diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java | 142 |
1 files changed, 111 insertions, 31 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 9f47123ab..6a86eb4a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -1,7 +1,10 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import iaik.x509.X509Certificate; + import java.io.File; import java.io.IOException; +import java.security.cert.CertificateEncodingException; import java.util.Date; import at.gv.egovernment.moa.id.AuthenticationException; @@ -9,8 +12,10 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -20,6 +25,8 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.StringUtils; public class SAML1AuthenticationServer extends AuthenticationServer { @@ -101,40 +108,113 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // builds authentication data and stores it together with a SAML // artifact - AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), - useUTC, false); - - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, session.getAssertionPrPerson(), - session.getAssertionAuthBlock(), - session.getAssertionIlAssertion(), session.getBkuURL(), - session.getAssertionSignerCertificateBase64(), - session.getAssertionBusinessService(), - session.getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); + + //TODO: check, if this is correct!!!! + //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), + // useUTC, false); + AuthenticationData authData = session.getAuthData(); + + //TODO: check, if this is correct!!!! +// String samlAssertion = new AuthenticationDataAssertionBuilder().build( +// authData, session.getAssertionPrPerson(), +// session.getAssertionAuthBlock(), +// session.getAssertionIlAssertion(), session.getBkuURL(), +// session.getAssertionSignerCertificateBase64(), +// session.getAssertionBusinessService(), +// session.getExtendedSAMLAttributesOA(), useCondition, +// conditionLength); - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); + try { + + //set BASE64 encoded signer certificate + String signerCertificateBase64 = ""; + if (oaParam.getProvideCertifcate()) { + byte[] signerCertificate = session.getEncodedSignerCertificate(); + if (signerCertificate != null) { + + signerCertificateBase64 = Base64Utils + .encode(signerCertificate); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } } - - String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), session.getSessionID(), - session.getSourceID()); + + //set prPersion + boolean provideStammzahl = oaParam.getProvideStammzahl(); + String prPerson = new PersonDataBuilder().build(session.getIdentityLink(), + provideStammzahl); + + //set Authblock + String authBlock = oaParam.getProvideAuthBlock() ? session + .getAuthBlock() : ""; + + //set IdentityLink for assortion + String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink() + .getSerializedSamlAssertion() + : ""; + if (!oaParam.getProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink() + .getIdentificationValue(), ""); + } + + String samlAssertion; + + if (session.getUseMandate()) { + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( + authData, + prPerson, + session.getMandateData(), + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + + } else { + samlAssertion = new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + } + + authData.setSamlAssertion(samlAssertion); + + String assertionFile = AuthConfigurationProvider.getInstance() + .getGenericConfigurationParameter( + "AuthenticationServer.WriteAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) + try { + ParepUtils.saveStringToFile(samlAssertion, new File( + assertionFile)); + } catch (IOException e) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", e.toString() }, e); + } + + String samlArtifact = new SAMLArtifactBuilder().build( + session.getAuthURL(), session.getSessionID(), + session.getSourceID()); + + storeAuthenticationData(samlArtifact, authData); + + Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() + + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; - storeAuthenticationData(samlArtifact, authData); - - Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", ex.toString() }, ex); + } } |