aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java282
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java153
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java138
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java216
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java)10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java22
64 files changed, 1347 insertions, 1376 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 0090bf3d3..322686c21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -123,7 +123,6 @@ public class MOAReversionLogger implements IRevisionLogger {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int)
*/
- @Override
public void logEvent(ISPConfiguration oaConfig, IRequest pendingRequest,
int eventCode) {
if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -136,7 +135,6 @@ public class MOAReversionLogger implements IRevisionLogger {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String)
*/
- @Override
public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest,
int eventCode, String message) {
if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -251,11 +249,14 @@ public class MOAReversionLogger implements IRevisionLogger {
}
- private List<Integer> selectOASpecificEventCodes(IOAAuthParameters oaConfig) {
+ private List<Integer> selectOASpecificEventCodes(ISPConfiguration oaConfig) {
List<Integer> OASpecificEventCodes = null;
- if (oaConfig != null && oaConfig.getReversionsLoggingEventCodes() != null)
- OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+ if (oaConfig != null && oaConfig instanceof IOAAuthParameters) {
+ if (((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null)
+ OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
+ }
+
else
OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e12b1372e..ea796d974 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -46,6 +46,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -286,10 +287,10 @@ public class StatisticLogger implements IStatisticLogger{
}
IAuthenticationSession moasession = null;
- if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) {
+ if (MiscUtil.isNotEmpty(errorRequest.getSSOSessionIdentifier())) {
Logger.debug("Use MOA session information from SSO session for ErrorLogging");
try {
- moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier());
+ moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getSSOSessionIdentifier());
} catch (MOADatabaseException e) {
Logger.error("Error during database communication", e);
@@ -298,7 +299,8 @@ public class StatisticLogger implements IStatisticLogger{
} else {
Logger.debug("Use MOA session information from pending-req for ErrorLogging");
- moasession = errorRequest.getMOASession();
+ moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage());
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index efe28c900..738f733a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,11 +36,6 @@ import java.util.List;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.DOMException;
@@ -49,10 +44,12 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -71,7 +68,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
@@ -80,17 +76,9 @@ import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -112,9 +100,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected AuthConfiguration authConfig;
- @Autowired private AttributQueryBuilder attributQueryBuilder;
- @Autowired private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Override
public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -193,82 +178,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
return authdata;
}
-
- /**
- * Get PVP authentication attributes by using a SAML2 AttributeQuery
- *
- * @param reqQueryAttr List of PVP attributes which are requested
- * @param userNameID SAML2 UserNameID of the user for which attributes are requested
- * @param idpConfig Configuration of the IDP, which is requested
- * @return
- * @return PVP attribute DAO, which contains all received information
- * @throws MOAIDException
- */
- public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
- String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
- String idpEnityID = idpConfig.getPublicURLPrefix();
-
- try {
- Logger.debug("Starting AttributeQuery process ...");
- //collect attributes by using BackChannel communication
- String endpoint = idpConfig.getIDPAttributQueryServiceURL();
- if (MiscUtil.isEmpty(endpoint)) {
- Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
- throw new ConfigurationException("config.26", new Object[]{idpEnityID});
-
- }
-
- //build attributQuery request
- AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
-
- //build SOAP request
- List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
-
- if (xmlObjects.size() == 0) {
- Logger.error("Receive emptry AttributeQuery response-body.");
- throw new AttributQueryException("auth.27",
- new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
-
- }
-
- Response intfResp;
- if (xmlObjects.get(0) instanceof Response) {
- intfResp = (Response) xmlObjects.get(0);
-
- //validate PVP 2.1 response
- try {
- samlVerificationEngine.verifyIDPResponse(intfResp,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(
- metadataProvider));
-
- //create assertion attribute extractor from AttributeQuery response
- return new AssertionAttributeExtractor(intfResp);
-
- } catch (Exception e) {
- Logger.warn("PVP 2.1 assertion validation FAILED.", e);
- throw new AssertionValidationExeption("auth.27",
- new Object[]{idpEnityID, e.getMessage()}, e);
- }
-
- } else {
- Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
- throw new AttributQueryException("auth.27",
- new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
- }
-
- } catch (SOAPException e) {
- throw new BuildException("builder.06", null, e);
-
- } catch (SecurityException e) {
- throw new BuildException("builder.06", null, e);
-
- } catch (org.opensaml.xml.security.SecurityException e1) {
- throw new BuildException("builder.06", null, e1);
-
- }
- }
-
private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session,
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
@@ -372,32 +282,43 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
//####################################################
//set QAA level
includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+ String currentLoA = null;
if (MiscUtil.isNotEmpty(session.getQAALevel()))
- authData.setQAALevel(session.getQAALevel());
-
+ currentLoA = session.getQAALevel();
else {
- String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
- if (MiscUtil.isNotEmpty(qaaLevel)) {
- Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + qaaLevel
+ currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+ if (MiscUtil.isNotEmpty(currentLoA)) {
+ Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
+ " --> Parse QAA-Level from that attribute.");
-
- if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
- authData.setQAALevel(qaaLevel);
-
- } else {
- Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
- String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
- if (MiscUtil.isNotEmpty(mappedQAA))
- authData.setQAALevel(mappedQAA);
-
- }
+
}
}
+
+ if (MiscUtil.isNotEmpty(currentLoA)) {
+ if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+ authData.setQAALevel(currentLoA);
+ authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+
+ } else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+ authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+ authData.seteIDASLoA(currentLoA);
+
+ } else {
+ Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
+ String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+ if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+ authData.setQAALevel(currentLoA);
+ authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+
+ }
+ }
+ }
//if no QAA level is set in MOASession then set default QAA level
if (MiscUtil.isEmpty(authData.getQAALevel())) {
- Logger.info("No QAA level found. Set to default level " + PVPConstants.STORK_QAA_PREFIX + "1");
+ Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+ authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
}
@@ -810,7 +731,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
try {
authData.setGenericData(elementKey, session.getGenericDataFromSession(elementKey));
- } catch (SessionDataStorageException e) {
+ } catch (EAAFStorageException e) {
Logger.warn("Can not add generic authData with key:" + elementKey, e);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index e9e217137..a1d31f5ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -29,7 +29,6 @@ import org.opensaml.saml2.core.Attribute;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -89,16 +88,8 @@ public class DynamicOAAuthParameterBuilder {
DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters();
dynOAParams.setApplicationID(oaParam.getPublicURLPrefix());
- try {
- dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
- dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
-
- } catch (EAAFConfigurationException e) {
- Logger.warn("Can not resolve baseID restrications! Set to privacy friendly configuration", e);
- dynOAParams.setHasBaseIdProcessingRestriction(true);
- dynOAParams.setHasBaseIdTransfergRestriction(true);
-
- }
+ dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
+ dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
Object storkRequst = null;
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index e0d65e103..10c271b6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -186,7 +186,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
&& MiscUtil.isNotEmpty(templateURLList.get(0)) ) {
templateURL = FileUtils.makeAbsoluteURL(
oaParam.getTemplateURL().get(0),
- authConfig.getRootConfigFileDir());
+ authConfig.getRootConfigFileDir());
Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
} else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 0e9db3964..f9aa1b83c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -36,12 +36,14 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -50,6 +52,7 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -66,7 +69,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
public class IDPSingleLogOutServlet extends AbstractController {
@Autowired SSOManager ssoManager;
- @Autowired AuthenticationManager authManager;
+ @Autowired IAuthenticationManager authManager;
@Autowired IAuthenticationSessionStoreage authenicationStorage;
@Autowired SingleLogOutBuilder sloBuilder;
@@ -127,6 +130,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
} catch (MOADatabaseException e) {
handleErrorNoRedirect(e, req, resp, false);
+ } catch (EAAFException e) {
+ handleErrorNoRedirect(e, req, resp, false);
+
}
return;
@@ -135,10 +141,13 @@ public class IDPSingleLogOutServlet extends AbstractController {
try {
if (ssoManager.isValidSSOSession(ssoid, null)) {
- AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid);
+ String internalSSOId = authenicationStorage.getInternalSSOSessionWithSSOID(ssoid);
- if(authSession != null) {
- authManager.performSingleLogOut(req, resp, authSession, authURL);
+ if(MiscUtil.isNotEmpty(internalSSOId)) {
+ ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId);
+
+ Logger.debug("Starting technical SLO process ... ");
+ sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);
return;
}
@@ -159,11 +168,12 @@ public class IDPSingleLogOutServlet extends AbstractController {
sloContainer.putFailedOA("differntent OAs");
String redirectURL = null;
- if (sloContainer.getSloRequest() != null) {
+ IRequest sloReq = sloContainer.getSloRequest();
