diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
22 files changed, 704 insertions, 341 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f1c15e83b..89adbce3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -23,9 +23,11 @@ package at.gv.egovernment.moa.id.auth; +import iaik.asn1.ObjectID; import iaik.pki.PKIException; import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -652,21 +654,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { // check if person is a Organwalter // if true - don't show bPK in AUTH Block - boolean isOW = false; -// String oid = null; -// if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) -// isOW = true; -// -// AuthenticationSession session = getSession(sessionID); - + try { + for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { + if (certificate.getExtension(OWid) != null) { + session.setOW(true); + } + + } + + } catch (X509ExtensionInitException e) { + Logger.warn("Certificate extension is not readable."); + session.setOW(false); + } + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, - authConf, oaParam, isOW); + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); return returnvalue; } @@ -784,75 +792,77 @@ public class AuthenticationServer implements MOAIDAuthConstants { return createXMLSignatureRequest; } - /** - * - * @param session - * @param authConf - * @param oaParam - * @return - * @throws ConfigurationException - * @throws BuildException - * @throws ValidateException - */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, - BuildException, ValidateException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - // BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl - if (isOW) { - // if person is OW, delete identification value (bPK is calculated via MIS) - identityLink.setIdentificationValue(null); - identityLink.setIdentificationType(null); - } - else { - - //TODO: check correctness!!! bpk calcultion is done during Assertion generation -// String bpkBase64 = new BPKBuilder().buildBPK(identityLink -// .getIdentificationValue(), session.getTarget()); -// identityLink.setIdentificationValue(bpkBase64); -// -// //TODO: insert correct Type!!!! -// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); - } - } - // ..BZ - // } - - // builds the AUTH-block - String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); - - // session.setAuthBlock(authBlock); - // builds the <CreateXMLSignatureRequest> - List<String> transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.size() == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.isSlVersion12()); - - System.out.println("XML: " + createXMLSignatureRequest); - - return createXMLSignatureRequest; - } +// /** +// * +// * @param session +// * @param authConf +// * @param oaParam +// * @return +// * @throws ConfigurationException +// * @throws BuildException +// * @throws ValidateException +// */ +// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( +// AuthenticationSession session, AuthConfigurationProvider authConf, +// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, +// BuildException, ValidateException { +// +// // check for intermediate processing of the infoboxes +// if (session.isValidatorInputPending()) +// return "Redirect to Input Processor"; +// +// if (authConf == null) +// authConf = AuthConfigurationProvider.getInstance(); +// if (oaParam == null) +// oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter( +// session.getPublicOAURLPrefix()); +// +// // BZ.., calculate bPK for signing to be already present in AuthBlock +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals( +// Constants.URN_PREFIX_BASEID)) { +// +// // only compute bPK if online application is a public service and we +// // have the Stammzahl +//// if (isOW) { +//// // if person is OW, delete identification value (bPK is calculated via MIS) +//// identityLink.setIdentificationValue(null); +//// identityLink.setIdentificationType(null); +//// } +//// else { +// +// //TODO: check correctness!!! bpk calcultion is done during Assertion generation +//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +//// .getIdentificationValue(), session.getTarget()); +//// identityLink.setIdentificationValue(bpkBase64); +//// +//// //TODO: insert correct Type!!!! +//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +//// } +// +// } +// // ..BZ +// // } +// +// // builds the AUTH-block +// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); +// +// // session.setAuthBlock(authBlock); +// // builds the <CreateXMLSignatureRequest> +// List<String> transformsInfos = oaParam.getTransformsInfos(); +// if ((transformsInfos == null) || (transformsInfos.size() == 0)) { +// // no OA specific transforms specified, use default ones +// transformsInfos = authConf.getTransformsInfos(); +// } +// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() +// .build(authBlock, oaParam.getKeyBoxIdentifier(), +// transformsInfos, oaParam.isSlVersion12()); +// +// System.out.println("XML: " + createXMLSignatureRequest); +// +// return createXMLSignatureRequest; +// } /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br> * <ul> @@ -1067,14 +1077,22 @@ public class AuthenticationServer implements MOAIDAuthConstants { } else { identificationValue = identityLink.getIdentificationValue(); identificationType = identityLink.getIdentificationType(); - } + } + + //set empty AuthBlock BPK in case of OW + if (session.isOW()) { + identificationType = ""; + identificationValue = ""; + } + String issueInstant = DateTimeUtils.buildDateTime(Calendar .getInstance(), oaParam.getUseUTC()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); String targetFriendlyName = session.getTargetFriendlyName(); + // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) // String oaURL = session.getPublicOAURLPrefix(); @@ -1115,59 +1133,61 