aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java78
1 files changed, 55 insertions, 23 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index acf59cebf..d26f7b396 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.XPathException;
@@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -116,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@PostConstruct
private void initialize() {
- Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+ Map<String, String> pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
for (Entry<String, String> el : pubKeyMap.entrySet()) {
try {
encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
@@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
@Override
- public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
+ protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException {
try {
return buildAuthenticationData(pendingReq,
pendingReq.getSessionData(AuthenticationSessionWrapper.class),
@@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e);
}
-
}
private IAuthData buildAuthenticationData(IRequest pendingReq,
@@ -216,7 +216,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
try {
//generate basic authentication data
- generateBasicAuthData(authData, protocolRequest, session);
+ generateDeprecatedBasicAuthData(authData, protocolRequest, session);
//set Austrian eID demo-mode flag
authData.setIseIDNewDemoMode(Boolean.parseBoolean(
@@ -428,6 +428,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.setMISMandate(misMandate);
authData.setUseMandate(true);
+ //####################################################
+ // set bPK and IdentityLink for Organwalter -->
+ // Organwalter has a special bPK is received from MIS
+ if (authData.isUseMandate() && session.isOW() && misMandate != null
+ && MiscUtil.isNotEmpty(misMandate.getOWbPK())) {
+ //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!!
+ authData.setBPK(misMandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+ Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
+
+ //set bPK and IdenityLink for all other
+ Logger.debug("User is an OW. Set original IDL into authdata ... ");
+ authData.setIdentityLink(session.getIdentityLink());
+
+
+
+ }
+
} catch (IOException e) {
Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME
+ " FAILED.", e);
@@ -471,24 +489,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
}
- //####################################################
- // set bPK and IdentityLink for Organwalter -->
- // Organwalter has a special bPK is received from MIS
- if (authData.isUseMandate() && session.isOW() && misMandate != null
- && MiscUtil.isNotEmpty(misMandate.getOWbPK())) {
- //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!!
- authData.setBPK(misMandate.getOWbPK());
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
- Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
-
- //set bPK and IdenityLink for all other
- Logger.debug("User is an OW. Set original IDL into authdata ... ");
- authData.setIdentityLink(session.getIdentityLink());
-
-
-
- }
-
+
//###################################################################
//set PVP role attribute (implemented for ISA 1.18 action)
includedToGenericAuthData.remove(PVPConstants.ROLES_NAME);
@@ -926,4 +927,35 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
}
}
+ @Override
+ protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) {
+ boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
+ if (!bPKTypeMatch) {
+ Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... ");
+ if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) {
+ Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target");
+ bPKTypeMatch = true;
+
+ } else
+ Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed.");
+
+ }
+
+ return bPKTypeMatch;
+
+ }
+
+ @Override
+ protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException {
+ throw new RuntimeException("This method is NOT supported by MOA-ID");
+
+ }
+
+ @Override
+ protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
+ throws EAAFException {
+ throw new RuntimeException("This method is NOT supported by MOA-ID");
+
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 16:33:27 +0000