aboutsummaryrefslogtreecommitdiff
path: root/id.server
diff options
context:
space:
mode:
Diffstat (limited to 'id.server')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java4
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java8
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java12
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java16
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java5
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java277
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java55
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java4
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java12
-rw-r--r--id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java2
-rw-r--r--id.server/src/test/abnahme/P/Test100LoginParameterResolver.java8
-rw-r--r--id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java2
12 files changed, 224 insertions, 181 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 04107a794..5bd0ee5fa 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -602,14 +602,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
authData.setSignerCertificate(signerCertificateBase64);
if (businessService) {
- authData.setWPBK(identityLink.getIdentificationValue());
+ authData.setWBPK(identityLink.getIdentificationValue());
} else {
// only compute bPK if online applcation is a public service
String bpkBase64 =
new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(),
session.getTarget());
- authData.setPBK(bpkBase64);
+ authData.setBPK(bpkBase64);
}
String ilAssertion =
oaParam.getProvideIdentityLink()
diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 8e0f3cbcf..c1588fe22 100644
--- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -131,7 +131,7 @@ public class AuthenticationData {
* Returns the bPK.
* @return String
*/
- public String getPBK() {
+ public String getBPK() {
return bPK;
}
@@ -139,7 +139,7 @@ public class AuthenticationData {
* Returns the wbPK.
* @return String the wbPK.
*/
- public String getWPBK() {
+ public String getWBPK() {
return wbPK;
}
@@ -179,7 +179,7 @@ public class AuthenticationData {
* Sets the bPK.
* @param bPK The bPK to set
*/
- public void setPBK(String bPK) {
+ public void setBPK(String bPK) {
this.bPK = bPK;
}
@@ -187,7 +187,7 @@ public class AuthenticationData {
* Sets the wbPK.
* @param wbPK The wbPK to set
*/
- public void setWPBK(String wbPK) {
+ public void setWBPK(String wbPK) {
this.wbPK = wbPK;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 77f6652f3..03034f3d3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -27,7 +27,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
/**
* Configuration mehtod (not used)
*/
- public void configure(String configuration) throws LoginParameterResolverException {
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
}
@@ -37,7 +37,8 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) {
+ String clientIPAddress,
+ boolean businessService) {
Map result = new HashMap();
@@ -73,7 +74,8 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
public Map getAuthenticationParameters(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) {
+ String clientIPAddress,
+ boolean businessService) {
Map result = new HashMap();
@@ -111,7 +113,9 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
if (predicate.equals(MOADateOfBirth))
return authData.getDateOfBirth();
if (predicate.equals(MOABPK))
- return authData.getPBK();
+ return authData.getBPK();
+ if (predicate.equals(MOAWBPK))
+ return authData.getWBPK();
if (predicate.equals(MOAPublicAuthority))
if (authData.isPublicAuthority())
return "true";
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index f43bbd9e4..27d52fc1a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -24,6 +24,8 @@ public interface LoginParameterResolver {
public static final String MOADateOfBirth = "MOADateOfBirth";
/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOABPK = "MOABPK";
+ /** Constant used in <code>MOAIDConfiguration-1.3.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAWBPK = "MOAWBPK";
/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAPublicAuthority = "MOAPublicAuthority";
/** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
@@ -42,7 +44,8 @@ public interface LoginParameterResolver {
*
* @param oaConf configuration data
* @param authData authentication data
- * @param clientIPAddress client IP address
+ * @param clientIPAddress client IP address
+ * @param businessService boolean value for recognizing (w)bPK-mode
* @return A map, the keys being header names and values being corresponding header values.
* <br>In case of authentication type <code>"basic-auth"</code>, header fields
* <code>username</code> and <code>password</code>.
@@ -53,14 +56,16 @@ public interface LoginParameterResolver {
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException, NotAllowedException;
+ String clientIPAddress,
+ boolean businessService) throws LoginParameterResolverException, NotAllowedException;
/**
* Returns request parameters to be added to a URLConnection.
*
* @param oaConf configuration data
* @param authData authentication data
- * @param clientIPAddress client IP address
+ * @param clientIPAddress client IP address
+ * @param businessService boolean value for recognizing (w)bPK-mode
* @return A map, the keys being parameter names and values being corresponding parameter values.
