aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java129
1 files changed, 80 insertions, 49 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 57a5316e8..dbf95f604 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -22,8 +22,6 @@
*/
package at.gv.egovernment.moa.id.auth.builder;
-import iaik.x509.X509Certificate;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -32,7 +30,9 @@ import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map.Entry;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -49,6 +49,8 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -62,6 +64,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameTy
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
@@ -69,6 +72,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -77,7 +81,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -85,6 +88,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
@@ -92,11 +96,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -110,14 +115,20 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration;
import at.gv.util.ex.EgovUtilException;
import at.gv.util.wsdl.szr.SZRException;
import at.gv.util.xsd.szr.PersonInfoType;
+import iaik.x509.X509Certificate;
/**
* @author tlenz
*
*/
+@Service("AuthenticationDataBuilder")
public class AuthenticationDataBuilder extends MOAIDAuthConstants {
- public static IAuthData buildAuthenticationData(IRequest protocolRequest,
+ @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+ @Autowired protected AuthConfiguration authConfig;
+ @Autowired private AttributQueryBuilder attributQueryBuilder;
+
+ public IAuthData buildAuthenticationData(IRequest protocolRequest,
AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
@@ -162,7 +173,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
//reuse some parameters if it is a reauthentication
- OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+ OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
if (activeOA != null) {
authdata.setSessionIndex(activeOA.getAssertionSessionID());
authdata.setNameID(activeOA.getUserNameID());
@@ -183,13 +194,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
- InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
+ InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
IOAAuthParameters oaParam = null;
if (reqAttributes == null) {
//get OnlineApplication from MOA-ID-Auth configuration
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaID);
+ oaParam = protocolRequest.getOnlineApplicationConfiguration();
//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
if (oaParam.isSTORKPVPGateway())
@@ -211,7 +221,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
} else {
//get attributes from interfederated IDP
- OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes);
//mark attribute request as used
@@ -244,7 +254,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @throws BuildException
* @throws DynamicOABuildException
*/
- public static IAuthData buildAuthenticationData(IRequest req,
+ public IAuthData buildAuthenticationData(IRequest req,
AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
return buildAuthenticationData(req, session, null);
}
@@ -259,7 +269,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param reqQueryAttr
* @throws ConfigurationException
*/
- private static void getAuthDataFromInterfederation(
+ private void getAuthDataFromInterfederation(
AuthenticationData authdata, AuthenticationSession session,
IOAAuthParameters oaParam, IRequest req,
InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
@@ -276,11 +286,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//IDP is a service provider IDP and request interfederated IDP to collect attributes
} else {
//get PVP 2.1 attributes from protocol specific requested attributes
- attributs = req.getRequestedAttributes();
+ attributs = (List<Attribute>) req.getGenericData(RequestImpl.DATAID_REQUESTED_ATTRIBUTES);
}
- Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+ Response intfResp =
+ (Response) req.getGenericData(
+ RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse();
AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(intfResp);
@@ -295,7 +307,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//build attributQuery request
AttributeQuery query =
- AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+ attributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
//build SOAP request
List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
@@ -314,7 +326,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
SAMLVerificationEngine engine = new SAMLVerificationEngine();
engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
- SAMLVerificationEngine.validateAssertion(intfResp, false);
+ //TODO: find better solution
+ //SAMLVerificationEngine.validateAssertion(intfResp, false);
} catch (Exception e) {
Logger.warn("PVP 2.1 assertion validation FAILED.", e);
@@ -358,7 +371,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
- private static void buildAuthDataFormInterfederationResponse(
+ private void buildAuthDataFormInterfederationResponse(
AuthenticationData authData,
AuthenticationSession session,
AssertionAttributeExtractor extractor,
@@ -496,7 +509,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
if (MiscUtil.isEmpty(authData.getIdentificationValue())) {
Logger.info("No baseID found. Connect SZR to reveive baseID ...");
try {
- EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig();
+ EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
if (eGovClientsConfig != null) {