+ if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
//send SLO response to SLO request issuer
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
- redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState());
+ SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
+ LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+ redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
} else {
//print SLO information directly
@@ -205,6 +215,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
} catch (MOAIDException e) {
Logger.warn("Build SLO respone FAILED.", e);
+ } catch (EAAFException e) {
+ Logger.warn("Build SLO respone FAILED.", e);
+
}
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 21d329145..0285dd75b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -98,7 +98,7 @@ public class LogOutServlet {
}
- if (ssomanager.destroySSOSessionOnIDPOnly(req, resp))
+ if (ssomanager.destroySSOSessionOnIDPOnly(req, resp, null))
Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);
else
Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 752f54139..07b5242e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -29,9 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -56,10 +56,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
//search for unique session identifier
String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
if (MiscUtil.isEmpty(uniqueSessionIdentifier))
- uniqueSessionIdentifier = Random.nextRandom();
+ uniqueSessionIdentifier = Random.nextHexRandom16();
TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
- request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
+ request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
return true;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index f0477c1fb..89e543209 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -60,7 +60,6 @@ import java.util.Set;
import org.apache.commons.lang.SerializationUtils;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -104,7 +103,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
@Override
- public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException {
+ public boolean hasBaseIdInternalProcessingRestriction() {
String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
for (String el : spConfiguration.getTargetsWithNoBaseIdInternalProcessingRestriction()) {
if (targetAreaIdentifier.startsWith(el))
@@ -116,7 +115,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
}
@Override
- public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException {
+ public boolean hasBaseIdTransferRestriction() {
String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
for (String el : spConfiguration.getTargetsWithNoBaseIdTransferRestriction()) {
if (targetAreaIdentifier.startsWith(el))
@@ -688,13 +687,7 @@ public boolean isInterfederationSSOStorageAllowed() {
}
public boolean isIDPPublicService() throws ConfigurationException {
- try {
- return !hasBaseIdTransferRestriction();
-
- } catch (EAAFConfigurationException e) {
- throw new ConfigurationException("internal.00", new Object[] {}, e);
-
- }
+ return !hasBaseIdTransferRestriction();
}
@@ -947,11 +940,14 @@ public List<String> getTargetsWithNoBaseIdTransferRestriction() {
@Override
-/**
- * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION
- */
public String getUniqueIdentifier() {
- return null;
+ return getPublicURLPrefix();
+}
+
+
+@Override
+public String getMinimumLevelOfAssurence() {
+ return getQaaLevel();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index db2499ad5..a0a34336c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -96,7 +96,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
Map<String, String> oa = getActiveOnlineApplication(spIdentifier);
if (oa == null) {
return null;
- }
+ }
return new OAAuthParameterDecorator(new SPConfigurationImpl(oa, this));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f401db8bf..11932f52a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -75,7 +75,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
* @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier()
*/
@Override
- public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+ public String getAreaSpecificTargetIdentifier() {
return this.oaTargetAreaIdentifier;
}
@@ -551,8 +551,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
@Override
public String getUniqueIdentifier() {
- // TODO Auto-generated method stub
- return null;
+ return getPublicURLPrefix();
+ }
+
+ @Override
+ public String getMinimumLevelOfAssurence() {
+ return getQaaLevel();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index 0e8a988ce..ba3eba2e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -33,7 +33,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -76,7 +76,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public String getQAALevel() {
if (this.QAALevel != null &&
this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
- String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+ String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
if (MiscUtil.isNotEmpty(mappedQAA))
return mappedQAA;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index 20588ad0b..b1f123bbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -30,7 +30,9 @@ import java.util.List;
import java.util.Map.Entry;
import java.util.Set;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
/**
* @author tlenz
@@ -40,9 +42,9 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
private static final long serialVersionUID = 7148730740582881862L;
- private PVPTargetConfiguration sloRequest = null;
- private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
- private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
+ private IRequest sloRequest = null;
+ private LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs;
+ private LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs;
private List<String> sloFailedOAs = null;
private String transactionID = null;
private String sessionID = null;
@@ -51,8 +53,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
*
*/
public SLOInformationContainer() {
- this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>();
- this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>();
+ this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationInterface>();
+ this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationInterface>();
this.sloFailedOAs = new ArrayList<String>();
}
@@ -61,28 +63,28 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
/**
* @return the activeFrontChannalOAs
*/
- public LinkedHashMap<String, SLOInformationImpl> getActiveFrontChannalOAs() {
+ public LinkedHashMap<String, SLOInformationInterface> getActiveFrontChannalOAs() {
return activeFrontChannalOAs;
}
/**
* @param activeFrontChannalOAs the activeFrontChannalOAs to set
*/
- public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs) {
+ public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs) {
this.activeFrontChannalOAs = activeFrontChannalOAs;
}
/**
* @return the activeBackChannelOAs
*/
- public LinkedHashMap<String, SLOInformationImpl> getActiveBackChannelOAs() {
+ public LinkedHashMap<String, SLOInformationInterface> getActiveBackChannelOAs() {
return activeBackChannelOAs;
}
/**
* @param activeBackChannelOAs the activeBackChannelOAs to set
*/
- public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs) {
+ public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs) {
this.activeBackChannelOAs = activeBackChannelOAs;
}
@@ -98,7 +100,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
* @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getFrontChannelOASessionDescriptions()
*/
@Override
- public Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions() {
+ public Set<Entry<String, SLOInformationInterface>> getFrontChannelOASessionDescriptions() {
return activeFrontChannalOAs.entrySet();
}
@@ -122,7 +124,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
* @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getBackChannelOASessionDescripten(java.lang.String)
*/
@Override
- public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+ public SLOInformationInterface getBackChannelOASessionDescripten(String oaID) {
return activeBackChannelOAs.get(oaID);
}
@@ -134,19 +136,12 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
activeBackChannelOAs.remove(oaID);
}
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getSloRequest()
- */
- @Override
- public PVPTargetConfiguration getSloRequest() {
- return sloRequest;
- }
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#setSloRequest(at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration)
*/
@Override
- public void setSloRequest(PVPTargetConfiguration sloRequest) {
+ public void setSloRequest(IRequest sloRequest) {
this.sloRequest = sloRequest;
}
@@ -197,7 +192,11 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
public void setSessionID(String sessionID) {
this.sessionID = sessionID;
}
-
-
+
+
+ @Override
+ public IRequest getSloRequest() {
+ return this.sloRequest;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 1d1e2f36a..5ff923bce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -26,6 +26,8 @@ import java.io.Serializable;
import org.opensaml.saml2.metadata.SingleLogoutService;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+
/**
* @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
deleted file mode 100644
index 31fdaacfd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-/**
- * @author tlenz
- *
- */
-public interface SLOInformationInterface{
-
-
- /**
- * get AssertionID which was used for Service Provider Single LogOut request
- *
- * @return
- * SessionID (SessionIndex in case of SAML2)
- */
- public String getSessionIndex();
-
- /**
- * get user identifier which was used
- *
- * @return
- * bPK / wbPK (nameID in case of SAML2)
- */
- public String getUserNameIdentifier();
-
-
- /**
- * get protocol type which was used for authentication
- *
- * @return
- * return authentication protocol type
- */
- public String getProtocolType();
-
- /**
- * @return
- */
- public String getUserNameIDFormat();
-
- /**
- * Get the unique entityID of this Service-Provider
- *
- * @return unique identifier, but never null
- */
- public String getSpEntityID();
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 2e1af43e4..c05a271f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -22,12 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
-import java.util.ArrayList;
-import java.util.Collection;
import java.util.Enumeration;
-import java.util.Iterator;
import java.util.List;
-import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -35,46 +31,31 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +73,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
- public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+
@Autowired private ITransactionStorage transactionStorage;
@@ -105,87 +86,33 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
@Override
- public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
- throws EAAFException {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3)
+ public ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId)
throws EAAFException {
- // TODO Auto-generated method stub
-
- }
-
-
-
- public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
- performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
-
- }
-
- public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
- performSingleLogOut(httpReq, httpResp, session, null, authURL);
-
- }
-
-
- public void performOnlyIDPLogOut(HttpServletRequest request,
- HttpServletResponse response, String internalMOASsoSessionID) {
