aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java92
1 files changed, 73 insertions, 19 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 52488c3cb..cd751ce7f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -43,6 +43,7 @@ import javax.xml.bind.Marshaller;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
@@ -214,7 +215,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
} else {
//build AuthenticationData from MOASession
- buildAuthDataFormMOASession(authdata, session, oaParam);
+ buildAuthDataFormMOASession(authdata, session, oaParam, protocolRequest);
}
@@ -271,12 +272,13 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(intfResp);
- if (!extractor.containsAllRequiredAttributes()) {
+ if (!extractor.containsAllRequiredAttributes()) {
+ Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");
//collect attributes by using BackChannel communication
String endpoint = idp.getIDPAttributQueryServiceURL();
if (MiscUtil.isEmpty(endpoint)) {
- Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
- throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
+ Logger.error("No AttributeQueryURL for interfederationIDP " + idp.getPublicURLPrefix());
+ throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + idp.getPublicURLPrefix(), null);
}
//build attributQuery request
@@ -321,7 +323,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
//parse response information to authData
- buildAuthDataFormInterfederationResponse(authdata, session, extractor, oaParam);
+ buildAuthDataFormInterfederationResponse(authdata, session, extractor, oaParam, req);
} catch (SOAPException e) {
throw new BuildException("builder.06", null, e);
@@ -348,7 +350,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
AuthenticationData authData,
AuthenticationSession session,
AssertionAttributeExtractor extractor,
- IOAAuthParameters oaParam)
+ IOAAuthParameters oaParam,
+ IRequest req)
throws BuildException, AssertionAttributeExtractorExeption {
Logger.debug("Build AuthData from assertion starts ....");
@@ -358,14 +361,35 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME));
authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME));
authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME));
- authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME));
authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME));
authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME));
authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME));
authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
+
+ if (extractor.containsAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ String bpkType = extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME);
+ if (bpkType.startsWith(Constants.URN_PREFIX_CDID) &&
+ !bpkType.substring(Constants.URN_PREFIX_CDID.length(),
+ Constants.URN_PREFIX_CDID.length() + 1).equals("+")) {
+ Logger.warn("Receive uncorrect encoded bBKType attribute " + bpkType + " Starting attribute value correction ... ");
+ bpkType = Constants.URN_PREFIX_CDID + "+" + bpkType.substring(Constants.URN_PREFIX_CDID.length() + 1);
+
+ }
+
+ authData.setBPKType(bpkType);
+ }
+
if (extractor.containsAttribute(PVPConstants.BPK_NAME)) {
String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME);
+
+ if (pvpbPK.startsWith("bPK:")) {
+ Logger.warn("Attribute " + PVPConstants.BPK_NAME
+ + " contains a not standardize prefix! Staring attribute value correction process ...");
+ pvpbPK = pvpbPK.substring("bPK:".length());
+
+ }
+
String[] spitted = pvpbPK.split(":");
authData.setBPK(spitted[1]);
if (MiscUtil.isEmpty(authData.getBPKType())) {
@@ -513,7 +537,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
//build OA specific bPK/wbPK information
- buildOAspecificbPK(oaParam, authData,
+ buildOAspecificbPK(req, oaParam, authData,
authData.getIdentificationValue(),
authData.getIdentificationType());
@@ -521,7 +545,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (MiscUtil.isEmpty(authData.getBPK())) {
Logger.debug("Calcutlate bPK from baseID");
- buildOAspecificbPK(oaParam, authData,
+ buildOAspecificbPK(req, oaParam, authData,
authData.getIdentificationValue(),
authData.getIdentificationType());
@@ -536,7 +560,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
} else {
Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
- String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel);
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
if (MiscUtil.isNotEmpty(mappedQAA))
authData.setQAALevel(mappedQAA);
@@ -586,7 +610,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) {
try {
InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false);
- IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
+ IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
+ idlStream.close();
buildOAspecificIdentityLink(oaParam, authData, idl);
} catch (ParseException e) {
@@ -744,6 +769,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
}
+ //set PVP OU attribute
+ if (extractor.containsAttribute(PVPConstants.OU_NAME)) {
+ authData.setPvpAttribute_OU(extractor.getSingleAttributeValue(PVPConstants.OU_NAME));
+ Logger.debug("Found PVP 'OU' attribute in response -> " + authData.getPvpAttribute_OU());
+
+ }
//set STORK attributes
if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {
@@ -761,8 +792,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authData.setSsoSession(true);
authData.setInterfederatedSSOSession(true);
- if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null)
+ if (extractor.getFullAssertion().getAuthnStatements() != null
+ && extractor.getFullAssertion().getAuthnStatements().size() > 0) {
+ for (AuthnStatement el : extractor.getFullAssertion().getAuthnStatements()) {
+ if (el.getSessionNotOnOrAfter() != null) {
+ authData.setSsoSessionValidTo(el.getSessionNotOnOrAfter().toDate());
+ break;
+ }
+ }
+
+ } else {
authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate());
+
+ }
//only for SAML1
if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel()))
@@ -805,7 +847,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
- IOAAuthParameters oaParam) throws BuildException, ConfigurationException {
+ IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
IdentityLink identityLink = session.getIdentityLink();
@@ -864,7 +906,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
} catch (Exception e) {
- Logger.error("Failed to extract country code from certificate", e);
+ Logger.error("Failed to extract country code from certificate with message: " + e.getMessage());
}
@@ -919,7 +961,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
} else {
- buildOAspecificbPK(oaParam, authData,
+ buildOAspecificbPK(protocolRequest, oaParam, authData,
identityLink.getIdentificationValue(),
identityLink.getIdentificationType());
@@ -951,7 +993,13 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
//resign IDL
IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
Element resignedilAssertion;
- resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion());
+
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ if (config.isIdentityLinkResigning()) {
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey());
+ } else {
+ resignedilAssertion = businessServiceIdl.getSamlAssertion();
+ }
IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
@@ -963,7 +1011,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
- private static void buildOAspecificbPK(IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException {
+ private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException {
if (oaParam.getBusinessService()) {
//since we have foreigner, wbPK is not calculated in BKU
@@ -984,9 +1032,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
// only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(baseID, oaParam.getTarget());
+ String target = null;
+ if (protocolRequest instanceof SAML1RequestImpl)
+ target = protocolRequest.getTarget();
+ else
+ target = oaParam.getTarget();
+
+ String bpkBase64 = new BPKBuilder().buildBPK(baseID, target);
authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + target);
}
Logger.trace("Authenticate user with bPK " + authData.getBPK());
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 06:42:07 +0000