diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a2c1d6131..d783c74d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -647,6 +647,58 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** + * Processes an <code><InfoboxReadResponse></code> sent by the + * security layer implementation.<br> + * <ul> + * <li>Validates given <code><InfoboxReadResponse></code></li> + * <li>Parses identity link enclosed in + * <code><InfoboxReadResponse></code></li> + * <li>Verifies identity link by calling the MOA SP component</li> + * <li>Checks certificate authority of identity link</li> + * <li>Stores identity link in the session</li> + * <li>Verifies all additional infoboxes returned from the BKU</li> + * <li>Creates an authentication block to be signed by the user</li> + * <li>Creates and returns a <code><CreateXMLSignatureRequest></code> + * containg the authentication block, meant to be returned to the security + * layer implementation</li> + * </ul> + * + * @param sessionID + * ID of associated authentication session data + * @param infoboxReadResponseParameters + * The parameters from the response returned from the BKU + * including the <code><InfoboxReadResponse></code> + * @return String representation of the + * <code><CreateXMLSignatureRequest></code> + */ + public String verifyCertificate(String sessionID, + X509Certificate certificate) throws AuthenticationException, + BuildException, ParseException, ConfigurationException, + ValidateException, ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { + REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); + + // check if person is a Organwalter + // if true - don't show bPK in AUTH Block + boolean isOW = false; +// String oid = null; +// if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) +// isOW = true; +// + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, + authConf, oaParam, isOW); + } + + /** * Processes an <code>Mandate</code> sent by the MIS.<br> * <ul> * <li>Validates given <code>Mandate</code></li> @@ -781,6 +833,70 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** + * + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ + public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( + AuthenticationSession session, AuthConfigurationProvider authConf, + OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, + BuildException, ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) + return "Redirect to Input Processor"; + + if (authConf == null) + authConf = AuthConfigurationProvider.getInstance(); + if (oaParam == null) + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // BZ.., calculate bPK for signing to be already present in AuthBlock + IdentityLink identityLink = session.getIdentityLink(); + if (identityLink.getIdentificationType().equals( + Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we + // have the Stammzahl + if (isOW) { + // if person is OW, delete identification value (bPK is calculated via MIS) + identityLink.setIdentificationValue(null); + identityLink.setIdentificationType(null); + } + else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identityLink.setIdentificationValue(bpkBase64); + } + } + // ..BZ + // } + + // builds the AUTH-block + String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); + + // session.setAuthBlock(authBlock); + // builds the <CreateXMLSignatureRequest> + String[] transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.length == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() + .build(authBlock, oaParam.getKeyBoxIdentifier(), + transformsInfos, oaParam.getSlVersion12()); + + System.out.println("XML: " + createXMLSignatureRequest); + + return createXMLSignatureRequest; + } + /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br> * <ul> * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li> @@ -988,6 +1104,60 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** + * Builds an authentication block <code><saml:Assertion></code> from + * given session data. + * + * @param session + * authentication session + * + * @return <code><saml:Assertion></code> as a String + * + * @throws BuildException + * If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + private String buildAuthenticationBlockForOW(AuthenticationSession session, + OAAuthParameter oaParam, boolean isOW) throws BuildException { + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + String identificationValue = identityLink.getIdentificationValue(); + String identificationType = identityLink.getIdentificationType(); + + String issueInstant = DateTimeUtils.buildDateTime(Calendar + .getInstance(), oaParam.getUseUTC()); + session.setIssueInstant(issueInstant); + String authURL = session.getAuthURL(); + String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); + // Bug #485 + // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) + // String oaURL = session.getPublicOAURLPrefix(); + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + Iterator it = extendedSAMLAttributes.iterator(); + // delete bPK attribute from extended SAML attributes + if (isOW) { + ExtendedSAMLAttribute toDelete = null; + while (it.hasNext()) { + ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); + if (attr.getName().equalsIgnoreCase("bPK")) + toDelete = attr; + } + if (toDelete != null) + extendedSAMLAttributes.remove(toDelete); + } + + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlock(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session); + + return authBlock; + } + + /** * Verifies the infoboxes (except of the identity link infobox) returned by * the BKU by calling appropriate validator classes. * |