aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java135
1 files changed, 96 insertions, 39 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 0510f545a..cd2bfcf91 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -361,6 +361,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authData.setBPK(pvpbPK.split(":")[1]);
}
+ boolean foundEncryptedbPKForOA = false;
if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) {
List<String> encbPKList = Arrays.asList(
extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";"));
@@ -377,6 +378,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
+ oaParam.getPublicURLPrefix()
+ " Start decryption process ...");
PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey();
+ foundEncryptedbPKForOA = true;
if (privKey != null) {
try {
String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey);
@@ -411,54 +413,82 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
}
- if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 &&
- MiscUtil.isEmpty(authData.getIdentificationValue())) {
+ if (MiscUtil.isEmpty(authData.getIdentificationValue()) &&
+ MiscUtil.isEmpty(authData.getBPK()) &&
+ !foundEncryptedbPKForOA) {
Logger.info("Federated assertion include no bPK, encrypted bPK or baseID");
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME
+ + " or " + PVPConstants.ENC_BPK_LIST_NAME);
- try {
- EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig();
- if (eGovClientsConfig != null) {
- SZRClient szrclient = new SZRClient(eGovClientsConfig);
+ }
+
+ //check if received bPK matchs to online application configuration
+ //and no encrypted bPK is found for this oa
+ if (!matchsReceivedbPKToOnlineApplication(oaParam, authData)
+ && !foundEncryptedbPKForOA) {
+ Logger.info("Received bPK/wbPK does not match to online application");
+
+ if (MiscUtil.isEmpty(authData.getIdentificationValue())) {
+ Logger.info("No baseID found. Connect SZR to reveive baseID ...");
+ try {
+ EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig();
+ if (eGovClientsConfig != null) {
+ SZRClient szrclient = new SZRClient(eGovClientsConfig);
+
+ Logger.debug("Create SZR request to get baseID ... ");
+ PersonInfoType personInfo = new PersonInfoType();
+ at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType();
+ personInfo.setPerson(person);
+ at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType();
+ person.setName(name);
+ at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType();
+ person.setIdentification(idValue);
+
+ //set bPK or wbPK
+ idValue.setValue(authData.getBPK());
+ idValue.setType(authData.getBPKType());
+
+ //set person information
+ name.setGivenName(authData.getGivenName());
+ name.setFamilyName(authData.getFamilyName());
+ if (authData.getDateOfBirth() != null)
+ person.setDateOfBirth(authData.getFormatedDateOfBirth());
+
+ //request szr and store baseID
+ authData.setIdentificationValue(szrclient.getStammzahl(personInfo));
+ authData.setIdentificationType(Constants.URN_PREFIX_BASEID);
+
+ } else {
+ Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible.");
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+
+ }
+
+ } catch (ConfigurationException e) {
+ Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
- Logger.debug("Create SZR request to get baseID ... ");
- PersonInfoType personInfo = new PersonInfoType();
- at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType();
- personInfo.setPerson(person);
- at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType();
- person.setName(name);
+ } catch (EgovUtilException e) {
+ Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
- name.setGivenName(authData.getGivenName());
- name.setFamilyName(authData.getFamilyName());
- if (authData.getDateOfBirth() != null)
- person.setDateOfBirth(authData.getFormatedDateOfBirth());
-
- authData.setIdentificationValue(szrclient.getStammzahl(personInfo));
- authData.setIdentificationType(Constants.URN_PREFIX_BASEID);
-
- } else {
- Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible.");
+ } catch (SZRException e) {
+ Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
}
-
- } catch (ConfigurationException e) {
- Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
- throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-
- } catch (EgovUtilException e) {
- Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
- throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-
- } catch (SZRException e) {
- Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
- throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-
}
-
+
+ //build OA specific bPK/wbPK information
+ buildOAspecificbPK(oaParam, authData,
+ authData.getIdentificationValue(),
+ authData.getIdentificationType());
+
}
if (MiscUtil.isEmpty(authData.getBPK())) {
@@ -672,6 +702,33 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authData.setPublicAuthority(false);
}
+ /**
+ * @param oaParam
+ * @param authData
+ * @return
+ */
+ private static boolean matchsReceivedbPKToOnlineApplication(
+ IOAAuthParameters oaParam, AuthenticationData authData) {
+
+ String oaTarget = null;
+ if (oaParam.getBusinessService()) {
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK))
+ oaTarget = oaParam.getIdentityLinkDomainIdentifier();
+ else
+ oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
+
+ } else {
+ oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget();
+
+ }
+
+
+ if (oaTarget.equals(authData.getBPKType()))
+ return true;
+ else
+ return false;
+ }
+
private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
IOAAuthParameters oaParam) throws BuildException, ConfigurationException {