aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java2
10 files changed, 209 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 2748d74a6..9403cb205 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -12,10 +12,15 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder;
@@ -56,6 +61,11 @@ public class PVPAttributeBuilder {
addBuilder(new EIDIssuingNationAttributeBuilder());
addBuilder(new EIDSectorForIDAttributeBuilder());
addBuilder(new EIDIdentityLinkBuilder());
+ addBuilder(new EIDAuthBlock());
+ addBuilder(new EIDCcsURL());
+ addBuilder(new EIDSignerCertificate());
+ addBuilder(new EIDSourcePIN());
+ addBuilder(new EIDSourcePINType());
// Mandate Attributes
addBuilder(new MandateTypeAttributeBuilder());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 17fc52a8c..a02959e39 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -307,7 +307,10 @@ public class PVP2AssertionBuilder implements PVPConstants {
audience.setAudienceURI(peerEntity.getEntityID());
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(new DateTime());
+
conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
+// conditions.setNotOnOrAfter(new DateTime());
+
conditions.getAudienceRestrictions().add(audienceRestriction);
assertion.setConditions(conditions);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
new file mode 100644
index 000000000..16d05842a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class EIDAuthBlock extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_AUTH_BLOCK_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+
+ try {
+ String authblock = authSession.getAuthBlock();
+ if (MiscUtil.isNotEmpty(authblock)) {
+ return buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME,
+ EID_AUTH_BLOCK_NAME, Base64Utils.encode(authblock.getBytes()));
+ }
+
+ } catch (IOException e) {
+ Log.info("Encode AuthBlock BASE64 failed.");
+ }
+ throw new UnprovideableAttributeException(EID_AUTH_BLOCK_NAME);
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
new file mode 100644
index 000000000..0d96d4817
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class EIDCcsURL extends BaseAttributeBuilder{
+
+ public String getName() {
+ return EID_CCS_URL_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+
+ String bkuurl = authSession.getBkuURL();
+ if (MiscUtil.isNotEmpty(bkuurl))
+ return buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
+ else
+ throw new UnprovideableAttributeException(EID_CCS_URL_NAME);
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
new file mode 100644
index 000000000..f5cb51228
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+public class EIDSignerCertificate extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_SIGNER_CERTIFICATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+
+ try {
+ byte[] signerCertificate = authSession.getEncodedSignerCertificate();
+ if (signerCertificate != null) {
+ return buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils
+ .encode(signerCertificate));
+ }
+
+ }catch (IOException e) {
+ Log.info("Signer certificate BASE64 encoding error");
+ }
+
+ throw new UnprovideableAttributeException(EID_SIGNER_CERTIFICATE_NAME);
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
new file mode 100644
index 000000000..d21d264f6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+
+public class EIDSourcePIN extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_SOURCE_PIN_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+
+ if (oaParam.getBusinessService())
+ throw new UnprovideableAttributeException(EID_SOURCE_PIN_NAME);
+
+ else {
+ return buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue());
+ }
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
new file mode 100644
index 000000000..9bc9716cf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+
+public class EIDSourcePINType extends BaseAttributeBuilder {
+
+ public String getName() {
+ return EID_SOURCE_PIN_TYPE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession,
+ OAAuthParameter oaParam, AuthenticationData authData)
+ throws PVP2Exception {
+
+ if (oaParam.getBusinessService())
+ throw new UnprovideableAttributeException(EID_SOURCE_PIN_TYPE_NAME);
+
+ else {
+ return buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType());
+ }
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 0786f896a..ebe597ed2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -98,7 +98,8 @@ public class PVPConfiguration {
String publicPath = generalpvpconfigdb.getPublicURLPrefix();
if(publicPath != null) {
if(publicPath.endsWith("/")) {
- publicPath = publicPath.substring(0, publicPath.length()-2);
+ int length = publicPath.length();
+ publicPath = publicPath.substring(0, length-1);
}
}
return publicPath;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 99567478d..a92ac8e7f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -1,20 +1,15 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-import java.io.File;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.List;
-import java.util.Timer;
import javax.xml.namespace.QName;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.protocol.Protocol;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
@@ -22,15 +17,12 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
-import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MOAMetadataProvider implements MetadataProvider {
@@ -62,7 +54,8 @@ public class MOAMetadataProvider implements MetadataProvider {
OnlineApplication oa = oaIt.next();
Logger.info("Loading metadata for: " + oa.getFriendlyName());
OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
- if (pvp2Config != null) {
+ if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) {
+// if (pvp2Config != null) {
String metadataURL = pvp2Config.getMetadataURL();
try {
// TODO: use proper SSL checking
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index 36dc2442c..fb1f08132 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -49,6 +49,8 @@ public class MetadataSignatureFilter implements MetadataFilter {
Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+
+ //TODO: check this!!!!
while(entID.hasNext()) {
processEntityDescriptorr(entIT.next());
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 21:48:38 +0000