diff options
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java | 135 | 
1 files changed, 96 insertions, 39 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 0510f545a..cd2bfcf91 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -361,6 +361,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  			authData.setBPK(pvpbPK.split(":")[1]);  		} +		boolean foundEncryptedbPKForOA = false;  		if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) {  			List<String> encbPKList = Arrays.asList(  					extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";"));							 @@ -377,6 +378,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  									+ oaParam.getPublicURLPrefix()  									+ " Start decryption process ...");  							PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey(); +							foundEncryptedbPKForOA = true;  							if (privKey != null) {  								try {  									String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey); @@ -411,54 +413,82 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  			}						  		} -		if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 &&  -				MiscUtil.isEmpty(authData.getIdentificationValue())) { +		if (MiscUtil.isEmpty(authData.getIdentificationValue()) &&  +				MiscUtil.isEmpty(authData.getBPK()) && +				!foundEncryptedbPKForOA) {  			Logger.info("Federated assertion include no bPK, encrypted bPK or baseID"); +			throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME +					+ " or " + PVPConstants.EID_SOURCE_PIN_NAME  +					+ " or " + PVPConstants.ENC_BPK_LIST_NAME); -			try { -				EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); -				if (eGovClientsConfig != null) { -					SZRClient szrclient = new SZRClient(eGovClientsConfig); +		} +		 +		//check if received bPK matchs to online application configuration  +		//and no encrypted bPK is found for this oa +		if (!matchsReceivedbPKToOnlineApplication(oaParam, authData)  +				&& !foundEncryptedbPKForOA) { +			Logger.info("Received bPK/wbPK does not match to online application"); +			 +			if (MiscUtil.isEmpty(authData.getIdentificationValue())) { +				Logger.info("No baseID found. Connect SZR to reveive baseID ...");				 +				try { +					EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); +					if (eGovClientsConfig != null) { +						SZRClient szrclient = new SZRClient(eGovClientsConfig); +						 +						Logger.debug("Create SZR request to get baseID ... "); +						PersonInfoType personInfo = new PersonInfoType(); +						at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); +						personInfo.setPerson(person);					 +						at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); +						person.setName(name); +						at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType(); +						person.setIdentification(idValue); +						 +						//set bPK or wbPK						 +						idValue.setValue(authData.getBPK()); +						idValue.setType(authData.getBPKType()); +						 +						//set person information +						name.setGivenName(authData.getGivenName()); +						name.setFamilyName(authData.getFamilyName()); +						if (authData.getDateOfBirth() != null) +							person.setDateOfBirth(authData.getFormatedDateOfBirth()); +						 +						//request szr and store baseID +						authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); +						authData.setIdentificationType(Constants.URN_PREFIX_BASEID); +											 +					} else { +						Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); +						throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME +								+ " or " + PVPConstants.EID_SOURCE_PIN_NAME); +						 +					} +								 +				} catch (ConfigurationException e) { +					 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); +					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME +							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME); -					Logger.debug("Create SZR request to get baseID ... "); -					PersonInfoType personInfo = new PersonInfoType(); -					at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); -					personInfo.setPerson(person);					 -					at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); -					person.setName(name); +				} catch (EgovUtilException e) { +					Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); +					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME +							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME); -					name.setGivenName(authData.getGivenName()); -					name.setFamilyName(authData.getFamilyName()); -					if (authData.getDateOfBirth() != null) -						person.setDateOfBirth(authData.getFormatedDateOfBirth()); -				 -					authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); -					authData.setIdentificationType(Constants.URN_PREFIX_BASEID); -										 -				} else { -					Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); +				} catch (SZRException e) { +					Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);  					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME  							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);  				} -							 -			} catch (ConfigurationException e) { -				 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); -				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME -						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME); -				 -			} catch (EgovUtilException e) { -				Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); -				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME -						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME); -				 -			} catch (SZRException e) { -				Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); -				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME -						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME); -				  			} -					 +			 +			//build OA specific bPK/wbPK information +			buildOAspecificbPK(oaParam, authData,  +					authData.getIdentificationValue(),  +					authData.getIdentificationType()); +			  		}  		if (MiscUtil.isEmpty(authData.getBPK())) { @@ -672,6 +702,33 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  		authData.setPublicAuthority(false);  	} +	/** +	 * @param oaParam +	 * @param authData +	 * @return +	 */ +	private static boolean matchsReceivedbPKToOnlineApplication( +			IOAAuthParameters oaParam, AuthenticationData authData) { +		 +		String oaTarget = null; +		if (oaParam.getBusinessService()) { +			if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) +				oaTarget = oaParam.getIdentityLinkDomainIdentifier(); +			else +				oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); +			 +		} else { +			oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); +			 +		} +		 +		 +		if (oaTarget.equals(authData.getBPKType())) +			return true; +		else +			return false; +	} +  	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,   			IOAAuthParameters oaParam) throws BuildException, ConfigurationException { | 
