diff options
Diffstat (limited to 'id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java')
-rw-r--r-- | id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java | 609 |
1 files changed, 0 insertions, 609 deletions
diff --git a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java deleted file mode 100644 index 9bf92e54b..000000000 --- a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java +++ /dev/null @@ -1,609 +0,0 @@ -package test.abnahme.A; - -import java.util.Calendar; -import java.util.HashMap; - -import org.w3c.dom.Element; -import test.abnahme.AbnahmeTestCase; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; -import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; - -/** - * @author Stefan Knirsch - * @version $Id$ - * - */ - -public class Test300VerifyAuthBlock extends AbnahmeTestCase { - - public Test300VerifyAuthBlock(String name) { - super(name); - } - - public void testA301() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - //authDataWriter(authData,this.getName()+"new.xml"); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA302() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - //authDataWriter(authData,this.getName()+"new.xml"); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA303() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA304() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA305() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA306() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA307() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA308() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServer(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - - } - - public void testA309() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA310() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA311() throws Exception { - try { - String sessionID = startAuthentication(); - AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); - assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA351() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - HashMap parameters = new HashMap(1); - parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse); - server.verifyIdentityLink(sessionID, parameters); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // nicht existierende Session.... - try { - server.verifyAuthenticationBlock("0", createXMLSignatureResponse); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA352() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - HashMap parameters = new HashMap(1); - parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse); - server.verifyIdentityLink(sessionID, parameters); - server.setSecondsSessionTimeOut(-100); - server.cleanup(); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // abgelaufene Session.... - server.setSecondsSessionTimeOut(1000); - try { - server.verifyAuthenticationBlock("0", createXMLSignatureResponse); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA353() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // Session for VerifyIdentityLink-Aufruf - try { - - server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - fail(); - } - //NOCH SEHR UNSCHÖN..... (fliegt raus im AuthenticationServer, Methode buildAuthenticationData - // ( IdentityLink identityLink = session.getIdentityLink(); ==> liefert dann NULL... - catch (NullPointerException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA354() throws Exception { - try { - String sessionID = startAuthentication(); - System.out.println(sessionID); - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - HashMap parameters = new HashMap(1); - parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse); - server.verifyIdentityLink(sessionID, parameters); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - - // nicht existierende Session.... - - server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - try { - server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - fail(); - } - catch (AuthenticationException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA355() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ParseException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA356() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ParseException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA357() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA358() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA359() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA360() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA361() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - public void testA362() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA363() throws Exception { - try { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testA364() throws Exception { - try { - String sessionID = startAuthentication(); - try { - - initServer(sessionID); - fail(); - } - catch (ValidateException e) { - System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); - } - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - /* public void testA365() throws Exception { - String sessionID = startAuthentication(); - try { - // wegen sinnlosigkeit gestrichen - initServer(sessionID); - fail(); - } - catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} - }*/ - - public void testA366() throws Exception { - - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} - } - public void testA367() throws Exception { - String sessionID = startAuthentication(); - try { - initServer(sessionID); - fail(); - } - catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} - } - - - private AuthenticationData initServer(String sessionID) throws Exception { - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - HashMap parameters = new HashMap(1); - parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse); - server.verifyIdentityLink(sessionID, parameters); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1"); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/"); - String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - AuthenticationData authData = server.getAuthenticationData(samlArtifact); - return authData; - } - - private AuthenticationData initServerWithoutValidateAuthBlock(String sessionID) throws Exception { - String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); - HashMap parameters = new HashMap(1); - parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse); - server.verifyIdentityLink(sessionID, parameters); - InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); - IdentityLink idl = irrp.parseIdentityLink(); - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1"); - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); - //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); - // System.out.println(createXMLSignatureRequest); - String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); - // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/"); - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - // parses <CreateXMLSignatureResponse> - CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(); - // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate(csresp, session); - // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); - Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); - // invokes the call - Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); - // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, true); - // compares the public keys from the identityLink with the AuthBlock - - // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); - return authData; - } - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), session.getTarget()); - authData.setBPK(vpkBase64); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build( - identityLink, oaParam.getProvideStammzahl()); - - try { - String ilAssertion = - oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; - String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null); - authData.setSamlAssertion(samlAssertion); - return authData; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "AuthenticationData", ex.getMessage() }, - ex); - } - } -} |