diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
4 files changed, 45 insertions, 39 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5eb23cabc..093d22732 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1538,7 +1538,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), - session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1554,7 +1553,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session @@ -1717,7 +1716,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session @@ -1816,7 +1815,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), - session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1832,7 +1830,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 410d045f0..bcad65eed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -114,25 +114,5 @@ public class AuthenticationAssertionBuilder { return sb.toString(); } - /** - * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion - * delivered to the online application. - * The method traverses through the list of given SAML attribute objects and builds an - * XML structure (String representation) for each of the attributes. - * - * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or - * to the SAML assertion delivered to the online application. - * @return A string representation including the XML structures of - * the SAML attributes. - * - * @throws ParseException If an error occurs on serializing an SAML attribute. - */ - protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException { - StringBuffer sb = new StringBuffer(); - if (sourceID!=null) - sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID})); - - return sb.toString(); - } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 7032e09eb..b9e44544d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -72,7 +72,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB "{10}" + "{11}" + "{12}" + - "{13}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; @@ -107,7 +106,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB "{11}" + "{12}" + "{13}" + - "{14}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; /** @@ -158,7 +156,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes) throws BuildException { @@ -210,7 +207,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlPersonData), isQualifiedCertificate, bkuURL, - buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); @@ -301,7 +297,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlMandateData), isQualifiedCertificate, bkuURL, - buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 41e4cd37d..145664a2b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -67,7 +67,7 @@ public class SAMLArtifactBuilder { * of <code>AssertionHandle</code> * @return the 42-byte SAML artifact, encoded BASE64 */ - public String build(String authURL, String sessionID) throws BuildException { + public String build(String authURL, String sessionID, String sourceIdParam) throws BuildException { try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; @@ -77,16 +77,45 @@ public class SAMLArtifactBuilder { //System.out.println("alternativeSourceID: " + alternativeSourceID); //System.out.println("authURL: " + authURL); - if (!ParepUtils.isEmpty(alternativeSourceID)) { - // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; - sourceID = md.digest(alternativeSourceID.getBytes()); - Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); - } else { - sourceID = md.digest(authURL.getBytes()); + // if sourceID is given in GET/POST param - use this as source id + if (!ParepUtils.isEmpty(sourceIdParam)) { + // if GET/POST parameter sourceID is set, use that sourceID instead of authURL; + sourceID = md.digest(sourceIdParam.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + sourceIdParam + "\" instead of authURL \"" + authURL + "\"."); + + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + //System.out.println("samlArtifact: " + new String(samlArtifact)); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + //System.out.println("samlArtifact Base64: " + samlArtifactBase64); + return samlArtifactBase64; } - //System.out.println("sourceID: " + new String(sourceID)); + // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; + if (!ParepUtils.isEmpty(alternativeSourceID)) { + sourceID = md.digest(alternativeSourceID.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); + + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + System.out.println("samlArtifact: " + new String(samlArtifact)); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + System.out.println("samlArtifact Base64: " + samlArtifactBase64); + return samlArtifactBase64; + } + // default: sourecID from authURL + sourceID = md.digest(authURL.getBytes()); byte[] assertionHandle = md.digest(sessionID.getBytes()); ByteArrayOutputStream out = new ByteArrayOutputStream(42); out.write(0); @@ -98,6 +127,10 @@ public class SAMLArtifactBuilder { String samlArtifactBase64 = Base64Utils.encode(samlArtifact); //System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; + + //System.out.println("sourceID: " + new String(sourceID)); + + } catch (Throwable ex) { throw new BuildException( |