diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 93 |
1 files changed, 27 insertions, 66 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index dec5b81cf..bda1e3bfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; import iaik.pki.PKIException; -import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -39,12 +38,9 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -75,9 +71,6 @@ import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -85,16 +78,12 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; @@ -111,16 +100,12 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -130,8 +115,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -332,32 +315,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { // } // } - /** - * Method readBKUSelectTag. - * - * @param conf - * the ConfigurationProvider - * @param connParam - * the ConnectionParameter for that connection - * @return String - * @throws ConfigurationException - * on config-errors - * @throws PKIException - * on PKI errors - * @throws IOException - * on any data error - * @throws GeneralSecurityException - * on security errors - */ - private String readBKUSelectTag(ConfigurationProvider conf, - ConnectionParameter connParam) throws ConfigurationException, - PKIException, IOException, GeneralSecurityException { - - if (connParam.isHTTPSURL()) - return SSLUtils.readHttpsURL(conf, connParam); - else - return HTTPUtils.readHttpURL(connParam.getUrl()); - } +// /** +// * Method readBKUSelectTag. +// * +// * @param conf +// * the ConfigurationProvider +// * @param connParam +// * the ConnectionParameter for that connection +// * @return String +// * @throws ConfigurationException +// * on config-errors +// * @throws PKIException +// * on PKI errors +// * @throws IOException +// * on any data error +// * @throws GeneralSecurityException +// * on security errors +// */ +// private String readBKUSelectTag(ConfigurationProvider conf, +// ConnectionParameter connParam) throws ConfigurationException, +// PKIException, IOException, GeneralSecurityException { +// +// if (connParam.isHTTPSURL()) +// return SSLUtils.readHttpsURL(conf, connParam); +// else +// return HTTPUtils.readHttpURL(connParam.getUrl()); +// } /** * Processes the beginning of an authentication session. @@ -472,7 +455,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String htmlForm = new GetIdentityLinkFormBuilder().build(template, session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, - certInfoDataURL, pushInfobox); + certInfoDataURL, pushInfobox, oaParam); return htmlForm; } @@ -608,13 +591,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - //TODO: check correctness -// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam -// .getProvideStammzahl()); verifyInfoboxes(session, infoboxReadResponseParameters, false); - - //TODO: make it better!! return "found!"; } @@ -760,22 +738,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); - //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink - // if (!fromMandate) { - // BZ.., calculate bPK for signing to be already present in AuthBlock -// IdentityLink identityLink = session.getIdentityLink(); -// if (identityLink.getIdentificationType().equals( -// Constants.URN_PREFIX_BASEID)) { -// // only compute bPK if online application is a public service and we -// // have the Stammzahl -// String bpkBase64 = new BPKBuilder().buildBPK(identityLink -// .getIdentificationValue(), session.getTarget()); -// identityLink.setIdentificationValue(bpkBase64); -// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); -// } - // ..BZ - // } - // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam); @@ -1924,7 +1886,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, false); - // TODO See Bug #144 // Compare AuthBlock Data with information stored in session, especially // date and time CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); |