- Logger.info("Remove active user-session");
-
- if(internalMOASsoSessionID == null) {
- internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID));
- }
-
- if(internalMOASsoSessionID == null) {
- Logger.info("NO MOA Session to logout");
- return;
- }
-
- AuthenticationSession authSession;
- try {
- authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
-
- if(authSession == null) {
- Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
- return;
- }
-
- performOnlyIDPLogOut(authSession);
-
- } catch (MOADatabaseException e) {
- Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
- return;
- }
-
- }
-
-
- private void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
String pvpSLOIssuer = null;
- String inboundRelayState = null;
String uniqueSessionIdentifier = "notSet";
String uniqueTransactionIdentifier = "notSet";
-
+ PVPTargetConfiguration pvpReq = null;
Logger.debug("Start technical Single LogOut process ... ");
- if (pvpReq != null) {
- MOARequest samlReq = (MOARequest) pvpReq.getRequest();
- LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
- pvpSLOIssuer = logOutReq.getIssuer().getValue();
- inboundRelayState = samlReq.getRelayState();
- uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier();
- uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier();
+
+ if (pendingReq != null) {
+ uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
+ uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
+
+ if (pendingReq instanceof PVPTargetConfiguration) {
+ pvpReq = ((PVPTargetConfiguration)pendingReq);
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+ pvpSLOIssuer = logOutReq.getIssuer().getValue();
+ }
+ if (MiscUtil.isEmpty(internalSSOId))
+ internalSSOId = pendingReq.getSSOSessionIdentifier();
+
} else {
AuthenticationSessionExtensions sessionExt;
try {
- sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+ sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(internalSSOId);
if (sessionExt != null)
uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
@@ -199,8 +126,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
}
//store active OAs to SLOContaine
- List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
- List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
+ List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(internalSSOId);
+ List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(internalSSOId);
SLOInformationContainer sloContainer = new SLOInformationContainer();
sloContainer.setTransactionID(uniqueTransactionIdentifier);
sloContainer.setSessionID(uniqueSessionIdentifier);
@@ -213,13 +140,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
+ " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
+ " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size()
+ " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
-
+
+
//terminate MOASession
try {
- authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
- ssoManager.deleteSSOSessionID(httpReq, httpResp);
+ authenticatedSessionStore.destroyInternalSSOSession(internalSSOId);
+ ssoManager.destroySSOSessionOnIDPOnly(httpReq, httpResp, pendingReq);
revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
-
Logger.debug("Active SSO Session on IDP is remove.");
} catch (MOADatabaseException e) {
@@ -228,165 +155,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
}
- Logger.trace("Starting Service-Provider logout process ... ");
- revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);
- //start service provider back channel logout process
- Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
- while (nextOAInterator.hasNext()) {
- SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
- LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr);
-
- try {
- Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
- List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
-
- LogoutResponse sloResp = null;
- for (XMLObject el : soapResp) {
- if (el instanceof LogoutResponse)
- sloResp = (LogoutResponse) el;
- }
-
- if (sloResp == null) {
- Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
- + " FAILED. NO LogOut response received.");
- sloContainer.putFailedOA(sloDescr.getSpEntityID());
-
- } else {
- samlVerificationEngine.verifySLOResponse(sloResp,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-
- }
-
- sloBuilder.checkStatusCode(sloContainer, sloResp);
-
- } catch (SOAPException e) {
- Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
- + " FAILED.", e);
- sloContainer.putFailedOA(sloDescr.getSpEntityID());
-
- } catch (SecurityException | InvalidProtocolRequestException e) {
- Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
- + " FAILED.", e);
- sloContainer.putFailedOA(sloDescr.getSpEntityID());
-
- }
- }
-
- //start service provider front channel logout process
- try {
- if (sloContainer.hasFrontChannelOA()) {
- String relayState = Random.nextRandom();
-
- Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
- List<String> sloReqList = new ArrayList<String>();
- for (Entry<String, SLOInformationImpl> el : sloDescr) {
- Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
-
- LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue());
- try {
- sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(),
- sloReq, httpReq, httpResp, relayState));
-
- } catch (Exception e) {
- Logger.warn("Failed to build SLO request for OA:" + el.getKey());
- sloContainer.putFailedOA(el.getKey());
-
- }
- }
-
- //put SLO process-information into transaction storage
- transactionStorage.put(relayState, sloContainer, -1);
-
- if (MiscUtil.isEmpty(authURL))
- authURL = pvpReq.getAuthURL();
-
- String timeOutURL = authURL
- + "/idpSingleLogout"
- + "?restart=" + relayState;
-
- DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
- authURL,
- DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
- null);
-
- config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
- config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
- config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
-
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-
-
- } else {
- if (pvpReq != null) {
- //send SLO response to SLO request issuer
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-
- } else {
- //print SLO information directly
- DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
- authURL,
- DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
- null);
-
- if (sloContainer.getSloFailedOAs() == null ||
- sloContainer.getSloFailedOAs().size() == 0) {
- revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
- config.putCustomParameter("successMsg",
- MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
-
- } else {
- revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- config.putCustomParameterWithOutEscaption("errorMsg",
- MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-
- }
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-
- }
-
- }
+ return sloContainer;
- } catch (GUIBuildException e) {
- Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
- throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-
- } catch (MOADatabaseException e) {
- Logger.error("MOA AssertionDatabase ERROR", e);
- if (pvpReq != null) {
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-
- revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-
- }else {
- //print SLO information directly
- DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
- authURL,
- DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
- null);
-
- revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
- config.putCustomParameterWithOutEscaption("errorMsg",
- MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-
- try {
- guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-
- } catch (GUIBuildException e1) {
- Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
- throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-
- }
-
- }
-
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
}
@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index bded1943b..d3d7a9456 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -72,11 +72,15 @@ public class SSOManager implements ISSOManager {
private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+ public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
+
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
@Autowired private AuthConfiguration authConfig;
@Autowired private IRevisionLogger revisionsLogger;
+
+
//@Autowired private MOASessionDBUtils moaSessionDBUtils;
@@ -113,7 +117,7 @@ public class SSOManager implements ISSOManager {
return isSSOValid;
- } catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) {
+ } catch (SessionDataStorageException | ConfigurationException | EAAFStorageException e) {
Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
Logger.info("All SSO session will be ignored.");
@@ -151,8 +155,9 @@ public class SSOManager implements ISSOManager {
public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException {
//populate pending request with eID data from SSO session if no userConsent is required
- try {
- AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier());
+ try {
+ String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(pendingReq.getSSOSessionIdentifier());
+ AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
if (ssoMOASession == null)
Logger.info("No MOASession FOUND with provided SSO-Cookie.");
@@ -192,25 +197,26 @@ public class SSOManager implements ISSOManager {
if (isValidSSOSession(ssoid, null)) {
//delete SSO session and MOA session
- AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid);
+ String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid);
+ AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
- if (ssoSession == null) {
+ if (ssoMOASession == null) {
Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
return false;
}
- ssoSession.setAuthenticated(false);
+ ssoMOASession.setAuthenticated(false);
//log Session_Destroy to reversionslog
AuthenticationSessionExtensions sessionExtensions =
- authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID());
+ authenticatedSessionStore.getAuthenticationSessionExtensions(ssoMOASession.getSSOSessionID());
revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
- authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID());
+ authenticatedSessionStore.destroyInternalSSOSession(ssoMOASession.getSSOSessionID());
}
- } catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) {
+ } catch (ConfigurationException | SessionDataStorageException | EAAFStorageException e) {
Logger.info("NO MOA Authentication data for ID " + ssoid);
return false;
@@ -235,14 +241,15 @@ public class SSOManager implements ISSOManager {
* @param httpResp HttpServletResponse
* @param protocolRequest Authentication request which is actually in process
* @throws SessionDataStorageException
+ * @throws EAAFStorageException
*
**/
public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
- IRequest protocolRequest) throws SessionDataStorageException {
+ IRequest protocolRequest) throws SessionDataStorageException, EAAFStorageException {
String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
String interfederationIDP =
- protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+ protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
if (MiscUtil.isNotEmpty(interfederationIDP)) {
Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
return;
@@ -254,14 +261,14 @@ public class SSOManager implements ISSOManager {
RequestImpl moaReq = (RequestImpl) protocolRequest;
if (MiscUtil.isNotEmpty(interIDP)) {
Logger.info("Receive SSO request for interfederation IDP " + interIDP);
- moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP);
+ moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
} else {
//check if IDP cookie is set
String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
if (MiscUtil.isNotEmpty(cookie)) {
Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
- moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie);
+ moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
}
@@ -283,7 +290,7 @@ public class SSOManager implements ISSOManager {
Logger.debug("Add SSO information to MOASession.");
//Store SSO information into database
- String newSSOSessionId = createSSOSessionInformations(moaSession.getSessionID(),
+ String newSSOSessionId = createSSOSessionInformations(moaSession.getSSOSessionID(),
pendingReq.getSPEntityId());
//set SSO cookie to response
@@ -298,7 +305,7 @@ public class SSOManager implements ISSOManager {
return newSSOSessionId;
}
- public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException {
// search SSO Session
if (ssoSessionID == null) {
@@ -328,7 +335,7 @@ public class SSOManager implements ISSOManager {
//in case of federated SSO session, jump to federated IDP for authentication
String interfederationIDP =
- protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+ protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
if (MiscUtil.isEmpty(interfederationIDP)) {
InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -337,7 +344,7 @@ public class SSOManager implements ISSOManager {
//no local SSO session exist -> request interfederated IDP
Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
protocolRequest.setGenericDataToSession(
- RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
+ DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
@@ -360,18 +367,18 @@ public class SSOManager implements ISSOManager {
}
- public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException {
- return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
-
- }
+// public String getInternalSSOSession(String ssoSessionID) throws MOADatabaseException {
+// return authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+//
+// }
//TODO: refactor for faster DB access
public String getUniqueSessionIdentifier(String ssoSessionID) {
try {
if (MiscUtil.isNotEmpty(ssoSessionID)) {
- AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
- if (moaSession != null) {
- AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID());
+ String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+ if (MiscUtil.isNotEmpty(ssoSessionId)) {
+ AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSessionId);
return extSessionInformation.getUniqueSessionId();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
deleted file mode 100644
index 9262e97c2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class BPKAttributeBuilder implements IPVPAttributeBuilder {
-
- public String getName() {
- return BPK_NAME;
- }
-
- public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
- IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- String bpk = authData.getBPK();
- String type = authData.getBPKType();
-
- if (MiscUtil.isEmpty(bpk))
- throw new UnavailableAttributeException(BPK_NAME);
-
- if (type.startsWith(Constants.URN_PREFIX_WBPK))
- type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_CDID))
- type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_EIDAS))
- type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-
- if (bpk.length() > BPK_MAX_LENGTH) {
- bpk = bpk.substring(0, BPK_MAX_LENGTH);
- }
-
- Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-
- return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
- }
-
- public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
deleted file mode 100644
index 783e044f8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
-
- public String getName() {
- return EID_SECTOR_FOR_IDENTIFIER_NAME;
- }
-
- public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
- IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- String bpktype = authData.getBPKType();
-
- if (MiscUtil.isEmpty(authData.getBPKType()))
- throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME);
-
- return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
- }
-
- public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 2f18c78e2..7c2207d1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -43,11 +44,14 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
try {
- byte[] signerCertificate = authData.getSignerCertificate();
- if (signerCertificate != null) {
- return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME,
+ if (authData instanceof IMOAAuthData) {
+ byte[] signerCertificate = ((IMOAAuthData)authData).getSignerCertificate();
+ if (signerCertificate != null) {
+ return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME,
Base64Utils.encodeToString(signerCertificate));
- }
+ }
+ } else
+ Logger.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context");
}catch (Exception e) {
Logger.info("Signer certificate BASE64 encoding error");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index e91bc90d6..090cf6b21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
@@ -38,16 +40,20 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.getEncbPKList() != null &&
- authData.getEncbPKList().size() > 0) {
- String value = authData.getEncbPKList().get(0);
- for (int i=1; i<authData.getEncbPKList().size(); i++)
- value += ";"+authData.getEncbPKList().get(i);
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).getEncbPKList() != null &&
+ ((IMOAAuthData)authData).getEncbPKList().size() > 0) {
+ String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+ for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
+ value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);
- return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
- value);
+ return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
+ value);
- }
+ }
+
+ } else
+ Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
index e1e7440e6..c65199dd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
import java.io.IOException;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -45,7 +45,7 @@ public class HolderOfKey implements IPVPAttributeBuilder {
try {
byte[] certEncoded = authData.getGenericData(
- MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE,
+ EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE,
byte[].class);
if (certEncoded != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 007f7403a..171dfe2d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -45,25 +46,30 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //only provide full mandate if it is included.
- //In case of federation only a short mandate could be include
- if (authData.getMandate() != null) {
- String fullMandate;
- try {
- fullMandate = DOMUtils.serializeNode(authData
- .getMandate());
- return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
- MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
- } catch (TransformerException e) {
- Logger.error("Failed to generate Full Mandate", e);
- } catch (IOException e) {
- Logger.error("Failed to generate Full Mandate", e);
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //only provide full mandate if it is included.
+ //In case of federation only a short mandate could be include
+ if (((IMOAAuthData)authData).getMandate() != null) {
+ String fullMandate;
+ try {
+ fullMandate = DOMUtils.serializeNode(((IMOAAuthData)authData)
+ .getMandate());
+ return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
+ } catch (TransformerException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ } catch (IOException e) {
+ Logger.error("Failed to generate Full Mandate", e);
+ }
}
+ throw new NoMandateDataAttributeException();
+
}
- throw new NoMandateDataAttributeException();
- }
+ } else
+ Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index e41a5ccf1..26ea1823e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,34 +45,39 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
-
- //get PVP attribute directly, if exists
- String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
-
- if (MiscUtil.isEmpty(fullName)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
-
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
-
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+
+ //get PVP attribute directly, if exists
+ String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
+
+ if (MiscUtil.isEmpty(fullName)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if (corporation == null) {
+ Logger.info("No corporation mandate");
+ throw new NoMandateDataAttributeException();
+
+ }
+ fullName = corporation.getFullName();
}
- CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
- if (corporation == null) {
- Logger.info("No corporation mandate");
- throw new NoMandateDataAttributeException();
-
- }
- fullName = corporation.getFullName();
+ return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
+ fullName);
+
}
- return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
- fullName);
- }
+ } else
+ Logger.info(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index e20cf6684..cad8416b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,11 +45,14 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
- MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData));
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)));
- }
+ }
+ } else
+ Logger.info(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
return null;
@@ -59,7 +63,7 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu
}
- protected String getLegalPersonIdentifierFromMandate(IAuthData authData) throws NoMandateDataAttributeException {
+ protected String getLegalPersonIdentifierFromMandate(IMOAAuthData authData) throws NoMandateDataAttributeException {
//get PVP attribute directly, if exists
String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 098ecf68f..5fa0a5c48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,39 +45,44 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+ if (MiscUtil.isEmpty(sourcePinType)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
- if (MiscUtil.isEmpty(sourcePinType)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
-
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
-
- }
- CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
- if (corporation == null) {
- Logger.info("No corporate mandate");
- throw new NoMandateDataAttributeException();
-
- }
- if (corporation.getIdentification().size() == 0) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if (corporation == null) {
+ Logger.info("No corporate mandate");
+ throw new NoMandateDataAttributeException();
+
+ }
+ if (corporation.getIdentification().size() == 0) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+
+ }
+ sourcePinType = corporation.getIdentification().get(0).getType();
}
- sourcePinType = corporation.getIdentification().get(0).getType();
+ return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+ sourcePinType);
}
- return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
- sourcePinType);
- }
+ } else
+ Logger.info(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ebec019ae..9160ef453 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -107,46 +108,49 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {
//get PVP attribute directly, if exists
Pair<String, String> calcResult = null;
-
- if (authData.isUseMandate()) {
- String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
-
- if (MiscUtil.isEmpty(bpk)) {
- //read bPK from mandate if it is not directly included
