diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 149 |
1 files changed, 74 insertions, 75 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 0bbfe25b2..e0ebcbab3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -548,7 +548,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, false); } @@ -610,7 +610,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, true); } /** @@ -623,7 +623,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException * @throws ValidateException */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, boolean fromMandate) throws ConfigurationException, BuildException, @@ -635,21 +635,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - //BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } - //..BZ + + if (!fromMandate) { + //BZ.., calculate bPK for signing to be already present in AuthBlock + IdentityLink identityLink = session.getIdentityLink(); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + identityLink.setIdentificationValue(bpkBase64); + } + //..BZ + } // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); + String authBlock = buildAuthenticationBlock(session, fromMandate); + // session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> String[] transformsInfos = oaParam.getTransformsInfos(); @@ -832,7 +835,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ - private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { + private String buildAuthenticationBlock(AuthenticationSession session, boolean fromMandate) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); @@ -857,7 +860,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaURL, gebDat, extendedSAMLAttributes, - session); + session, + fromMandate); return authBlock; } @@ -1204,7 +1208,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { String dob = ParepUtils.extractMandatorDateOfBirth(mandator); if (dob != null && !"".equals(dob)) { extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - } // Mandate @@ -1398,77 +1401,73 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + // Exchange person data information by a mandate if needed + boolean mandateMode = session.getUseMandate(); + List oaAttributes = session.getExtendedSAMLAttributesOA(); IdentityLink replacementIdentityLink = null; - if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { - // look if we have a mandate - boolean foundMandate = false; - Iterator it = oaAttributes.iterator(); - while (!foundMandate && it.hasNext()) { - ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); - if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { - Object value = samlAttribute.getValue(); - if (value instanceof Element) { - Element mandate = (Element) value; - replacementIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); - ParepUtils.HideStammZahlen(prPerson, true, null, null, true); - } - } - replacementIdentityLink.setDateOfBirth(dateOfBirth); - replacementIdentityLink.setFamilyName(familyName); - replacementIdentityLink.setGivenName(givenName); - replacementIdentityLink.setIdentificationType(identificationType); - replacementIdentityLink.setIdentificationValue(identificationValue); - replacementIdentityLink.setPrPerson(prPerson); - try { - replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - } else { - Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); - throw new ValidateException("validator.64", null); - } - } - } - } +// if (mandateMode) { +// Iterator it = oaAttributes.iterator(); +// //ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); +// Element mandate = session.getMandateElem(); +// replacementIdentityLink = new IdentityLink(); +// Element mandator = ParepUtils.extractMandator(mandate); +// String dateOfBirth = ""; +// Element prPerson = null; +// String familyName = ""; +// String givenName = ""; +// String identificationType = ""; +// String identificationValue = ""; +// if (mandator != null) { +// boolean physical = ParepUtils.isPhysicalPerson(mandator); +// if (physical) { +// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); +// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); +// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); +// } else { +// familyName = ParepUtils.extractMandatorFullName(mandator); +// } +// identificationType = ParepUtils.getIdentification(mandator, "Type"); +// identificationValue = ParepUtils.extractMandatorWbpk(mandator); +// prPerson = ParepUtils.extractPrPersonOfMandate(mandate); +// if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { +// // now we calculate the wbPK and do so if we got it from the BKU +// identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); +// identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); +// ParepUtils.HideStammZahlen(prPerson, true, null, null, true); +// } +// +// +// replacementIdentityLink.setDateOfBirth(dateOfBirth); +// replacementIdentityLink.setFamilyName(familyName); +// replacementIdentityLink.setGivenName(givenName); +// replacementIdentityLink.setIdentificationType(identificationType); +// replacementIdentityLink.setIdentificationValue(identificationValue); +// replacementIdentityLink.setPrPerson(prPerson); +// try { +// replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); +// } catch (Exception e) { +// throw new ValidateException("validator.64", null); +// } +// +// } +// +// } // builds authentication data and stores it together with a SAML artifact AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( - "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; + } /** |