* <br>In case of authentication type <code>"param-auth"</code>, parameters
* derived from parameter mapping and authentication data provided.
@@ -69,8 +74,9 @@ public interface LoginParameterResolver {
public Map getAuthenticationParameters(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException, NotAllowedException;
+ String clientIPAddress,
+ boolean businessService) throws LoginParameterResolverException, NotAllowedException;
- public void configure(String configuration) throws LoginParameterResolverException;
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
index 856afe74c..8edd23438 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
@@ -42,16 +42,15 @@ public class LoginParameterResolverFactory {
String publicURLPrefix = oaParam.getPublicURLPrefix();
String className = oaParam.getLoginParameterResolverImpl();
String configuration = oaParam.getLoginParameterResolverConfiguration();
-
if (className != null) {
try {
Class lprClass = Class.forName(className);
LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
- Class[] argumentTypes = { String.class };
+ Class[] argumentTypes = { String.class, Boolean.class };
Method confMethod = lprClass.getMethod( "configure", argumentTypes );
- Object[] arguments = { new String(configuration) };
+ Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) };
confMethod.invoke( lpr, arguments );
loginParameterResolverMap.put(publicURLPrefix, lpr);
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 8a93148bb..a0780358e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -5,24 +5,30 @@ import iaik.security.provider.IAIK;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
-
-import javax.crypto.Cipher;
-import javax.crypto.BadPaddingException;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-
import java.security.InvalidAlgorithmParameterException;
-import java.security.Key;
import java.security.InvalidKeyException;
+import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.xml.parsers.ParserConfigurationException;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
@@ -31,14 +37,6 @@ import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.URLEncoder;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-
-import java.io.IOException;
-import java.util.*;
-
-import javax.xml.parsers.ParserConfigurationException;
-import org.w3c.dom.*;
-import org.xml.sax.SAXException;
/**
* XMLLoginParameterResolver an implementation of implementation of interface
@@ -195,8 +193,8 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
* configuration method
* @param configuration enabled enable user mapping to parameter set for the parameter set.
*/
- public void configure(String configuration) throws LoginParameterResolverException {
- File idFile;
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
+ File idFile;
Element rootElement;
Security.addProvider(new IAIK());
@@ -248,7 +246,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
throw new LoginParameterResolverException("config.11",
new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() });
}
- buildInfo(rootElement);
+ buildInfo(rootElement, businessService.booleanValue());
isConfigured = true;
}
@@ -330,7 +328,8 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException, NotAllowedException {
+ String clientIPAddress,
+ boolean businessService) throws LoginParameterResolverException, NotAllowedException {
Map result = new HashMap();
if (!isConfigured) {
@@ -339,25 +338,32 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
identityFile + "' is not configured!", null);
}
- //get the Identity of the user
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOABPK", authData, clientIPAddress);
- String userid = "";
- String password = "";
- LPRParams params = null;
- boolean userFound = false;
+ //get the Identity of the user
+ String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
+ String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
+ String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
+ String bPK ="";
+ String wType= "";
+ if (businessService) {
+ bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
+ wType = "w";
+ } else {
+ bPK = resolveValue(MOABPK, authData, clientIPAddress);
+ }
+ String userid = "";
+ String password = "";
+ LPRParams params = null;
+ boolean userFound = false;
- //try bPK and named search
- params = bPKIdentitySearch(bPK);
+ //try (w)bPK and named search
+ params = bPKIdentitySearch(bPK, wType);
if (null == params)
params = namedIdentitySearch(famName, givenName, dateOfBirth);
//if both searches failed, report error.
if(null == params)
- throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
+ throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
//HTTP 401 - Basic Authentication
if (oaConf.getAuthType().equals("basic")) {
@@ -395,34 +401,42 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
public Map getAuthenticationParameters(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException, NotAllowedException {
-
- Map result = new HashMap();
+ String clientIPAddress,
+ boolean businessService) throws LoginParameterResolverException, NotAllowedException {
- if (!isConfigured) {
- Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured");
- return result;
- }
-
- String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
- String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOABPK", authData, clientIPAddress);
- String userid = "";
- String password = "";
- LPRParams params = null;
-
- //try bPK and named search
- params = bPKIdentitySearch(bPK);
-
- if (null == params)
- params = namedIdentitySearch(famName, givenName, dateOfBirth);
-
- //if both searches failed, report error.