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - /** - * Builds an authentication block <code><saml:Assertion></code> from - * given session data. - * - * @param session - * authentication session - * - * @return <code><saml:Assertion></code> as a String - * - * @throws BuildException - * If an error occurs on serializing an extended SAML attribute - * to be appended to the AUTH-Block. - */ - private String buildAuthenticationBlockForOW(AuthenticationSession session, - OAAuthParameter oaParam, boolean isOW) throws BuildException { - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); - - String issueInstant = DateTimeUtils.buildDateTime(Calendar - .getInstance(), oaParam.getUseUTC()); - session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); - // Bug #485 - // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) - // String oaURL = session.getPublicOAURLPrefix(); - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - Iterator it = extendedSAMLAttributes.iterator(); - // delete bPK attribute from extended SAML attributes - if (isOW) { - ExtendedSAMLAttribute toDelete = null; - while (it.hasNext()) { - ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); - if (attr.getName().equalsIgnoreCase("bPK")) - toDelete = attr; - } - if (toDelete != null) - extendedSAMLAttributes.remove(toDelete); - } - - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - - return authBlock; - } +// /** +// * Builds an authentication block <code><saml:Assertion></code> from +// * given session data. +// * +// * @param session +// * authentication session +// * +// * @return <code><saml:Assertion></code> as a String +// * +// * @throws BuildException +// * If an error occurs on serializing an extended SAML attribute +// * to be appended to the AUTH-Block. +// */ +// private String buildAuthenticationBlockForOW(AuthenticationSession session, +// OAAuthParameter oaParam, boolean isOW) throws BuildException { +// IdentityLink identityLink = session.getIdentityLink(); +// String issuer = identityLink.getName(); +// String gebDat = identityLink.getDateOfBirth(); +// String identificationValue = identityLink.getIdentificationValue(); +// String identificationType = identityLink.getIdentificationType(); +// +// String issueInstant = DateTimeUtils.buildDateTime(Calendar +// .getInstance(), oaParam.getUseUTC()); +// session.setIssueInstant(issueInstant); +// String authURL = session.getAuthURL(); +// String target = session.getTarget(); +// String targetFriendlyName = session.getTargetFriendlyName(); +// // Bug #485 +// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) +// // String oaURL = session.getPublicOAURLPrefix(); +// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); +// +// +// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); +// Iterator it = extendedSAMLAttributes.iterator(); +// // delete bPK attribute from extended SAML attributes +// if (session.isOW()) { +// ExtendedSAMLAttribute toDelete = null; +// while (it.hasNext()) { +// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); +// if (attr.getName().equalsIgnoreCase("bPK")) +// toDelete = attr; +// } +// if (toDelete != null) +// extendedSAMLAttributes.remove(toDelete); +// } +// +// String authBlock = new AuthenticationBlockAssertionBuilder() +// .buildAuthBlock(issuer, issueInstant, authURL, target, +// targetFriendlyName, identificationValue, +// identificationType, oaURL, gebDat, +// extendedSAMLAttributes, session, oaParam); +// +// return authBlock; +// } /** * Verifies the infoboxes (except of the identity link infobox) returned by @@ -2283,52 +2303,61 @@ public class AuthenticationServer implements MOAIDAuthConstants { //TODO: resign the IdentityLink!!! - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if (session.getUseMandate() && session.isOW()) { + MISMandate mandate = session.getMISMandate(); + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + + } else { + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + } + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - } - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - authData.setIdentityLink(idl); - - } else { + + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + authData.setIdentityLink(identityLink); } - - authData.setIdentityLink(identityLink); } return authData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index e1552a5a6..edc43da0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -118,10 +118,19 @@ public interface MOAIDAuthConstants { * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; - /** the number of the certifcate extension for party organ representatives */ - public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + +// /** the number of the certifcate extension for party organ representatives */ +// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /** OW */ + public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; + + /** List of OWs */ + public static final List<ObjectID> OW_LIST = Arrays.asList( + new ObjectID(OW_ORGANWALTER)); /**BKU type identifiers to use bkuURI from configuration*/ public static final String REQ_BKU_TYPE_LOCAL = "local"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index abb33203c..ee2313070 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -179,6 +179,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String wbpkNSDeclaration = ""; if (target == null) { + // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator @@ -195,6 +196,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion // We do not have a wbPK, therefore no SAML-Attribute is provided session.setSAMLAttributeGebeORwbpk(false); } + } else { // OA is a govermental application String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 023b36d83..9bec06135 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -61,7 +61,12 @@ public class BPKBuilder { new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",target=" + target}); } - String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + String basisbegriff; + if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) + basisbegriff = identificationValue + "+" + target; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e6de2ce02..4560e69cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -123,6 +123,9 @@ public class AuthenticationSession implements Serializable { private boolean useMandate; + private boolean isOW = false; + + /** * STORK */ @@ -1114,5 +1117,20 @@ public class AuthenticationSession implements Serializable { public void setSsoRequested(boolean ssoRequested) { this.ssoRequested = ssoRequested; } + + /** + * @return the isOW + */ + public boolean isOW() { + return isOW; + } + + /** + * @param isOW the isOW to set + */ + public void setOW(boolean isOW) { + this.isOW = isOW; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 58cea2926..58194361c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.auth.parser; +import java.io.UnsupportedEncodingException; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -19,7 +21,9 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.URLEncoder; public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ @@ -39,15 +43,14 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // String sso = req.getParameter(PARAM_SSO); // escape parameter strings - //TODO: use URLEncoder.encode!! - target = StringEscapeUtils.escapeHtml(target); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - bkuURL = StringEscapeUtils.escapeHtml(bkuURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - useMandate = StringEscapeUtils.escapeHtml(useMandate); - ccc = StringEscapeUtils.escapeHtml(ccc); -// sso = StringEscapeUtils.escapeHtml(sso); - + target = StringEscapeUtils.escapeHtml(target); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); + // sso = StringEscapeUtils.escapeHtml(sso); + // check parameter //pvp2.x can use general identifier (equals oaURL in SAML1) @@ -153,7 +156,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - //TODO: check for SSO moasession.setTarget(target); moasession.setBusinessService(oaParam.getBusinessService()); moasession.setTargetFriendlyName(targetFriendlyName); @@ -193,9 +195,12 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ moasession.setAuthURL(authURL); -// //check and set SourceID -// if (sourceID != null) -// moasession.setSourceID(sourceID); + //check and set SourceID + if (oaParam.getSAML1Parameter() != null) { + String sourceID = oaParam.getSAML1Parameter().getSourceID(); + if (MiscUtil.isNotEmpty(sourceID)) + moasession.setSourceID(sourceID); + } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -208,14 +213,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ moasession.setBkuURL(bkuURL); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - - // override template url by url from configuration file - if (oaParam.getTemplateURL() != null) { - templateURL = oaParam.getTemplateURL(); - } moasession.setTemplateURL(templateURL); + moasession.setCcc(ccc); } @@ -223,10 +224,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ public static void parse(HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { -// //check Module and Action -// HttpSession httpSession = req.getSession(); -// IRequest request = RequestStorage.getPendingRequest(httpSession); - + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); String action = request.requestedAction();//req.getParameter(PARAM_ACTION); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index f68e0361a..d4484a97c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -94,10 +94,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { //load Parameters from config String target = oaParam.getTarget(); -// String sourceID = ""; //TODO: load from Config -// String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); -// String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam); - + String bkuURL = oaParam.getBKUURL(bkuid); String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); @@ -119,7 +116,8 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { //store MOASession try { - AuthenticationSessionStoreage.storeSession(moasession); + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 67932063a..e461197e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -186,13 +186,7 @@ public class GetMISSessionIDServlet extends AuthServlet { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }); } - - // TODO OW bPK (Offen: was bei saml:NameIdentifier - // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute - // AttributeName="bPK" ) - System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); - // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - + //check if it is a parsable XML byte[] byteMandate = mandate.getMandate(); String stringMandate = new String(byteMandate); @@ -220,38 +214,8 @@ public class GetMISSessionIDServlet extends AuthServlet { session.getAction(), pendingRequestID), newMOASessionID); redirectURL = resp.encodeRedirectURL(redirectURL); - -// String samlArtifactBase64 = AuthenticationServer.getInstance() -// .verifyAuthenticationBlockMandate(session, mandateDoc); - -// if (!samlArtifactBase64.equals("Redirect to Input Processor")) { -// -// redirectURL = session.getOAURLRequested(); -// if (!session.getBusinessService()) { -// // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, -// // URLEncoder.encode(session.getTarget(), "UTF-8")); -// } -// // redirectURL = addURLParameter(redirectURL, -// // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, -// // "UTF-8")); -// redirectURL = new DataURLBuilder().buildDataURL( -// session.getAuthURL(), -// ModulUtils.buildAuthURL(session.getModul(), -// session.getAction()), samlArtifactBase64); -// redirectURL = resp.encodeRedirectURL(redirectURL); -// -// } else { -// redirectURL = new DataURLBuilder().buildDataURL( -// session.getAuthURL(), -// AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, -// session.getSessionID()); -// -// } - - resp.setContentType("text/html"); resp.setStatus(302); - resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 9e7c8536d..477d99220 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -155,7 +155,7 @@ public class VerifyCertificateServlet extends AuthServlet { throw new MOAIDException("session store error", null); } - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