SZRClient szrclient = new SZRClient(eGovClientsConfig);
@@ -530,11 +543,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- } catch (ConfigurationException e) {
- Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
- throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-
} catch (EgovUtilException e) {
Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
@@ -790,16 +798,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//set STORK attributes
if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {
- authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
- authData.setForeigner(true);
+ try {
+ authData.setGenericData(AuthenticationSessionStorageConstants.STORK_RESPONSE,
+ extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
+ authData.setForeigner(true);
+
+ } catch (SessionDataStorageException e) {
+ Logger.warn("STORK Response can not stored into generic authData.", e);
+
+ }
- }
-
- if (!extractor.getSTORKAttributes().isEmpty()) {
- authData.setStorkAttributes(extractor.getSTORKAttributes());
- authData.setForeigner(true);
}
+
+// if (!extractor.getSTORKAttributes().isEmpty()) {
+// authData.setStorkAttributes(extractor.getSTORKAttributes());
+// authData.setForeigner(true);
+//
+// }
authData.setSsoSession(true);
authData.setInterfederatedSSOSession(true);
@@ -831,7 +847,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param authData
* @return
*/
- private static boolean matchsReceivedbPKToOnlineApplication(
+ private boolean matchsReceivedbPKToOnlineApplication(
IOAAuthParameters oaParam, AuthenticationData authData) {
String oaTarget = null;
@@ -858,14 +874,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
return false;
}
- private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
+ private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
IdentityLink identityLink = session.getIdentityLink();
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
- authData.setIssuer(session.getAuthURL());
+ authData.setIssuer(protocolRequest.getAuthURL());
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
authData.setIdentificationValue(identityLink.getIdentificationValue());
@@ -889,10 +905,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
authData.setBkuURL(session.getBkuURL());
- authData.setStorkAttributes(session.getStorkAttributes());
- authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
- authData.setStorkRequest(session.getStorkAuthnRequest());
-
+ //copy all generic authentication information to authData
+ if (session.getGenericSessionDataStorage() != null &&
+ !session.getGenericSessionDataStorage().isEmpty()) {
+ Iterator<Entry<String, Object>> copyInterator = session.getGenericSessionDataStorage().entrySet().iterator();
+ while (copyInterator.hasNext()) {
+ Entry<String, Object> element = copyInterator.next();
+ try {
+ authData.setGenericData(element.getKey(), element.getValue());
+
+ } catch (SessionDataStorageException e) {
+ Logger.warn("Can not add generic authData with key:" + element.getKey(), e);
+
+ }
+ }
+ }
+
authData.setSignerCertificate(session.getEncodedSignerCertificate());
authData.setAuthBlock(session.getAuthBlock());
@@ -923,9 +951,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
if (MiscUtil.isEmpty(authData.getCcc())) {
- if (authData.getStorkAuthnRequest() != null) {
- authData.setCcc(authData.getStorkAuthnRequest().getCitizenCountryCode());
- Logger.info("Can not extract country from certificate -> Use country from STORK request.");
+ String storkCCC = authData.getGenericData(
+ AuthenticationSessionStorageConstants.STORK_CCC, String.class);
+
+ if (MiscUtil.isNotEmpty(storkCCC)) {
+ authData.setCcc(storkCCC);
+ Logger.info("Can not extract country from certificate -> Use country:" + storkCCC + " from STORK request.");
}
@@ -937,11 +968,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
try {
- authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
+ authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());
//set max. SSO session time
if (authData.isSsoSession()) {
- long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;
+ long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;
Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime);
authData.setSsoSessionValidTo(ssoSessionValidTo);
@@ -989,7 +1020,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
+ private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
if (oaParam.getBusinessService()) {
Element idlassertion = idl.getSamlAssertion();
//set bpk/wpbk;
@@ -1006,9 +1037,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
Element resignedilAssertion;
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
- if (config.isIdentityLinkResigning()) {
- resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey());
+ if (authConfig.isIdentityLinkResigning()) {
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
} else {
resignedilAssertion = businessServiceIdl.getSamlAssertion();
}
@@ -1023,7 +1053,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException {
+ private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException {
if (oaParam.getBusinessService()) {
//since we have foreigner, wbPK is not calculated in BKU
@@ -1055,8 +1085,9 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst))
- target = protocolRequest.getTarget();
- else
+ target = protocolRequest.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+ else
target = oaParam.getTarget();
String bpkBase64 = new BPKBuilder().buildBPK(baseID, target);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 20:58:29 +0000