- if(null == params)
- throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
-
- //TODO MOAID XMLLPR URLEncoder.encode
+ Map result = new HashMap();
+
+ if (!isConfigured) {
+ Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured");
+ return result;
+ }
+
+ String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
+ String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
+ String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
+ String bPK ="";
+ String wType= "";
+ if (businessService) {
+ bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
+ wType = "w";
+ } else {
+ bPK = resolveValue(MOABPK, authData, clientIPAddress);
+ }
+ String userid = "";
+ String password = "";
+ LPRParams params = null;
+
+ //try (w)bPK and named search
+ params = bPKIdentitySearch(bPK, wType);
+
+ if (null == params)
+ params = namedIdentitySearch(famName, givenName, dateOfBirth);
+
+ //if both searches failed, report error.
+ if(null == params)
+ throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
+
+ //TODO MOAID XMLLPR URLEncoder.encode
if (oaConf.getAuthType().equals("param")) {
try {
if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1"));
@@ -458,7 +472,9 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
if (predicate.equals("MOADateOfBirth"))
return authData.getDateOfBirth();
if (predicate.equals("MOABPK"))
- return authData.getPBK();
+ return authData.getBPK();
+ if (predicate.equals("MOAWBPK"))
+ return authData.getWBPK();
if (predicate.equals("MOAPublicAuthority"))
if (authData.isPublicAuthority())
return "true";
@@ -500,9 +516,11 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
* buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file.
* @param root document root element.
*/
- private void buildInfo(Element root) {
+ private void buildInfo(Element root, boolean businessService) {
NodeList idList = root.getElementsByTagName(XSD_IDELEM);
NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM);
+ String wType ="";
+ if (businessService) wType = "w";
for (int i = 0; i < idList.getLength(); i++)
Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName());
@@ -536,12 +554,22 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
tmpElem.getAttribute(XSD_PARAM3ATTR)) );
- } else { //bPKIdentity Elements
+ } else {
- tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM);
+ //(w)bPKIdentity Elements
+ if (businessService) {
+ tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM);
+ } else {
+ tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM);
+ }
if (1 == tmpList.getLength()) {
tmpElem = (Element) tmpList.item(0);
- String tmpStr = tmpElem.getAttribute(XSD_BPKATTR);
+ String tmpStr = "";
+ if (businessService) {
+ tmpStr = tmpElem.getAttribute(XSD_WBPKATTR);
+ } else {
+ tmpStr = tmpElem.getAttribute(XSD_BPKATTR);
+ }
boolean tmpBool = false;
if (tmpElem.getFirstChild() != null
&& "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
@@ -557,99 +585,92 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
tmpElem.getAttribute(XSD_PARAM3ATTR)) );
} else {
- Logger.warn(
- "XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found");
+ if (businessService) {
+ Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found");
+ } else {
+ Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found");
+ }
}
}
}
Logger.debug("namedMap:" + namedMap.toString());
- Logger.debug("bPKMap:" + bPKMap.toString());
+ Logger.debug(wType + "bPKMap:" + bPKMap.toString());
}
- /**
- * searches for a given bPK and returns the appropriate LPRParams structure
- * @param bPK search argument
- * @returns LPRParams if bPK could be found in internal mappings or null otherwise.
+
+
+
+ /**
+ * searches for a given bPK and returns the appropriate LPRParams structure
+ * @param bPK search argument
+ * @returns LPRParams if bPK could be found in internal mappings or null otherwise.
*/
- LPRParams bPKIdentitySearch(String bPK) {
- //search for mapping with bPK of the user
- Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK);
- LPRParams params = (LPRParams) bPKMap.get(bPK);
- if (null == params) {
- Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!");
- return null;
- } else if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
- }
- Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled");
- return null;
+ LPRParams bPKIdentitySearch(String bPK, String wType) {
+ //search for mapping with (w)bPK of the user
+ Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK);
+ LPRParams params = (LPRParams) bPKMap.get(bPK);
+ if (null == params) {
+ Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!");
+ return null;
+ } else if (params.getEnabled()) {
+ Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
+ return params;
+ }
+ Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled");
+ return null;
}
- /**
- * searches for a given namedIdentity and returns the appropriate LPRParams structure
- * @param surName surname search argument
- * @param givenName givenname search argument
- * @param dateOfBirth dateofbirth search argument
- * @returns LPRParams if bPK could be found in internal mappings or null otherwise.