// Foreign Identities Modus
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index ac7466c11..38f650a65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -190,29 +190,30 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen) //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!! -// boolean useMandate = session.getUseMandate(); -// if (useMandate) { // Mandate modus -// // read certificate and set dataurl to -// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); -// -// -// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); -// -// // build dataurl (to the GetForeignIDSerlvet) -// String dataurl = -// new DataURLBuilder().buildDataURL( -// session.getAuthURL(), -// REQ_VERIFY_CERTIFICATE, -// session.getSessionID()); -// -// -// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); -// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); -// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); -// ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); -// -// } -// else { + boolean useMandate = session.getUseMandate(); + + if (useMandate) { // Mandate modus + // read certificate and set dataurl to + Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + + + String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_CERTIFICATE, + session.getSessionID()); + + //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); + //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + } + else { Logger.info("Normal"); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() @@ -226,7 +227,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } -// } + } try { AuthenticationSessionStoreage.storeSession(session); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 57f6ee4f1..c62594d6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -35,6 +35,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; @@ -162,12 +163,13 @@ public List<String> getTransformsInfos() { /** * @return the templateURL */ - public String getTemplateURL() { + public List<TemplateType> getTemplateURL() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { - if (templates.getTemplate() != null) - return templates.getTemplate().getURL(); + if (templates.getTemplate() != null) { + return templates.getTemplate(); + } } return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index cb35e708c..1460668e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -435,7 +435,10 @@ public class BuildFromLegacyConfig { templates.setAditionalAuthBlockText(""); TemplateType template = new TemplateType(); template.setURL(oa.getTemplateURL()); - templates.setTemplate(template); + ArrayList<TemplateType> template_list = new ArrayList<TemplateType>(); + template_list.add(template); + templates.setTemplate(template_list); + //set TransformsInfo String[] transforminfos = oa.getTransformsInfos(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 5875a37c7..e8b661362 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -2,10 +2,10 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; public interface PVPConstants { - public static final String STORK_QAA_1_1 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1"; - public static final String STORK_QAA_1_2 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-2"; - public static final String STORK_QAA_1_3 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-3"; - public static final String STORK_QAA_1_4 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-4"; + public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; + public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2"; + public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; + public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; public static final String URN_OID_PREFIX = "urn:oid:"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 11ec2fe25..60e510de2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -25,6 +25,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNatura import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder; @@ -62,6 +64,8 @@ public class PVPAttributeBuilder { addBuilder(new MandateNaturalPersonBPKAttributeBuilder()); addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder()); addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); addBuilder(new MandateTypeAttributeBuilder()); addBuilder(new MandateProfRepOIDAttributeBuilder()); addBuilder(new MandateProfRepDescAttributeBuilder()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 2d29f7454..17fc52a8c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; import java.util.Iterator; +import java.util.List; import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; @@ -25,9 +26,15 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.w3c.dom.Element; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -37,11 +44,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; public class PVP2AssertionBuilder implements PVPConstants { public static Assertion buildAssertion(AuthnRequest authnRequest, @@ -58,48 +68,64 @@ public class PVP2AssertionBuilder implements PVPConstants { boolean stork_qaa_1_4_found = false; - Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext - .getAuthnContextClassRefs().iterator(); - - while (reqAuthnContextClassRefIt.hasNext()) { - AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt - .next(); - String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( - "\\s+"); - for (int i = 0; i < qaa_uris.length; i++) { - if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) { - stork_qaa_1_4_found = true; - break; - } - } - } + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); + + if (reqAuthnContextClassRefIt.size() == 0) { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + //TODO: insert QAA check + + stork_qaa_1_4_found = false; + + } else { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + } + break; + } + } + } if (!stork_qaa_1_4_found) { throw new QAANotSupportedException(STORK_QAA_1_4); } - reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() - .iterator(); - StringBuilder authContextsb = new StringBuilder(); - while (reqAuthnContextClassRefIt.hasNext()) { - AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt - .next(); - String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( - "\\s+"); - for (int i = 0; i < qaa_uris.length; i++) { - if (qaa_uris[i].trim().equals(STORK_QAA_1_4) - || qaa_uris[i].trim().equals(STORK_QAA_1_3) - || qaa_uris[i].trim().equals(STORK_QAA_1_2) - || qaa_uris[i].trim().equals(STORK_QAA_1_1)) { - authContextsb.append(qaa_uris[i].trim()); - authContextsb.append(" "); - } - } - - } - AuthnContextClassRef authnContextClassRef = SAML2Utils - .createSAMLObject(AuthnContextClassRef.class); - authnContextClassRef.setAuthnContextClassRef(authContextsb.toString()); +// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() +// .iterator(); +// +// StringBuilder authContextsb = new StringBuilder(); +// +// while (reqAuthnContextClassRefIt.hasNext()) { +// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt +// .next(); +// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( +// "\\s+"); +// for (int i = 0; i < qaa_uris.length; i++) { +// if (qaa_uris[i].trim().equals(STORK_QAA_1_4) +// || qaa_uris[i].trim().equals(STORK_QAA_1_3) +// || qaa_uris[i].trim().equals(STORK_QAA_1_2) +// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) { +// authContextsb.append(qaa_uris[i].trim()); +// authContextsb.append(" "); +// } +// } +// +// } + AuthnContext authnContext = SAML2Utils .createSAMLObject(AuthnContext.class); authnContext.setAuthnContextClassRef(authnContextClassRef); @@ -199,14 +225,63 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.getAttributeStatements().add(attributeStatement); } - // TL: getIdentificationValue holds the baseID --> change to pBK - // subjectNameID.setValue(authData.getIdentificationValue()); - subjectNameID.setFormat(NameID.PERSISTENT); //TLenz: set correct bPK Type and Value from AuthData - subjectNameID.setNameQualifier(authData.getBPKType()); - subjectNameID.setValue(authData.getBPK()); + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); + + IdentificationType id; + if(corporation != null && corporation.getIdentification().size() > 0) + id = corporation.getIdentification().get(0); + + + else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) + id = pysicalperson.getIdentification().get(0); + + else { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpktype = id.getType(); + String bpk = id.getValue().getValue(); + + if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier()); + + } else { + subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget())); + if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) + subjectNameID.setNameQualifier(oaParam.getTarget()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + + } else { + subjectNameID.setNameQualifier(bpktype); + subjectNameID.setValue(bpk); + } + + } else { + subjectNameID.setNameQualifier(authData.getBPKType()); + subjectNameID.setValue(authData.getBPK()); + } subject.setNameID(subjectNameID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index bbb610d62..49e013fe0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -6,6 +6,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -13,6 +15,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailabl import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder { @@ -39,17 +42,40 @@ public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilde } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - /*if(authSession.getBusinessService()) { - id = MandateBuilder.getWBPKIdentification(physicalPerson); - } else { - id = MandateBuilder.getBPKIdentification(physicalPerson); - }*/ +// if(authSession.getBusinessService()) { +// id = MandateBuilder.getWBPKIdentification(physicalPerson); +// } else { +// id = MandateBuilder.getBPKIdentification(physicalPerson); +// } if(id == null) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAvailableException(); } + + String bpk; + try { + + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); + + } + + else { + bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); + + } + + } else + bpk = id.getValue().getValue(); + + } catch (BuildException e ){ + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, - MANDATE_NAT_PER_BPK_NAME, id.getValue().getValue()); + MANDATE_NAT_PER_BPK_NAME, bpk); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..eaa7e88af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..7b8f59dd2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index c8a9a24ad..1fbcb9a46 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -27,6 +27,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.Calendar; import org.apache.axis.AxisFault; +import org.apache.commons.lang3.StringEscapeUtils; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -78,12 +79,12 @@ public class GetAuthenticationDataService implements Constants { throws AxisFault { Element request = requests[0]; - Element[] responses = new