diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java | 84 |
1 files changed, 34 insertions, 50 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 6391860ff..52b9b40ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.io.IOException; -import java.util.Date; import java.util.List; import javax.xml.parsers.ParserConfigurationException; @@ -116,7 +115,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * * @return <code>AuthenticationData</code> */ - public AuthenticationData getSaml1AuthenticationData(String samlArtifact) + public String getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); @@ -125,13 +124,13 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); } - AuthenticationData authData = null; + String authData = null; synchronized (authenticationDataStore) { // System.out.println("assertionHandle: " + assertionHandle); try { authData = authenticationDataStore - .get(samlArtifact, AuthenticationData.class); + .get(samlArtifact, String.class, authDataTimeOut); } catch (MOADatabaseException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -140,12 +139,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } authenticationDataStore.remove(samlArtifact); - - long now = new Date().getTime(); - - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", new Object[] { samlArtifact }); - + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); return authData; @@ -163,9 +157,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return samlArtifact; } - public String BuildSAMLArtifact(AuthenticationSession session, - OAAuthParameter oaParam, - AuthenticationData authData, String sourceID) + public String BuildSAMLArtifact(OAAuthParameter oaParam, + SAML1AuthenticationData authData, String sourceID) throws ConfigurationException, BuildException, AuthenticationException { //Load SAML1 Parameter from OA config @@ -179,7 +172,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //set BASE64 encoded signer certificate String signerCertificateBase64 = ""; if (saml1parameter.isProvideCertificate()) { - byte[] signerCertificate = session.getEncodedSignerCertificate(); + byte[] signerCertificate = authData.getSignerCertificate(); if (signerCertificate != null) { signerCertificateBase64 = Base64Utils @@ -195,41 +188,31 @@ public class SAML1AuthenticationServer extends AuthenticationServer { provideStammzahl); //set Authblock - String authBlock = saml1parameter.isProvideAUTHBlock() ? session + String authBlock = saml1parameter.isProvideAUTHBlock() ? authData .getAuthBlock() : ""; //set IdentityLink for assortion String ilAssertion = ""; if (saml1parameter.isProvideIdentityLink()) { - if (oaParam.getBusinessService()) { - //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - -// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink() -// .getSamlAssertion()); -// -// ilAssertion = DOMUtils.serializeNode(resignedilAssertion); + ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - } else { - ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - - if (!saml1parameter.isProvideStammzahl()) - ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() - .getIdentificationValue(), ""); - - } + if (!saml1parameter.isProvideStammzahl()) + ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() + .getIdentificationValue(), ""); } + String samlAssertion; - if (session.getUseMandate()) { - List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA(); + if (authData.isUseMandate()) { + List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); if (saml1parameter.isProvideFullMandatorData()) { try { ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( - session.getMISMandate(), oaParam.getBusinessService(), + authData.getMISMandate(), oaParam.getBusinessService(), saml1parameter.isProvideStammzahl()); if (extendedSAMLAttributes != null) { @@ -293,7 +276,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } - String mandateDate = generateMandateDate(session, oaParam, authData); + String mandateDate = generateMandateDate(oaParam, authData); samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, @@ -301,7 +284,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { mandateDate, authBlock, ilAssertion, - session.getBkuURL(), + authData.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), oaAttributes, @@ -314,24 +297,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer { prPerson, authBlock, ilAssertion, - session.getBkuURL(), + authData.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), - session.getExtendedSAMLAttributesOA(), + authData.getExtendedSAMLAttributesOA(), useCondition, conditionLength); } - authData.setSamlAssertion(samlAssertion); + //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), Random.nextRandom(), + authData.getIssuer(), Random.nextRandom(), sourceID); - storeAuthenticationData(samlArtifact, authData); + storeAuthenticationData(samlArtifact, samlAssertion); - Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() - + " angelegt, SAML Artifakt " + samlArtifact); + Logger.info("Anmeldedaten angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; } catch (Throwable ex) { @@ -341,21 +323,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(AuthenticationSession session, - OAAuthParameter oaParam, AuthenticationData authData + private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (session == null) + if (authData == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); IdentityLink tempIdentityLink = null; - Element mandate = session.getMandate(); + Element mandate = authData.getMandate(); - if (session.getUseMandate()) { + if (authData.isUseMandate()) { tempIdentityLink = new IdentityLink(); Element mandator = ParepUtils.extractMandator(mandate); String dateOfBirth = ""; @@ -432,7 +413,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String oatargetType; if(oaParam.getBusinessService()) { - oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + oatargetType = oaParam.getIdentityLinkDomainIdentifier(); + else + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier(); } else { oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); @@ -509,7 +493,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * when SAML artifact is invalid */ private void storeAuthenticationData(String samlArtifact, - AuthenticationData authData) throws AuthenticationException { + String samlAssertion) throws AuthenticationException { try { SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); @@ -523,7 +507,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); - authenticationDataStore.put(samlArtifact, authData); + authenticationDataStore.put(samlArtifact, samlAssertion); } } catch (AuthenticationException ex) { |