+ /**
+ * searches for a given namedIdentity and returns the appropriate LPRParams structure
+ * @param surName surname search argument
+ * @param givenName givenname search argument
+ * @param dateOfBirth dateofbirth search argument
+ * @returns LPRParams if (w)bPK could be found in internal mappings or null otherwise.
*/
- LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) {
- Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName +
- " GivenName: " + givenName +
- " DateOfBirth" + dateOfBirth);
-
- //try first a search with surname, givenname and birthdate
+ LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) {
+ Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth);
+ //try first a search with surname, givenname and birthdate
LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth);
if (null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " +
- givenName + "BirthDate: " + dateOfBirth + " not found!");
-
- //try a search with surname, givenname only
- params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR);
- if(null == params) {
- Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " +
- givenName + " not found!");
- return null;
- }
+ Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!");
+ //try a search with surname, givenname only
+ params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR);
+ if(null == params) {
+ Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!");
+ return null;
+ }
}
if (params.getEnabled()) {
- Logger.info("XMLLoginParameterResolver: Surname:" + surName
- + " GivenName: "
- + givenName
- + " found in list; user is enabled");
- Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
- return params;
+ Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
+ return params;
}
- Logger.info(
- "XMLLoginParameterResolver: SurName:"
- + surName
- + " GivenName: "
- + givenName
- + "found in list; user is NOT enabled");
+ Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled");
return null;
}
- //public static final String XSD_MAPPING = "Mapping";
-
+ //public static final String XSD_MAPPING = "Mapping";
//public static final String XSD_DOCELEM = "MOAIdentities";
public static final String XSD_IDELEM = "Identity";
public static final String XSD_NAMEDIDELEM = "NamedIdentity";
public static final String XSD_BPKIDELEM = "bPKIdentity";
+ public static final String XSD_WBPKIDELEM = "wbPKIdentity";
public static final String XSD_PARAMELEM = "Parameters";
public static final String XSD_SURNAMEATTR = "SurName";
- public static final String XSD_GIVENNAMEATTR = "GivenName";
+ public static final String XSD_GIVENNAMEATTR = "GivenName";
public static final String XSD_BIRTHDATEATTR = "BirthDate";
- public static final String XSD_BIRTHDATEBLANKATTR = "any";
+ public static final String XSD_BIRTHDATEBLANKATTR = "any";
public static final String XSD_BPKATTR = "bPK";
+ public static final String XSD_WBPKATTR = "wbPK";
public static final String XSD_UNATTR = "UN";
- public static final String XSD_PWATTR = "PW";
- public static final String XSD_PARAM1ATTR = "Param1";
- public static final String XSD_PARAM2ATTR = "Param2";
- public static final String XSD_PARAM3ATTR = "Param3";
+ public static final String XSD_PWATTR = "PW";
+ public static final String XSD_PARAM1ATTR = "Param1";
+ public static final String XSD_PARAM2ATTR = "Param2";
+ public static final String XSD_PARAM3ATTR = "Param3";
private Map bPKMap;
private Map namedMap;
- private boolean isConfigured = false;
+ private boolean isConfigured = false;
} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index 1f59aa809..597a6bc7d 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -150,7 +150,7 @@ public class XMLLoginParameterResolverPlainData
}
//TODO document
- public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress) throws NotAllowedException
+ public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService) throws NotAllowedException
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("basic"))
@@ -158,7 +158,14 @@ public class XMLLoginParameterResolverPlainData
String famName = resolveValue(MOAFamilyName, authData, clientIPAddress);
String givenName = resolveValue(MOAGivenName, authData, clientIPAddress);
String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress);
- String bPK = resolveValue(MOABPK, authData, clientIPAddress);
+ String bPK ="";
+ String wType= "";
+ if (businessService) {
+ bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
+ wType = "w";
+ } else {
+ bPK = resolveValue(MOABPK, authData, clientIPAddress);
+ }
String userid = "";
String password = "";
String param1 = "";
@@ -168,15 +175,15 @@ public class XMLLoginParameterResolverPlainData
LPRParams params = null;
boolean userFound = false;
- //first step: search for bPK entry in user list
- Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for bPK:" + bPK);
+ //first step: search for (w)bPK entry in user list
+ Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK);