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
- IdentificationType id = null;
- id = physicalPerson.getIdentification().get(0);
- if (id == null) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
- }
-
-
- if (id.getType().equals(Constants.URN_PREFIX_BASEID))
- calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(),
- oaParam.getAreaSpecificTargetIdentifier());
- else
- calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
-
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
- } else {
- Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
- calcResult = Pair.newInstance(bpk, null);
+ if (MiscUtil.isEmpty(bpk)) {
+ //read bPK from mandate if it is not directly included
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ if (id == null) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+ }
+
+
+ if (id.getType().equals(Constants.URN_PREFIX_BASEID))
+ calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(),
+ oaParam.getAreaSpecificTargetIdentifier());
+ else
+ calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+
+ } else {
+ Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
+ calcResult = Pair.newInstance(bpk, null);
+
+ }
}
- }
+
+ } else
+ Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context");
return calcResult;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index 0b8263ffb..e91087484 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -65,41 +66,44 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException {
- if (authData.isUseMandate()) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
//get PVP attribute directly, if exists
String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class);
if (MiscUtil.isEmpty(birthDayString)) {
- //read bPK from mandate if it is not directly included
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.info("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
+ if (authData instanceof IMOAAuthData) {
+ //read bPK from mandate if it is not directly included
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.info("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
- String dateOfBirth = physicalPerson.getDateOfBirth();
- try {
- DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
- mandateFormat.setLenient(false);
- Date date = mandateFormat.parse(dateOfBirth);
- DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
- birthDayString = pvpDateFormat.format(date);
+ String dateOfBirth = physicalPerson.getDateOfBirth();
+ try {
+ DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+ mandateFormat.setLenient(false);
+ Date date = mandateFormat.parse(dateOfBirth);
+ DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+ birthDayString = pvpDateFormat.format(date);
- }
- catch (ParseException e) {
- Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
- throw new InvalidDateFormatAttributeException();
+ }
+ catch (ParseException e) {
+ Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
+ throw new InvalidDateFormatAttributeException();
- }
+ }
+ } else
+ Logger.info(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + " is only available in MOA-ID context");
} else {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 38a520298..9261ba063 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -47,40 +48,45 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
- //get PVP attribute directly, if exists
- String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
-
- if (MiscUtil.isEmpty(familyName)) {
- //read mandator familyName from mandate if it is not directly included
- Element mandate = authData.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if(physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
-
- StringBuilder sb = new StringBuilder();
- Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+ //get PVP attribute directly, if exists
+ String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
- while(fNamesit.hasNext())
- sb.append(" " + fNamesit.next().getValue());
-
- familyName = sb.toString();
+ if (MiscUtil.isEmpty(familyName)) {
+ //read mandator familyName from mandate if it is not directly included
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+
+ while(fNamesit.hasNext())
+ sb.append(" " + fNamesit.next().getValue());
+
+ familyName = sb.toString();
+
+ }
+ return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
}
- return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
- MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
- }
+ } else
+ Logger.info(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index be8e761e0..fe952253d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -46,37 +47,41 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
-
- if (MiscUtil.isEmpty(givenName)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
- StringBuilder sb = new StringBuilder();
- Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
-
- while (gNamesit.hasNext())
- sb.append(" " + gNamesit.next());
-
- givenName = sb.toString();
+ if (MiscUtil.isEmpty(givenName)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+
+ while (gNamesit.hasNext())
+ sb.append(" " + gNamesit.next());
+
+ givenName = sb.toString();
+
+ }
+ return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
}
- return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
- }
+ } else
+ Logger.info(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 2890b72d9..3c0a2cc94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -45,36 +46,41 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- Element mandate = authData.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator()
- .getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
- IdentificationType id = null;
- id = physicalPerson.getIdentification().get(0);
-
- if(authData.isBaseIDTransferRestrication()) {
- throw new AttributePolicyException(this.getName());
- }
-
- if(id == null) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+
+ if(authData.isBaseIDTransferRestrication()) {
+ throw new AttributePolicyException(this.getName());
+ }
+
+ if(id == null) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+ }
+
+ return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
}
- return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
- MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
- }
+ } else
+ Logger.info(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 6b3ed6768..0d9009778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,31 +45,36 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- Element mandate = authData.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- PhysicalPersonType physicalPerson = mandateObject.getMandator()
- .getPhysicalPerson();
- if (physicalPerson == null) {
- Logger.debug("No physicalPerson mandate");
- throw new NoMandateDataAttributeException();
- }
- IdentificationType id = null;
- id = physicalPerson.getIdentification().get(0);
- if(id == null) {
- Logger.info("Failed to generate IdentificationType");
- throw new NoMandateDataAttributeException();
- }
-
- return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
- MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
- }
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.debug("No physicalPerson mandate");
+ throw new NoMandateDataAttributeException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ if(id == null) {
+ Logger.info("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+ }
+
+ return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+
+ } else
+ Logger.info(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index d8804d395..3cd9ef3e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -31,8 +31,10 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -43,42 +45,47 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if(authData.isUseMandate()) {
- String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
-
- if (MiscUtil.isEmpty(profRepName)) {
- IMISMandate misMandate = authData.getMISMandate();
-
- if(misMandate == null) {
- throw new NoMandateDataAttributeException();
- }
-
- profRepName = misMandate.getTextualDescriptionOfOID();
+ if (authData instanceof IMOAAuthData) {
+ if(((IMOAAuthData)authData).isUseMandate()) {
+ String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
- //only read textual prof. rep. OID describtion from mandate annotation
- // if also OID exists
- if (MiscUtil.isEmpty(profRepName)
- && MiscUtil.isNotEmpty(misMandate.getProfRep())) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
+ if (MiscUtil.isEmpty(profRepName)) {
+ IMISMandate misMandate = ((IMOAAuthData)authData).getMISMandate();
+
+ if(misMandate == null) {
throw new NoMandateDataAttributeException();
}
- Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate());
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
-
- profRepName = mandateObject.getAnnotation();
+ profRepName = misMandate.getTextualDescriptionOfOID();
+
+ //only read textual prof. rep. OID describtion from mandate annotation
+ // if also OID exists
+ if (MiscUtil.isEmpty(profRepName)
+ && MiscUtil.isNotEmpty(misMandate.getProfRep())) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(((IMOAAuthData)authData).getMandate());
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+ }
+
+ profRepName = mandateObject.getAnnotation();
+
+ }
}
+
+ if(MiscUtil.isNotEmpty(profRepName))
+ return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, profRepName);
+
}
- if(MiscUtil.isNotEmpty(profRepName))
- return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
- MANDATE_PROF_REP_DESC_NAME, profRepName);
-
- }
+ } else
+ Logger.info(MANDATE_PROF_REP_DESC_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 555f92fe0..6cdf64dc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -28,7 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,25 +41,30 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);
-
- if (MiscUtil.isEmpty(profRepOID)) {
- IMISMandate mandate = authData.getMISMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);
+
+ if (MiscUtil.isEmpty(profRepOID)) {
+ IMISMandate mandate = ((IMOAAuthData)authData).getMISMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+ }
+
+ profRepOID = mandate.getProfRep();
+
}
-
- profRepOID = mandate.getProfRep();
+
+ if(MiscUtil.isEmpty(profRepOID))
+ return null;
+ else
+ return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
}
-
- if(MiscUtil.isEmpty(profRepOID))
- return null;
- else
- return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
- }
+ } else
+ Logger.info(MANDATE_PROF_REP_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 45cce5852..f609117a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
@@ -36,11 +38,16 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+
+ return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
+ ((IMOAAuthData)authData).getMandateReferenceValue());
+ }
+
+ } else
+ Logger.info(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME + " is only available in MOA-ID context");
- return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
- authData.getMandateReferenceValue());
- }
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index 3bc7d5a2d..5471c5a13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -30,8 +30,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
@@ -42,27 +44,32 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
-
- if (MiscUtil.isEmpty(mandateType)) {
- Element mandate = authData.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
+
+ if (MiscUtil.isEmpty(mandateType)) {
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
+
+ }
+ mandateType = mandateObject.getAnnotation();
}
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
