buildAssertion(AuthnRequest authnRequest,  -			AuthenticationSession authSession, EntityDescriptor peerEntity) throws PVP2Exception { +	public static Assertion buildAssertion(AuthnRequest authnRequest, +			AuthenticationSession authSession, EntityDescriptor peerEntity) +			throws MOAIDException {  		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);  		RequestedAuthnContext reqAuthnContext = authnRequest @@ -71,7 +77,7 @@ public class PVP2AssertionBuilder implements PVPConstants {  		if (!stork_qaa_1_4_found) {  			throw new QAANotSupportedException(STORK_QAA_1_4);  		} -		 +  		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()  				.iterator();  		StringBuilder authContextsb = new StringBuilder(); @@ -107,7 +113,7 @@ public class PVP2AssertionBuilder implements PVPConstants {  		authnStatement.setAuthnContext(authnContext);  		assertion.getAuthnStatements().add(authnStatement); -		 +  		SPSSODescriptor spSSODescriptor = peerEntity  				.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -127,6 +133,9 @@ public class PVP2AssertionBuilder implements PVPConstants {  		Subject subject = SAML2Utils.createSAMLObject(Subject.class);  		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);  		boolean foundFormat = false; + +		// TL: AuthData generation is moved to Assertion generation. +  		Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()  				.iterator();  		while (formatIt.hasNext()) { @@ -180,11 +189,27 @@ public class PVP2AssertionBuilder implements PVPConstants {  			assertion.getAttributeStatements().add(attributeStatement);  		} +		// TODO: LOAD oaParam from request and not from MOASession in case of +		// SSO +		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +				.getOnlineApplicationParameter( +						authSession.getPublicOAURLPrefix()); + +		AuthenticationData authData = AuthenticationServer +				.buildAuthenticationData(authSession, oaParam, +						oaParam.getTarget()); + +		// TL: getIdentificationValue holds the baseID --> change to pBK +		// subjectNameID.setValue(authData.getIdentificationValue()); +  		subjectNameID.setFormat(NameID.PERSISTENT); -		subjectNameID.setNameQualifier(authSession.getAssertionAuthData() +		//TODO: build IdType in authData +		subjectNameID.setNameQualifier(authData  				.getIdentificationType()); -		subjectNameID.setValue(authSession.getAssertionAuthData() -				.getIdentificationValue()); +		if (authSession.getBusinessService()) +			subjectNameID.setValue(authData.getWBPK()); +		else +			subjectNameID.setValue(authData.getBPK());  		// }  		subject.setNameID(subjectNameID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java index ae3715b57..c2c1c8687 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -11,7 +11,8 @@ public class BPKAttributeBuilder extends BaseAttributeBuilder {  	}  	public Attribute build(AuthenticationSession authSession) { -		String bpk = authSession.getAssertionAuthData().getIdentificationValue(); +		// TODO: authSession + oaParam => authData +		String bpk = ""; //authSession.getAssertionAuthData().getIdentificationValue();  		if(bpk.length() > BPK_MAX_LENGTH) {  			bpk = bpk.substring(0, BPK_MAX_LENGTH);  		} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java index 9b0c0a289..785db286d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -11,8 +11,9 @@ public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder {  	}  	public Attribute build(AuthenticationSession authSession) { +		// TODO: authSession + oaParam => authData  		return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, -				EID_SECTOR_FOR_IDENTIFIER_NAME, authSession.getAssertionAuthData().getIdentificationType()); +				EID_SECTOR_FOR_IDENTIFIER_NAME, ""/*authSession.getAssertionAuthData().getIdentificationType()*/);  	}  	public Attribute buildEmpty() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 70156deb7..44f0563b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -173,7 +173,7 @@ public class AuthenticationSessionStoreage {  		} catch (MOADatabaseException e) {  			Logger.info("No MOA Session with id: " + sessionID); -			return null; +			throw new MOADatabaseException("No MOA Session with id: " + sessionID);  		} catch (Throwable e) {  			Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); | 