params = (LPRParams)bPKMap.get(bPK);
if(params == null)
- Logger.debug("XMLLoginParameterResolverPlainData: params for bPK: " + bPK + " not found in file!");
+ Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!");
else
if(params.getEnabled())
{ //if user is enabled: get related parameters
- Logger.debug("XMLLoginParameterResolverPlainData: bPK: " + bPK + " found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled");
Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
userid = params.getUN();
password = params.getPW();
@@ -186,7 +193,7 @@ public class XMLLoginParameterResolverPlainData
userFound = true;
} else
{
- Logger.info("XMLLoginParameterResolverPlainData: bPK: " + bPK + " found in list; user is NOT enabled");
+ Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled");
}
if(!userFound) //secound step: search for name entry in user list
{
@@ -241,7 +248,7 @@ public class XMLLoginParameterResolverPlainData
return result;
}
- public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress)
+ public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService)
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("param"))
@@ -268,7 +275,9 @@ public class XMLLoginParameterResolverPlainData
if(predicate.equals(MOADateOfBirth))
return authData.getDateOfBirth();
if(predicate.equals(MOABPK))
- return authData.getPBK();
+ return authData.getBPK();
+ if(predicate.equals(MOAWBPK))
+ return authData.getWBPK();
if(predicate.equals(MOAPublicAuthority))
if(authData.isPublicAuthority())
return "true";
@@ -309,11 +318,13 @@ public class XMLLoginParameterResolverPlainData
}
}
- private void buildInfo(Document doc)
+ private void buildInfo(Document doc, boolean businessService)
{
Element root = doc.getDocumentElement();
NodeList idList = root.getElementsByTagName("Identity");
NodeList paramList = root.getElementsByTagName("Parameters");
+ String wType ="";
+ if (businessService) wType = "w";
for(int i = 0; i < idList.getLength(); i++)
Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName());
@@ -340,11 +351,11 @@ public class XMLLoginParameterResolverPlainData
namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
} else
{
- tmpList = tmpElem.getElementsByTagName("bPKIdentity");
+ tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity");
if(1 == tmpList.getLength())
{
tmpElem = (Element)tmpList.item(0);
- String tmpStr = tmpElem.getAttribute("bPK");
+ String tmpStr = tmpElem.getAttribute(wType + "bPK");
boolean tmpBool = false;
if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
tmpBool = true;
@@ -354,26 +365,26 @@ public class XMLLoginParameterResolverPlainData
bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
} else
{
- Logger.warn("XMLLoginParameterResolverPlainData: wrong format no NamedIdentity or bPKIdentity found");
+ Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found");
}
}
}
Logger.debug("namedMap:" + namedMap.toString());
- Logger.debug("bPKMap:" + bPKMap.toString());
+ Logger.debug(wType + "bPKMap:" + bPKMap.toString());
}
- public static final String XSD_DOCELEM = "MOAIdentities";
- public static final String XSD_IDELEM = "Identity";
- public static final String XSD_NAMEDIDELEM = "NamedIdentity";
- public static final String XSD_BPKIDELEM = "bPKIdentity";
- public static final String XSD_PARAMELEM = "Parameters";
- public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration";
+ //public static final String XSD_DOCELEM = "MOAIdentities";
+ //public static final String XSD_IDELEM = "Identity";
+ //public static final String XSD_NAMEDIDELEM = "NamedIdentity";
+ //public static final String XSD_BPKIDELEM = "bPKIdentity";
+ //public static final String XSD_PARAMELEM = "Parameters";
+ //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration";
private Map bPKMap;
private Map namedMap;
- public void configure(String configuration) throws LoginParameterResolverException {
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration);
this.configuration = configuration;
String fileName = configuration;
@@ -382,6 +393,6 @@ public class XMLLoginParameterResolverPlainData
Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName);
}
Document doc = readXMLFile(fileName);
- buildInfo(doc);
+ buildInfo(doc, businessService.booleanValue() );
}
} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 9bbf13aca..6bf5da02b 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -121,9 +121,9 @@ public class AuthenticationDataAssertionParser implements Constants {
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
- authData.setPBK(pkValue);
+ authData.setBPK(pkValue);
} else {
- authData.setWPBK(pkValue);
+ authData.setWBPK(pkValue);
}
authData.setIdentificationValue(
XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 327c658f1..0cb3389e8 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -91,7 +91,7 @@ public class ProxyServlet extends HttpServlet {
/** Name of the Attribute for user binding */
