diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java | 57 |
1 files changed, 37 insertions, 20 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index ee2313070..db9bc588f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -1,25 +1,25 @@ -/* - * Copyright 2003 Federal Chancellery Austria +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * + * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - */ + ******************************************************************************/ package at.gv.egovernment.moa.id.auth.builder; @@ -28,9 +28,7 @@ import java.io.StringWriter; import java.text.MessageFormat; import java.text.SimpleDateFormat; import java.util.Calendar; -import java.util.Date; import java.util.List; -import java.util.Locale; import javax.xml.bind.DatatypeConverter; import javax.xml.transform.Result; @@ -45,16 +43,15 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -87,6 +84,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " </saml:Attribute>" + NL + "{7}" + "{8}" + + "{9}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; @@ -110,6 +108,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL; + private static String AUTHBLOCKTOKKEN_ATTRIBUTE = + " <saml:Attribute AttributeName=''UniqueTokken'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + + " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + + " </saml:Attribute>" + NL; + private static String PR_IDENTIFICATION_ATTRIBUTE = " <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL + @@ -120,8 +123,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ - public static final int NUM_OF_SAML_ATTRIBUTES = 4; - public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 3; + public static final int NUM_OF_SAML_ATTRIBUTES = 5; + public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 4; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -169,10 +172,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String identityLinkType, String oaURL, String gebDat, - List extendedSAMLAttributes, + List<ExtendedSAMLAttribute> extendedSAMLAttributes, AuthenticationSession session, OAAuthParameter oaParam) throws BuildException + { session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; @@ -267,11 +271,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); } - - String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, new Object[] { generateSpecialText(text, issuer, issueInstant) }); + //generate unique AuthBlock tokken + String uniquetokken = Random.nextRandom(); + session.setAuthBlockTokken(uniquetokken); + String assertion; try { assertion = MessageFormat.format( @@ -284,6 +290,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion oaURL, gebDat, specialText, + MessageFormat.format(AUTHBLOCKTOKKEN_ATTRIBUTE, + new Object[] { uniquetokken }), buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -332,7 +340,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String identityLinkType, String oaURL, String gebDat, - List extendedSAMLAttributes, + List<ExtendedSAMLAttribute> extendedSAMLAttributes, AuthenticationSession session) throws BuildException { @@ -418,6 +426,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, new Object[] { generateSpecialText(text, issuer, issueInstant) }); + //generate unique AuthBlock tokken + String uniquetokken = Random.nextRandom(); + session.setAuthBlockTokken(uniquetokken); + String assertion; try { assertion = MessageFormat.format( @@ -430,6 +442,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion oaURL, gebDat, specialText, + MessageFormat.format(AUTHBLOCKTOKKEN_ATTRIBUTE, + new Object[] { uniquetokken }), buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -479,7 +493,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String identityLinkType, String oaURL, String gebDat, - List extendedSAMLAttributes, + List<ExtendedSAMLAttribute> extendedSAMLAttributes, AuthenticationSession session, OAAuthParameter oaParam) throws BuildException @@ -524,9 +538,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, new Object[] { generateSpecialText(text, issuer, issueInstant) }); - + //generate unique AuthBlock tokken + String uniquetokken = Random.nextRandom(); + session.setAuthBlockTokken(uniquetokken); - String assertion; assertion = MessageFormat.format( @@ -539,6 +554,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion oaURL, gebDat, specialText, + MessageFormat.format(AUTHBLOCKTOKKEN_ATTRIBUTE, + new Object[] { uniquetokken }), buildExtendedSAMLAttributes(extendedSAMLAttributes)}); return assertion; |