diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 265 |
1 files changed, 130 insertions, 135 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 214a1df7d..a127dc6b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -57,6 +57,7 @@ import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; @@ -87,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; @@ -104,6 +106,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -131,7 +134,9 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; @@ -419,10 +424,29 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - //build ReadInfobox request - String infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam + String infoboxReadRequest = ""; + + if (session.isSsoRequested()) { + //load identityLink with SSO Target + boolean isbuisness = false; + String domainIdentifier = ""; + IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService(); + if (ssobusiness != null) { + isbuisness = true; + domainIdentifier = ssobusiness.getValue(); + } + + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.isSlVersion12(), isbuisness, domainIdentifier); + + } else { + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); + } + String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session @@ -798,12 +822,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { identityLink.setIdentificationType(null); } else { - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - - //TODO: insert correct Type!!!! - identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); + + //TODO: check correctness!!! bpk calcultion is done during Assertion generation +// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +// .getIdentificationValue(), session.getTarget()); +// identityLink.setIdentificationValue(bpkBase64); +// +// //TODO: insert correct Type!!!! +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); } } // ..BZ @@ -1022,11 +1048,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we // have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + + if (session.isSsoRequested()) { + identificationType = ""; + identificationValue = ""; + + } else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + } // identityLink.setIdentificationValue(bpkBase64); // identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); @@ -1045,17 +1078,41 @@ public class AuthenticationServer implements MOAIDAuthConstants { // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) // String oaURL = session.getPublicOAURLPrefix(); - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - String authBlock = new AuthenticationBlockAssertionBuilder() + + + if (session.isSsoRequested()) { + String oaURL =new String(); + try { + oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl(); + + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); + + } catch (ConfigurationException e) { + } + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + + } else { + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + String authBlock = new AuthenticationBlockAssertionBuilder() .buildAuthBlock(issuer, issueInstant, authURL, target, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, - extendedSAMLAttributes, session); + extendedSAMLAttributes, session, oaParam); + return authBlock; + } + - return authBlock; + } /** @@ -1107,7 +1164,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { .buildAuthBlock(issuer, issueInstant, authURL, target, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, - extendedSAMLAttributes, session); + extendedSAMLAttributes, session, oaParam); return authBlock; } @@ -1807,7 +1864,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); } // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate(csresp, session); + if (session.isSsoRequested()) + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + else + new CreateXMLSignatureResponseValidator().validate(csresp, session); + // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); @@ -2191,13 +2252,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - -// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() -// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - boolean useUTC = oaParam.getUseUTC(); - boolean isForeigner = session.isForeigner(); + boolean useUTC = oaParam.getUseUTC(); boolean businessService = oaParam.getBusinessService(); authData.setMajorVersion(1); @@ -2206,7 +2263,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar .getInstance(), useUTC)); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); + authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); @@ -2218,105 +2279,58 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); - //TODO: check correctness -// boolean provideStammzahl = oaParam.getProvideStammzahl(); -// if (provideStammzahl) { -// authData.setIdentificationValue(identityLink -// .getIdentificationValue()); -// } - -// String prPerson = new PersonDataBuilder().build(identityLink, -// provideStammzahl); - try { -// String signerCertificateBase64 = ""; -// if (oaParam.getProvideCertifcate()) { -// X509Certificate signerCertificate = verifyXMLSigResp -// .getX509certificate(); -// if (signerCertificate != null) { -// signerCertificateBase64 = Base64Utils -// .encode(signerCertificate.getEncoded()); -// } else { -// Logger -// .info("\"provideCertificate\" is \"true\", but no signer certificate available"); -// } -// } -// authData.setSignerCertificate(signerCertificateBase64); - if(!isForeigner) { - //we have Austrian citizen - if (businessService) { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } else { - - // OLD! BZ.., calculation of bPK already before sending AUTHBlock - //TL: identitylLink holds the BASEID, bPK is only calculated for AUTHBlock - //authData.setBPK(identityLink.getIdentificationValue()); - - // only compute bPK if online application is a public service and we have the Stammzahl - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String bpkBase64 = new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - } - } else { - //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + //TODO: resign the IdentityLink!!! + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - } + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + } + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); + + } else { - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); } + authData.setIdentityLink(identityLink); } -// String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink -// .getSerializedSamlAssertion() -// : ""; -// if (!oaParam.getProvideStammzahl()) { -// ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink -// .getIdentificationValue(), ""); -// } -// String authBlock = oaParam.getProvideAuthBlock() ? session -// .getAuthBlock() : ""; - - - //TODO: check, if this elements are in use!!!! -// session.setAssertionAuthBlock(authBlock); -// session.setAssertionAuthData(authData); -// session.setAssertionBusinessService(businessService); -// session.setAssertionIlAssertion(ilAssertion); -// session.setAssertionPrPerson(prPerson); -// session.setAssertionSignerCertificateBase64(signerCertificateBase64); - + return authData; } catch (Throwable ex) { @@ -2326,27 +2340,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Creates a new session and puts it into the session store. - * - * @param id - * Session ID - * @return AuthenticationSession created - * @exception AuthenticationException - * thrown when an <code>AuthenticationSession</code> is - * running already for the given session ID - */ - private static AuthenticationSession newSession() - throws AuthenticationException { - - try { - return AuthenticationSessionStoreage.createSession(); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - } - - /** * Retrieves a session from the session store. * * @param id @@ -2633,6 +2626,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + + //TODO: check Target in case of SSO!! String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; |