private static final String ATT_OA_USER_BINDING = "UserBinding";
/** For extended internal debug messages */
- private static final boolean INTERNAL_DEBUG = false;
+ private static final boolean INTERNAL_DEBUG = true;
/** Message to be given if browser login failed */
private static final String RET_401_MSG = "<html><head><title>Ein Fehler ist aufgetreten</title></head><body><h1>Fehler bei der Anmeldung</h1><p>Bei der Anmeldung ist ein Fehler aufgetreten.</p><p>Fehler bei der Anmeldung. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.<br><b>Abbruch durch den Benutzer.</b><br></p></body></html>";
@@ -102,7 +102,7 @@ public class ProxyServlet extends HttpServlet {
Logger.debug("getRequestURL:" + req.getRequestURL().toString());
try {
- if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) {
+ if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
// check if SAML Artifact was already used in this session (in case of page reload)
HttpSession session = req.getSession();
if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
@@ -163,7 +163,8 @@ public class ProxyServlet extends HttpServlet {
samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
// String target = req.getParameter(PARAM_TARGET); parameter given but not processed
-
+ // boolean targetprovided = req.getParameter(PARAM_TARGET) != null;
+
// get authentication data from the MOA-ID Auth component
AuthenticationData authData;
try {
@@ -189,11 +190,12 @@ public class ProxyServlet extends HttpServlet {
// resolve login parameters to be forwarded to online application
LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
String clientIPAddress = req.getRemoteAddr();
+ boolean businessService = oaParam.getBusinessService();
try {
if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
- loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
+ loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService);
else
- loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
+ loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService);
} catch (LoginParameterResolverException ex) {
throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
} catch (NotAllowedException e) {
diff --git a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
index c7ee57f09..8bf7f32ab 100644
--- a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
+++ b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -565,7 +565,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
String vpkBase64 = new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(), session.getTarget());
- authData.setPBK(vpkBase64);
+ authData.setBPK(vpkBase64);
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
authData.setDateOfBirth(identityLink.getDateOfBirth());
diff --git a/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java b/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java
index ede69dd8b..b56f7f4ab 100644
--- a/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java
+++ b/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java
@@ -54,7 +54,7 @@ public class Test100LoginParameterResolver extends AbnahmeTestCase {
authData.setGivenName("Hugo");
// resolve login headers
- Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS);
+ Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false);
// validate login headers
assertEquals(1, loginHeaders.keySet().size());
@@ -84,10 +84,10 @@ public class Test100LoginParameterResolver extends AbnahmeTestCase {
String DATE_OF_BIRTH = "1963-12-29";
String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
authData.setDateOfBirth(DATE_OF_BIRTH);
- authData.setPBK(VPK);
+ authData.setBPK(VPK);
// resolve login parameters
- Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS);
+ Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false);
// validate login headers
assertEquals(2, loginParameters.keySet().size());
@@ -122,7 +122,7 @@ public class Test100LoginParameterResolver extends AbnahmeTestCase {
authData.setIdentificationValue(STAMMZAHL);
// resolve login headers
- Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS);
+ Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false);
// validate login headers
assertEquals(5, loginHeaders.keySet().size());
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
index 69e5958bf..68b5d4ee3 100644
--- a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
+++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -170,7 +170,7 @@ public class SAMLResponseParserTest extends UnitTestCase {
assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer());
assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant());
assertEquals("123456789012", authData.getIdentificationValue());
- assertEquals("MTk2OC0xMC0yMmdi", authData.getPBK());
+ assertEquals("MTk2OC0xMC0yMmdi", authData.getBPK());
assertEquals("Hermann", authData.getGivenName());
assertEquals("Muster", authData.getFamilyName());
assertEquals("1968-10-22", authData.getDateOfBirth());