Element[1]; + Element[] responses = new Element[1]; String requestID = ""; String statusCode = ""; String subStatusCode = null; String statusMessageCode = null; - String statusMessage = null; + String statusMessage = null; String samlAssertion = ""; boolean useUTC = false; if (requests.length > 1) { @@ -107,14 +108,15 @@ public class GetAuthenticationDataService implements Constants { subStatusCode = "samlp:TooManyResponses"; statusMessageCode = "1203"; } + else { Element samlArtifactElem = (Element)samlArtifactList.item(0); requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + try { - - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - + AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); useUTC = authData.getUseUTC(); @@ -123,9 +125,36 @@ public class GetAuthenticationDataService implements Constants { samlAssertion = authData.getSamlAssertion(); statusCode = "samlp:Success"; statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact + } + + catch (ClassCastException ex) { + + try { + Throwable error = saml1server.getErrorResponse(samlArtifact); + statusCode = "samlp:Responder"; + subStatusCode = "samlp:RequestDenied"; + + if (error instanceof MOAIDException) { + statusMessageCode = ((MOAIDException)error).getMessageId(); + statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); + + } else { + statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); + } + + + + } catch (Exception e) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); + } + + } + + catch (AuthenticationException ex) { + //no authentication data for given SAML artifact statusCode = "samlp:Requester"; subStatusCode = "samlp:ResourceNotRecognized"; statusMessage = ex.toString(); @@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants { statusCode = "samlp:Requester"; statusMessageCode = "1204"; } - } + } + try { String responseID = Random.nextRandom(); String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); + if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); responses[0] = new SAMLResponseBuilder().build( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 2a7147bcb..fec2d2b35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -1,13 +1,8 @@ package at.gv.egovernment.moa.id.protocols.saml1; -import iaik.x509.X509Certificate; - -import java.io.File; import java.io.IOException; -import java.security.cert.CertificateEncodingException; import java.util.Date; import java.util.List; -import java.util.Vector; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; @@ -27,16 +22,15 @@ import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -66,6 +60,33 @@ public class SAML1AuthenticationServer extends AuthenticationServer { */ private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException { + try { + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + Throwable error = null; + synchronized (authenticationDataStore) { + try { + error = authenticationDataStore + .get(samlArtifact, Throwable.class); + + authenticationDataStore.remove(samlArtifact); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + } + + return error; + } + /** * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. * The <code>AuthenticationData</code> is deleted from the store upon end of @@ -77,6 +98,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + } catch (ParseException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); @@ -123,6 +145,18 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return authData; } + public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) + throws BuildException, MOADatabaseException { + + String samlArtifact = new SAMLArtifactBuilder().build( + protocolRequest.getOAURL(), protocolRequest.getRequestID(), + null); + + authenticationDataStore.put(samlArtifact, error); + + return samlArtifact; + } + public String BuildSAMLArtifact(AuthenticationSession session, OAAuthParameter oaParam, AuthenticationData authData) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index fad25bc20..a310b16ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; @@ -22,6 +23,8 @@ import at.gv.egovernment.moa.id.moduls.ServletInfo; import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { @@ -107,8 +110,22 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - // TODO Auto-generated method stub - return false; + + SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); + + String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + + String url = "RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); + url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = response.encodeRedirectURL(url); + + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", url); + Logger.debug("REDIRECT TO: " + url); + + return true; } public IAction getAction(String action) { @@ -145,5 +162,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return true; } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index d6bef8d53..ea823889f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -43,6 +43,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; @@ -237,7 +238,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ * @param template
* @return
*/
- public static boolean isValidTemplate(HttpServletRequest req, String template) {
+ public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
@@ -267,6 +268,13 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ //check against configured trustet template urls AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); List<String> trustedTemplateURLs = authConf.getSLRequestTemplates(); + + //get OA specific template URLs + if (oaSlTemplates != null && oaSlTemplates.size() > 0) { + for (TemplateType el : oaSlTemplates) + trustedTemplateURLs.add(el.getURL()); + } + boolean b = trustedTemplateURLs.contains(template); if (b) { Logger.debug("Parameter Template erfolgreich ueberprueft"); |