aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java198
1 files changed, 141 insertions, 57 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index def0d9b80..79a1c3e0f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
import java.security.MessageDigest;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -30,6 +31,7 @@ import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
@@ -58,13 +60,13 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -80,13 +82,65 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
+
+ public static Assertion buildAssertion(AttributeQuery attrQuery,
+ List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
+
+
+ AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+ if (reqAttributes != null) {
+ Iterator<String> it = reqAttributes.iterator();
+ while (it.hasNext()) {
+ String reqAttributName = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttributName, null, authData);
+ if (attr == null) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } else {
+ attrList.add(attr);
+
+ }
+
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttributName);
+
+ }
+ }
+ }
+
+
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
+ subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
+
+ SubjectConfirmationData subjectConfirmationData = null;
+
+ return buildGenericAssertion(attrQuery.getIssuer().getValue(), date,
+ authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
public static Assertion buildAssertion(AuthnRequest authnRequest,
- AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date,
+ IAuthData authData, EntityDescriptor peerEntity, DateTime date,
AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
RequestedAuthnContext reqAuthnContext = authnRequest
.getRequestedAuthnContext();
@@ -99,7 +153,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
peerEntity.getEntityID());
if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
@@ -110,7 +164,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (reqAuthnContextClassRefIt.size() == 0) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_1_4);
stork_qaa_1_4_found = true;
@@ -124,20 +178,20 @@ public class PVP2AssertionBuilder implements PVPConstants {
|| qaa_uri.trim().equals(STORK_QAA_1_2)
|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
- if (authSession.isForeigner()) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ if (authData.isForeigner()) {
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_PREFIX + oaParam.getQaaLevel());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
qaa_uri.trim());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
}
break;
@@ -150,33 +204,13 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- AuthnContext authnContext = SAML2Utils
- .createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
- AuthnStatement authnStatement = SAML2Utils
- .createSAMLObject(AuthnStatement.class);
-
- String sessionIndex = SAML2Utils.getSecureIdentifier();
- authnStatement.setAuthnInstant(date);
- authnStatement.setSessionIndex(sessionIndex);
- authnStatement.setAuthnContext(authnContext);
-
- assertion.getAuthnStatements().add(authnStatement);
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AttributeStatement attributeStatement = SAML2Utils
- .createSAMLObject(AttributeStatement.class);
-
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-
- AuthenticationData authData = AuthenticationServer
- .buildAuthenticationData(authSession, oaParam,
- oaParam.getTarget());
-
+
//add Attributes to Assertion
+ List<Attribute> attrList = new ArrayList<Attribute>();
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -197,7 +231,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
attributeConsumingService = el;
}
}
-
+
if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
@@ -205,14 +239,14 @@ public class PVP2AssertionBuilder implements PVPConstants {
RequestedAttribute reqAttribut = it.next();
try {
Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), authSession, oaParam, authData);
+ reqAttribut.getName(), oaParam, authData);
if (attr == null) {
if (reqAttribut.isRequired()) {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
} else {
- attributeStatement.getAttributes().add(attr);
+ attrList.add(attr);
}
} catch (PVP2Exception e) {
Logger.error(
@@ -222,19 +256,26 @@ public class PVP2AssertionBuilder implements PVPConstants {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+
}
}
}
}
- if (attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- //TLenz: set correct bPK Type and Value from AuthData
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ //build nameID and nameID Format from moasession
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAvailableException();
}
@@ -263,7 +304,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
@@ -332,21 +373,68 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
} else
- subjectNameID.setFormat(nameIDFormat);
-
-
- subject.setNameID(subjectNameID);
-
- SubjectConfirmation subjectConfirmation = SAML2Utils
- .createSAMLObject(SubjectConfirmation.class);
- subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ subjectNameID.setFormat(nameIDFormat);
+
+
+ String sessionIndex = null;
+
+ //if request is a reauthentication and NameIDFormat match reuse old session information
+ if (MiscUtil.isNotEmpty(authData.getNameID()) &&
+ MiscUtil.isNotEmpty(authData.getNameIDFormat()) &&
+ nameIDFormat.equals(authData.getNameIDFormat())) {
+ subjectNameID.setValue(authData.getNameID());
+ sessionIndex = authData.getSessionIndex();
+
+ } else
+ sessionIndex = SAML2Utils.getSecureIdentifier();
+
SubjectConfirmationData subjectConfirmationData = SAML2Utils
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+
+ //set SLO information
+ sloInformation.setUserNameIdentifier(subjectNameID.getValue());
+ sloInformation.setNameIDFormat(subjectNameID.getFormat());
+ sloInformation.setSessionIndex(sessionIndex);
+
+ return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
+ private static Assertion buildGenericAssertion(String entityID, DateTime date,
+ AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
+ NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
+ String sessionIndex) throws ConfigurationException {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+
+ authnStatement.setAuthnInstant(date);
+ authnStatement.setSessionIndex(sessionIndex);
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getAuthnStatements().add(authnStatement);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+ attributeStatement.getAttributes().addAll(attrList);
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
subject.getSubjectConfirmations().add(subjectConfirmation);
@@ -356,7 +444,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(AudienceRestriction.class);
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
- audience.setAudienceURI(peerEntity.getEntityID());
+ audience.setAudienceURI(entityID);
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(date);
@@ -375,11 +463,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(date);
-
- //set SLO information
- sloInformation.setUserNameIdentifier(subjectNameID.getValue());
- sloInformation.setSessionIndex(sessionIndex);
- return assertion;
+ return assertion;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 21:05:13 +0000