diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
3 files changed, 88 insertions, 22 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java index 0b280fe48..18f981243 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java @@ -10,7 +10,13 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -100,27 +106,60 @@ public class CitizenTokenBuilder { AuthenticationSession authSession) { AttributeStatement statement = SAML2Utils.createSAMLObject(AttributeStatement.class); + + //TL: AuthData generation is moved out from VerifyAuthBlockServlet + try { + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); + boolean useUTC = oaParam.getUseUTC(); - Attribute pvpVersion = buildPVPVersion("2.1"); - Attribute secClass = buildSecClass(3); - Attribute principalName = buildPrincipalName(authSession.getAuthData().getFamilyName()); - Attribute givenName = buildGivenName(authSession.getAuthData().getGivenName()); - Attribute birthdate = buildBirthday(authSession.getAuthData().getDateOfBirth()); - Attribute bpk = buildBPK(authSession.getAuthData().getIdentificationValue()); - Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); - Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); - Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authSession.getAuthData().getIdentificationType()); - - statement.getAttributes().add(pvpVersion); - statement.getAttributes().add(secClass); - statement.getAttributes().add(principalName); - statement.getAttributes().add(givenName); - statement.getAttributes().add(birthdate); - statement.getAttributes().add(bpk); - statement.getAttributes().add(eid_citizen_qaa); - statement.getAttributes().add(eid_issuing_nation); - statement.getAttributes().add(eid_sector_for_id); + AuthenticationData authData; + + authData = AuthenticationServer.buildAuthenticationData(authSession, + authSession.getXMLVerifySignatureResponse(), + useUTC, + authSession.isForeigner()); + + Attribute pvpVersion = buildPVPVersion("2.1"); + Attribute secClass = buildSecClass(3); + Attribute principalName = buildPrincipalName(authData.getFamilyName()); + Attribute givenName = buildGivenName(authData.getGivenName()); + Attribute birthdate = buildBirthday(authData.getDateOfBirth()); + + //TL: getIdentificationValue holds the baseID --> change to pBK + Attribute bpk; + if (authSession.getBusinessService()) + bpk = buildBPK(authData.getWBPK()); + else + bpk = buildBPK(authData.getBPK()); + + Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); + Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); + Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType()); + + statement.getAttributes().add(pvpVersion); + statement.getAttributes().add(secClass); + statement.getAttributes().add(principalName); + statement.getAttributes().add(givenName); + statement.getAttributes().add(birthdate); + statement.getAttributes().add(bpk); + statement.getAttributes().add(eid_citizen_qaa); + statement.getAttributes().add(eid_issuing_nation); + statement.getAttributes().add(eid_sector_for_id); + + return statement; + + } catch (ConfigurationException e) { + + // TODO: check Exception Handling + return null; + } catch (BuildException e) { + + // TODO: check Exception Handling + return null; + } - return statement; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index f05866f70..6b35d7640 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -25,7 +25,11 @@ import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; @@ -95,7 +99,26 @@ public class AuthnRequestHandler implements IRequestHandler { Subject subject = SAML2Utils.createSAMLObject(Subject.class); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); subjectNameID.setFormat(NameID.PERSISTENT); - subjectNameID.setValue(authSession.getAuthData().getIdentificationValue()); + + + //TL: AuthData generation is moved to Assertion generation. + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); + boolean useUTC = oaParam.getUseUTC(); + + AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, + authSession.getXMLVerifySignatureResponse(), + useUTC, + authSession.isForeigner()); + + //TL: getIdentificationValue holds the baseID --> change to pBK + //subjectNameID.setValue(authData.getIdentificationValue()); + if (authSession.getBusinessService()) + subjectNameID.setValue(authData.getWBPK()); + else + subjectNameID.setValue(authData.getBPK()); + + subject.setNameID(subjectNameID); //assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 6a86eb4a5..36fd75d8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -112,7 +112,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //TODO: check, if this is correct!!!! //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), // useUTC, false); - AuthenticationData authData = session.getAuthData(); + + AuthenticationData authData = buildAuthenticationData(session, + session.getXMLVerifySignatureResponse(), + useUTC, + session.isForeigner()); //TODO: check, if this is correct!!!! // String samlAssertion = new AuthenticationDataAssertionBuilder().build( |