aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java11
9 files changed, 109 insertions, 58 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 41b383f01..ba66041d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,6 +24,7 @@
package at.gv.egovernment.moa.id.auth;
import iaik.pki.PKIException;
+import iaik.x509.CertificateFactory;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
@@ -32,12 +33,16 @@ import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
+//import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
@@ -68,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -82,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
@@ -108,6 +115,7 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -117,6 +125,7 @@ import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -132,7 +141,6 @@ import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
import eu.stork.vidp.messages.stork.RequestedAttributes;
import eu.stork.vidp.messages.util.SAMLUtil;
import eu.stork.vidp.messages.util.XMLUtil;
-//import java.security.cert.CertificateFactory;
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -849,16 +857,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String createXMLSignatureRequestForeignID(String sessionID,
+ public String createXMLSignatureRequestForeignID(AuthenticationSession session,
X509Certificate cert) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
+// AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -866,6 +874,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ //session.setSignerCertificate(cert);
+
return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
cert);
}
@@ -2000,9 +2010,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// AuthConfigurationProvider.getInstance();
IdentityLink tempIdentityLink = null;
-
+
if (session.getUseMandate()) {
- session.setMandate(mandate);
tempIdentityLink = new IdentityLink();
Element mandator = ParepUtils.extractMandator(mandate);
String dateOfBirth = "";
@@ -2459,7 +2468,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if(!isForeigner) {
//we have Austrian citizen
if (businessService) {
- authData.setWBPK(identityLink.getIdentificationValue());
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
} else {
@@ -2471,16 +2481,30 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
String bpkBase64 = new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
}
}
} else {
//we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
if (businessService) {
//since we have foreigner, wbPK is not calculated in BKU
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
- authData.setWBPK(wbpkBase64);
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
}
} else {
@@ -2488,7 +2512,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
// only compute bPK if online application is a public service and we have the Stammzahl
String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
}
@@ -2757,7 +2782,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
if (oaParam == null)
throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
-
//Start of STORK Processing
STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
@@ -2776,16 +2800,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("Issuer value: " + issuerValue);
- QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
- Logger.debug("QAALevel: " + qaaLevel.getValue());
-
+ QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
+ //Logger.debug("QAALevel: " + qaaLevel.getValue());
+
RequestedAttributes requestedAttributes = null;
- requestedAttributes = oaParam.getRequestedAttributes();
+ //TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes();
requestedAttributes.detach();
List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
List<RequestedAttribute> oaReqAttributeList = null;
- oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+ //TODO UNCOMMENT AGAIN !! oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
//check if country specific attributes must be additionally requested
if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
@@ -2924,7 +2948,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
-
+
X509Certificate cert;
try {
cert = new X509Certificate(is);
@@ -2933,7 +2957,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} catch (Throwable e) {
throw new CertificateException(e);
}
-
+
+// CertificateFactory cf;
+// X509Certificate cert = null;
+// cf = CertificateFactory.getInstance("X.509");
+// CertificateFactory
+// cert = (X509Certificate)cf.generateCertificate(is);
+// return cert;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 7137ce414..839ebe7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -255,8 +255,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String pkType;
String pkValue;
if (businessService) {
- pkType = authData.getIdentificationType();
- pkValue = authData.getWBPK();
+ pkType = authData.getBPKType();
+ pkValue = authData.getBPK();
} else {
// <saml:NameIdentifier NameQualifier> always has the bPK as type/value
@@ -376,8 +376,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String pkType;
String pkValue;
if (businessService) {
- pkType = authData.getIdentificationType();
- pkValue = authData.getWBPK();
+ pkType = authData.getBPKType();
+ pkValue = authData.getBPK();
} else {
// <saml:NameIdentifier NameQualifier> always has the bPK as type/value
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index de86a4f05..6a9a5b765 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -91,16 +91,7 @@ public class BPKBuilder {
new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
}
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
+
String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 930fedfd4..7b5c1513a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -148,7 +148,8 @@ public class VerifyCertificateServlet extends AuthServlet {
}
else {
// Foreign Identities Modus
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
+
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index c1de93fae..efb300a1c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -69,13 +69,20 @@ public class AuthenticationData implements Serializable {
*/
private String identificationType;
/**
- * application specific user identifier (bPK)
+ * application specific user identifier (bPK/wbPK)
*/
private String bPK;
+
/**
- * private sector-specific personal identifier (wbPK)
+ * application specific user identifier type
*/
- private String wbPK;
+ private String bPKType;
+
+
+// /**
+// * private sector-specific personal identifier (wbPK)
+// */
+// private String wbPK;
/**
* given name of the user
*/
@@ -167,13 +174,13 @@ public class AuthenticationData implements Serializable {
return bPK;
}
- /**
- * Returns the wbPK.
- * @return String the wbPK.
- */
- public String getWBPK() {
- return wbPK;
- }
+// /**
+// * Returns the wbPK.
+// * @return String the wbPK.
+// */
+// public String getWBPK() {
+// return wbPK;
+// }
/**
* Returns useUTC
@@ -223,13 +230,13 @@ public class AuthenticationData implements Serializable {
this.bPK = bPK;
}
- /**
- * Sets the wbPK.
- * @param wbPK The wbPK to set
- */
- public void setWBPK(String wbPK) {
- this.wbPK = wbPK;
- }
+// /**
+// * Sets the wbPK.
+// * @param wbPK The wbPK to set
+// */
+// public void setWBPK(String wbPK) {
+// this.wbPK = wbPK;
+// }
public void setUseUTC(boolean useUTC) {
this.useUTC = useUTC;
@@ -435,4 +442,13 @@ public class AuthenticationData implements Serializable {
return timestamp;
}
+public String getBPKType() {
+ return bPKType;
+}
+
+public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+}
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 7a356aaf0..03b012a27 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -136,8 +136,10 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
return authData.getDateOfBirth();
if (predicate.equals(MOABPK))
return authData.getBPK();
- if (predicate.equals(MOAWBPK))
- return authData.getWBPK();
+
+ //AuthData holdes the correct BPK/WBPK
+ if (predicate.equals(MOAWBPK))
+ return authData.getBPK();
if (predicate.equals(MOAPublicAuthority))
if (authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 1fc257ea8..1a466c520 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -499,8 +499,10 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
return authData.getDateOfBirth();
if (predicate.equals("MOABPK"))
return authData.getBPK();
+
+ //AuthData holdes the correct BPK/WBPK
if (predicate.equals("MOAWBPK"))
- return authData.getWBPK();
+ return authData.getBPK();
if (predicate.equals("MOAPublicAuthority"))
if (authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index 6f698770c..b904161a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -324,8 +324,10 @@ public class XMLLoginParameterResolverPlainData
return authData.getDateOfBirth();
if(predicate.equals(MOABPK))
return authData.getBPK();
+
+ //AuthData holds the correct BPK/WBPK
if(predicate.equals(MOAWBPK))
- return authData.getWBPK();
+ return authData.getBPK();
if(predicate.equals(MOAPublicAuthority))
if(authData.isPublicAuthority())
return "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 134bd21a8..1589f1440 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -143,10 +143,17 @@ public class AuthenticationDataAssertionParser implements Constants {
authData.setIssueInstant(
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
+
+
+ //TODO: set pBK and Type
if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
- authData.setBPK(pkValue);
+ //bPK
+ authData.setBPK(Constants.URN_PREFIX_BPK);
+
} else {
- authData.setWBPK(pkValue);
+ //wbPK
+ authData.setBPK(pkValue);
+ authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
}
authData.setIdentificationValue(
XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));