- mandateType = mandateObject.getAnnotation();
-
+ return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
}
-
- return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
- }
+
+ } else
+ Logger.info(MANDATE_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index d5c89fc97..88f5bc2f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -38,18 +39,23 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData.isUseMandate()) {
- //get PVP attribute directly, if exists
- String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
-
- if (MiscUtil.isEmpty(mandateType)) {
- Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
- return null;
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData)authData).isUseMandate()) {
+ //get PVP attribute directly, if exists
+ String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
+ if (MiscUtil.isEmpty(mandateType)) {
+ Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
+ return null;
+
+ }
+
+ return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
}
-
- return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
- }
+
+ } else
+ Logger.info(MANDATE_TYPE_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index cc48873af..c17f1a4dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -37,36 +37,50 @@ import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.data.Trible;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -76,12 +90,15 @@ import at.gv.egovernment.moa.logging.Logger;
public class AttributQueryAction implements IAction {
@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
- @Autowired private AuthenticationDataBuilder authDataBuilder;
+ @Autowired private IAuthenticationDataBuilder authDataBuilder;
@Autowired private IDPCredentialProvider pvpCredentials;
@Autowired private AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired(required=true) ApplicationContext springContext;
+ @Autowired private AttributQueryBuilder attributQueryBuilder;
+ @Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -109,14 +126,14 @@ public class AttributQueryAction implements IAction {
try {
//get Single Sign-On information for the Service-Provider
// which sends the Attribute-Query request
- AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+ AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
if (moaSession == null) {
- Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND.");
- throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()});
+ Logger.warn("No MOASession with ID:" + pendingReq.getSSOSessionIdentifier() + " FOUND.");
+ throw new MOAIDException("auth.02", new Object[]{pendingReq.getSSOSessionIdentifier()});
}
InterfederationSessionStore nextIDPInformation =
- authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID());
+ authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
AttributeQuery attrQuery =
(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
@@ -157,9 +174,9 @@ public class AttributQueryAction implements IAction {
throw new MOAIDException("pvp2.01", null, e);
} catch (MOADatabaseException e) {
- Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier()
+ Logger.error("MOASession with SessionID=" + pendingReq.getSSOSessionIdentifier()
+ " is not found in Database", e);
- throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() });
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getSSOSessionIdentifier() });
}
@@ -195,7 +212,7 @@ public class AttributQueryAction implements IAction {
((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {
- authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+ authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
}
//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
@@ -208,15 +225,18 @@ public class AttributQueryAction implements IAction {
+ " for authentication information.");
//load configuration of next IDP
- IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix());
- if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) {
+ IOAAuthParameters idpLoaded =
+ authConfig.getServiceProviderConfiguration(
+ nextIDPInformation.getIdpurlprefix(),
+ OAAuthParameterDecorator.class);
+ if (idpLoaded == null || !(idpLoaded instanceof IOAAuthParameters)) {
Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix()
+ "is not loadable.");
throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()});
}
- OAAuthParameter idp = (OAAuthParameter) idpLoaded;
+ IOAAuthParameters idp = idpLoaded;
//check if next IDP config allows inbound messages
if (!idp.isInboundSSOInterfederationAllowed()) {
@@ -227,7 +247,7 @@ public class AttributQueryAction implements IAction {
}
//check next IDP service area policy. BusinessService IDPs can only request wbPKs
- if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) {
+ if (!spConfig.hasBaseIdTransferRestriction() && idp.hasBaseIdTransferRestriction()) {
Logger.error("Interfederated IDP " + idp.getPublicURLPrefix()
+ " is a BusinessService-IDP but requests PublicService attributes.");
throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()});
@@ -239,7 +259,7 @@ public class AttributQueryAction implements IAction {
* 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module
* but used in moa-id-lib. This should be refactored!!!
*/
- AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes,
+ AssertionAttributeExtractor extractor = getAuthDataFromAttributeQuery(reqAttributes,
nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata");
//mark attribute request as used
@@ -262,7 +282,7 @@ public class AttributQueryAction implements IAction {
} else {
Logger.debug("Build authData for AttributQuery from local MOASession.");
- IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig);
+ IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq);
//add default attributes in case of mandates or STORK is in use
List<String> attrList = addDefaultAttributes(reqAttributes, authData);
@@ -270,12 +290,19 @@ public class AttributQueryAction implements IAction {
//build Set of response attributes
List<Attribute> respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList);
- return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel());
+ return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getEIDASQAALevel());
}
} catch (MOAIDException e) {
throw e;
+
+ } catch (EAAFAuthenticationException e) {
+ throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+
+ } catch (EAAFConfigurationException e) {
+ throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+
}
}
@@ -307,7 +334,8 @@ public class AttributQueryAction implements IAction {
}
//add default mandate attributes if it is a authentication with mandates
- if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+ if (authData instanceof IMOAAuthData)
+ if (((IMOAAuthData)authData).isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
for (String el : DEFAULTMANDATEATTRIBUTES) {
if (!reqAttributeNames.contains(el))
reqAttributeNames.add(el);
@@ -317,4 +345,76 @@ public class AttributQueryAction implements IAction {
return reqAttributeNames;
}
+ /**
+ * Get PVP authentication attributes by using a SAML2 AttributeQuery
+ *
+ * @param reqQueryAttr List of PVP attributes which are requested
+ * @param userNameID SAML2 UserNameID of the user for which attributes are requested
+ * @param idpConfig Configuration of the IDP, which is requested
+ * @return
+ * @return PVP attribute DAO, which contains all received information
+ * @throws MOAIDException
+ */
+ public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
+ String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+ String idpEnityID = idpConfig.getPublicURLPrefix();
+
+ try {
+ Logger.debug("Starting AttributeQuery process ...");
+ //collect attributes by using BackChannel communication
+ String endpoint = idpConfig.getIDPAttributQueryServiceURL();
+ if (MiscUtil.isEmpty(endpoint)) {
+ Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
+ throw new ConfigurationException("config.26", new Object[]{idpEnityID});
+
+ }
+
+ //build attributQuery request
+ AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
+
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("auth.27",
+ new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
+
+ }
+
+ Response intfResp;
+ if (xmlObjects.get(0) instanceof Response) {
+ intfResp = (Response) xmlObjects.get(0);
+
+ //validate PVP 2.1 response
+ try {
+ samlVerificationEngine.verifyIDPResponse(intfResp,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+ metadataProvider));
+
+ //create assertion attribute extractor from AttributeQuery response
+ return new AssertionAttributeExtractor(intfResp);
+
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("auth.27",
+ new Object[]{idpEnityID, e.getMessage()}, e);
+ }
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("auth.27",
+ new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
+
+ }
+
+ } catch (SOAPException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (SecurityException e) {
+ throw new BuildException("builder.06", null, e);
+
+ }
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index a8adc9ca0..43c860488 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -38,10 +38,10 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IAction;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.logging.Logger;
@Service("PVPAuthenticationRequestAction")
public class AuthenticationAction implements IAction {
- @Autowired IDPCredentialProvider pvpCredentials;
+ @Autowired IDPCredentialProvider pvpCredentials;
@Autowired AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired(required=true) ApplicationContext springContext;
@@ -123,7 +123,7 @@ public class AuthenticationAction implements IAction {
//set protocol type
sloInformation.setProtocolType(req.requestedModule());
- sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
+ sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
return sloInformation;
} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index baaf8b681..76956b5a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -30,10 +30,10 @@ import org.springframework.stereotype.Service;
import com.google.common.net.MediaType;
-import at.gv.egiz.eaaf.core.api.IAction;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -48,7 +48,7 @@ public class MetadataAction implements IAction {
- @Autowired private IRevisionLogger revisionsLogger;
+ @Autowired private IRevisionLogger revisionsLogger;
@Autowired private IDPCredentialProvider credentialProvider;
@Autowired private PVPMetadataBuilder metadatabuilder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 038e384f3..591aaa7cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,6 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.util.Arrays;
import java.util.List;
@@ -57,14 +59,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -80,7 +83,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -90,16 +92,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-
+
@Controller
public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
@@ -107,6 +107,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
@Autowired SAMLVerificationEngineSP samlVerificationEngine;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+
public static final String NAME = PVP2XProtocol.class.getName();
public static final String PATH = "id_pvp2x";
@@ -137,16 +139,17 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
public PVP2XProtocol() {
super();
- }
+ }
//PVP2.x metadata end-point
@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
- public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
- if (!authConfig.getAllowedProtocols().isPVP21Active()) {
- Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+// Logger.info("PVP2.1 is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//
+// }
+
//create pendingRequest object
PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
pendingReq.initialize(req);
@@ -166,12 +169,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//PVP2.x IDP POST-Binding end-point
@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
- public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
- if (!authConfig.getAllowedProtocols().isPVP21Active()) {
- Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+// Logger.info("PVP2.1 is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//
+// }
PVPTargetConfiguration pendingReq = null;
@@ -206,7 +209,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
} catch (SecurityException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -216,7 +219,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
} catch (MOAIDException e) {
@@ -240,10 +243,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//PVP2.x IDP Redirect-Binding end-point
@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
- public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+ public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
}
PVPTargetConfiguration pendingReq = null;
@@ -278,7 +281,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
} catch (SecurityException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -288,7 +291,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
} catch (MOAIDException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -315,12 +318,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//PVP2.x IDP SOAP-Binding end-point
@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
- public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
- if (!authConfig.getAllowedProtocols().isPVP21Active()) {
- Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-
- }
+ public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+// Logger.info("PVP2.1 is deaktivated!");
+// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//
+// }
PVPTargetConfiguration pendingReq = null;
try {
@@ -354,7 +357,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
} catch (SecurityException e) {
String samlRequest = req.getParameter("SAMLRequest");
@@ -364,7 +367,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (pendingReq != null)
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
} catch (MOAIDException e) {
//write revision log entries
@@ -393,7 +396,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
InboundMessage msg = pendingReq.getRequest();
if (MiscUtil.isEmpty(msg.getEntityID())) {
- throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
}
@@ -425,8 +428,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
}
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
//switch to session authentication
performAuthentication(request, response, pendingReq);
@@ -451,7 +453,6 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
- ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
String moaError = null;
if(e instanceof NoPassivAuthenticationException) {
@@ -473,12 +474,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if(statusMessageValue != null) {
statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
}
- moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
+ moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
} else {
statusCode.setValue(StatusCode.RESPONDER_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
- moaError = errorUtils.getResponseErrorCode(e);
+ moaError = statusMessager.getResponseErrorCode(e);
}
@@ -544,10 +545,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
* @param response
* @param msg
* @return
+ * @throws EAAFException
* @throws MOAIDException
*/
private void preProcessLogOut(HttpServletRequest request,
- HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException {
+ HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
InboundMessage inMsg = pendingReq.getRequest();
MOARequest msg;
@@ -564,11 +566,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
String oaURL = metadata.getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+ ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
- pendingReq.setOAURL(oaURL);
+ pendingReq.setSPEntityId(oaURL);
pendingReq.setOnlineApplicationConfiguration(oa);
pendingReq.setBinding(msg.getRequestBinding());
@@ -584,17 +586,25 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
- List<String> allowedPublicURLPrefix =
- AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
- boolean isAllowedDestination = false;
+// List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
+// AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
- for (String prefix : allowedPublicURLPrefix) {
- if (resp.getDestination().startsWith(
- prefix)) {
- isAllowedDestination = true;
- break;
- }
+ boolean isAllowedDestination = false;
+ try {
+ isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
+
+ } catch (MalformedURLException e) {
+ Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
+
}
+
+// for (String prefix : allowedPublicURLPrefix) {
+// if (resp.getDestination().startsWith(
+// prefix)) {
+// isAllowedDestination = true;
+// break;
+// }
+// }
if (!isAllowedDestination) {
Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
@@ -607,7 +617,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
} else
- throw new MOAIDException("Unsupported request", new Object[] {});
+ throw new EAAFException("Unsupported request");
pendingReq.setRequest(inMsg);
@@ -641,13 +651,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
}
- //check if Issuer is an interfederation IDP
- // check parameter
- if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
-
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID());
+ //check if Issuer is an interfederation IDP
+ IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
if (!oa.isInderfederationIDP()) {
Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
@@ -671,7 +676,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
//set preProcessed information into pending-request
pendingReq.setRequest(moaRequest);
- pendingReq.setOAURL(moaRequest.getEntityID());
+ pendingReq.setSPEntityId(moaRequest.getEntityID());
pendingReq.setOnlineApplicationConfiguration(oa);
pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
@@ -682,7 +687,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
pendingReq.setAction(AttributQueryAction.class.getName());
//add moasession
- pendingReq.setInternalSSOSessionIdentifier(session.getSessionID());
+ pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
//write revisionslog entry
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
@@ -717,13 +722,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
if (authnRequest.getIssueInstant() == null) {
Logger.warn("Unsupported request: No IssueInstant Attribute found.");
- throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {},
+ "Unsupported request: No IssueInstant Attribute found", pendingReq);
}
if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
- throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
+ "Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
}
@@ -790,22 +797,22 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
AuthnRequestValidator.validate(authReq);
- String useMandate = request.getParameter(PARAM_USEMANDATE);
- if(useMandate != null) {
- if(useMandate.equals("true") && attributeConsumer != null) {
- if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
- throw new MandateAttributesNotHandleAbleException();
- }
- }
- }
+// String useMandate = request.getParameter(PARAM_USEMANDATE);
+// if(useMandate != null) {
+// if(useMandate.equals("true") && attributeConsumer != null) {
+// if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+// throw new MandateAttributesNotHandleAbleException();
+// }
+// }
+// }
String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+ ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
- pendingReq.setOAURL(oaURL);
+ pendingReq.setSPEntityId(oaURL);
pendingReq.setOnlineApplicationConfiguration(oa);
pendingReq.setBinding(consumerService.getBinding());
pendingReq.setRequest(moaRequest);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 46e5b83f6..67cbafe90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
@Service("PVPAssertionStorage")
@@ -47,11 +47,11 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
relyingPartyId,
issuerId,
samlMessage);
-
- try {
+
+ try {
transactionStorage.put(artifact, assertion, -1);
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
// TODO Insert Error Handling, if Assertion could not be stored
throw new MarshallingException("Assertion are not stored in Database.",e);
}
@@ -61,7 +61,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
try {
return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
// TODO Insert Error Handling, if Assertion could not be read
e.printStackTrace();
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 060a5fcc2..95a2d8715 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,31 +22,24 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.logging.Logger;
@Component("PVPTargetConfiguration")
@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
public class PVPTargetConfiguration extends RequestImpl {
+ @Autowired(required=true) IConfiguration authConfig;
+
public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";
@@ -55,10 +48,17 @@ public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
+
+
InboundMessage request;
String binding;
String consumerURL;
+ public void initialize(HttpServletRequest req) throws EAAFException {
+ super.initialize(req, authConfig);
+
+ }
+
public InboundMessage getRequest() {
return request;
}
@@ -84,61 +84,61 @@ public class PVPTargetConfiguration extends RequestImpl {
}
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
- */
- @Override
- public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-
- Map<String, String> reqAttr = new HashMap<String, String>();
- for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
- reqAttr.put(el, "");
-
- try {
- SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-
- Integer aIdx = null;
- if (getRequest() instanceof MOARequest &&
- ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
- AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
- aIdx = authnRequest.getAttributeConsumingServiceIndex();
-
- } else {
- Logger.error("MOARequest is NOT of type AuthnRequest");
- }
-
- int idx = 0;
-
- AttributeConsumingService attributeConsumingService = null;
-
- if (aIdx != null) {
- idx = aIdx.intValue();
- attributeConsumingService = spSSODescriptor
- .getAttributeConsumingServices().get(idx);
-
- } else {
- List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
- for (AttributeConsumingService el : attrConsumingServiceList) {
- if (el.isDefault())
- attributeConsumingService = el;
- }
- }
-
- for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
- reqAttr.put(attr.getName(), "");
- }
-
- //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
- return reqAttr.keySet();
-
- } catch (NoMetadataInformationException e) {
- Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
- return null;
-
- }
-
- }
+// /* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+// */
+// @Override
+// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//
+// Map<String, String> reqAttr = new HashMap<String, String>();
+// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+// reqAttr.put(el, "");
+//
+// try {
+// SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+// if (spSSODescriptor.getAttributeConsumingServices() != null &&
+// spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+//
+// Integer aIdx = null;
+// if (getRequest() instanceof MOARequest &&
+// ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
+// AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
+// aIdx = authnRequest.getAttributeConsumingServiceIndex();
+//
+// } else {
+// Logger.error("MOARequest is NOT of type AuthnRequest");
+// }
+//
+// int idx = 0;
+//
+// AttributeConsumingService attributeConsumingService = null;
+//
+// if (aIdx != null) {
+// idx = aIdx.intValue();
+// attributeConsumingService = spSSODescriptor
+// .getAttributeConsumingServices().get(idx);
+//
+// } else {
+// List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+// for (AttributeConsumingService el : attrConsumingServiceList) {
+// if (el.isDefault())
+// attributeConsumingService = el;
+// }
+// }
+//
+// for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+// reqAttr.put(attr.getName(), "");
+// }
+//
+// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+// return reqAttr.keySet();
+//
+// } catch (NoMetadataInformationException e) {
+// Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+// return null;
+//
+// }
+//
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 2d8d0f66f..6b945d692 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -35,20 +35,20 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IAction;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -71,7 +71,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
public class SingleLogOutAction implements IAction {
@Autowired private SSOManager ssomanager;
- @Autowired private AuthenticationManager authManager;
+ @Autowired private IAuthenticationManager authManager;
@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
@Autowired private ITransactionStorage transactionStorage;
@Autowired private SingleLogOutBuilder sloBuilder;
@@ -84,7 +84,7 @@ public class SingleLogOutAction implements IAction {
@Override
public SLOInformationInterface processRequest(IRequest req,
HttpServletRequest httpReq, HttpServletResponse httpResp,
- IAuthData authData) throws MOAIDException {
+ IAuthData authData) throws EAAFException {
PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
@@ -94,12 +94,12 @@ public class SingleLogOutAction implements IAction {
MOARequest samlReq = (MOARequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
- IAuthenticationSession session =
- authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
+ String ssoSessionId =
+ authenticationSessionStorage.searchSSOSessionWithNameIDandOAID(
logOutReq.getIssuer().getValue(),
logOutReq.getNameID().getValue());
- if (session == null) {
+ if (MiscUtil.isEmpty(ssoSessionId)) {
Logger.warn("Can not find active SSO session with nameID "
+ logOutReq.getNameID().getValue() + " and OA "
+ logOutReq.getIssuer().getValue());
@@ -116,10 +116,10 @@ public class SingleLogOutAction implements IAction {
} else {
try {
- session = ssomanager.getInternalMOASession(ssoID);
+ ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID);
- if (session == null)
- throw new MOADatabaseException();
+ if (MiscUtil.isEmpty(ssoSessionId))
+ throw new MOADatabaseException("");
} catch (MOADatabaseException e) {
Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -134,8 +134,13 @@ public class SingleLogOutAction implements IAction {
}
}
- authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
-
+ pvpReq.setSSOSessionIdentifier(ssoSessionId);
+ ISLOInformationContainer sloInformationContainer
+ = authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId);
+
+ Logger.debug("Starting technical SLO process ... ");
+ sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
+
} else if (pvpReq.getRequest() instanceof MOAResponse &&
((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
Logger.debug("Process Single LogOut response");
@@ -178,7 +183,7 @@ public class SingleLogOutAction implements IAction {
// AssertionStore element = (AssertionStore) result.get(0);
// Object data = SerializationUtils.deserialize(element.getAssertion());
Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId());
- Object o = transactionStorage.getAssertionStore(relayState);
+ Object o = transactionStorage.getRaw(relayState);
if(o==null){
Logger.trace("No entries found.");
throw new MOADatabaseException("No sessioninformation found with this ID");
@@ -202,12 +207,12 @@ public class SingleLogOutAction implements IAction {
// session.saveOrUpdate(element);
// tx.commit();
Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId());
- transactionStorage.putAssertionStore(element);
+ transactionStorage.putRaw(element.getArtifact(), element);
//sloContainer could be stored to database
storageSuccess = true;
- } catch(MOADatabaseException e) {
+ } catch(EAAFException e) {
//tx.rollback();
counter++;
@@ -230,11 +235,12 @@ public class SingleLogOutAction implements IAction {
storageSuccess = true;
String redirectURL = null;
- if (sloContainer.getSloRequest() != null) {
- //send SLO response to SLO request issuer
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
- redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState());
+ IRequest sloReq = sloContainer.getSloRequest();
+ if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+ //send SLO response to SLO request issuer
+ SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
+ LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
+ redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
} else {
//print SLO information directly
@@ -276,7 +282,7 @@ public class SingleLogOutAction implements IAction {
}
}
}
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
Logger.error("MOA AssertionDatabase ERROR", e);
throw new SLOException("pvp2.19", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index c662a0af5..f3af12a2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,11 +49,10 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 6beaee92b..07da57d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -32,15 +32,15 @@ import java.util.ServiceLoader;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.RequestedAttribute;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -97,13 +97,13 @@ public class PVPAttributeBuilder {
}
- public static Attribute buildAttribute(String name, IOAAuthParameters oaParam,
- IAuthData authData) throws PVP2Exception, AttributeException {
+ public static Attribute buildAttribute(String name, ISPConfiguration oaParam,
+ IAuthData authData) throws PVP2Exception, AttributeBuilderException {
if (builders.containsKey(name)) {
try {
return builders.get(name).build(oaParam, authData, generator);
}
- catch (AttributeException e) {
+ catch (AttributeBuilderException e) {
if (e instanceof UnavailableAttributeException) {
throw e;
} else if (e instanceof InvalidDateFormatAttributeException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index be8c2abdf..a55e873b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -95,7 +95,7 @@ public class PVPAuthnRequestBuilder {
// use POST binding as default if it exists
if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- endpoint = sss;
+ endpoint = sss;
} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
&& endpoint == null )
@@ -215,7 +215,7 @@ public class PVPAuthnRequestBuilder {
//encode message
binding.encodeRequest(null, httpResp, authReq,
- endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
+ endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index d11d57ab8..a1d7f5d3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -23,8 +23,12 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -52,6 +56,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.X509Credential;
@@ -63,12 +69,23 @@ import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -85,8 +102,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformation
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -98,6 +119,181 @@ public class SingleLogOutBuilder {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@Autowired(required=true) ApplicationContext springContext;
@Autowired private IDPCredentialProvider credentialProvider;
+ @Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired private IGUIFormBuilder guiBuilder;
+ @Autowired(required=true) protected IRevisionLogger revisionsLogger;
+ @Autowired private ITransactionStorage transactionStorage;
+
+ public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+
+ public void toTechnicalLogout(ISLOInformationContainer sloContainer,
+ HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {
+ Logger.trace("Starting Service-Provider logout process ... ");
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);
+
+ //start service provider back channel logout process
+ Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
+ while (nextOAInterator.hasNext()) {
+ SLOInformationInterface sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+ LogoutRequest sloReq = buildSLORequestMessage(sloDescr);
+
+ try {
+ Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
+ List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+
+ LogoutResponse sloResp = null;
+ for (XMLObject el : soapResp) {
+ if (el instanceof LogoutResponse)
+ sloResp = (LogoutResponse) el;
+ }
+
+ if (sloResp == null) {
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ + " FAILED. NO LogOut response received.");
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
+
+ } else {
+ samlVerificationEngine.verifySLOResponse(sloResp,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+
+ }
+
+ checkStatusCode(sloContainer, sloResp);
+
+ } catch (SOAPException e) {
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
+
+ } catch (SecurityException | InvalidProtocolRequestException e) {
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
+
+ }
+ }
+
+ IRequest pendingReq = null;
+ PVPTargetConfiguration pvpReq = null;
+ //start service provider front channel logout process
+ try {
+ if (sloContainer.hasFrontChannelOA()) {
+ String relayState = Random.nextRandom();
+
+ Collection<Entry<String, SLOInformationInterface>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
+ List<String> sloReqList = new ArrayList<String>();
+ for (Entry<String, SLOInformationInterface> el : sloDescr) {
+ Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
+
+ LogoutRequest sloReq = buildSLORequestMessage(el.getValue());
+ try {
+ sloReqList.add(getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(),
+ sloReq, httpReq, httpResp, relayState));
+
+ } catch (Exception e) {
+ Logger.warn("Failed to build SLO request for OA:" + el.getKey());
+ sloContainer.putFailedOA(el.getKey());
+
+ }
+ }
+
+ //put SLO process-information into transaction storage
+ transactionStorage.put(relayState, sloContainer, -1);
+
+ if (MiscUtil.isEmpty(authUrl))
+ authUrl = sloContainer.getSloRequest().getAuthURL();
+
+ String timeOutURL = authUrl
+ + "/idpSingleLogout"
+ + "?restart=" + relayState;
+
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authUrl,
+ DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
+ null);
+
+ config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
+ config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
+ config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
+
+ guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+
+
+ } else {
+ pendingReq = sloContainer.getSloRequest();
+ if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+ //send SLO response to SLO request issuer
+ pvpReq = (PVPTargetConfiguration)pendingReq;
+ SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+
+ } else {
+ //print SLO information directly
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authUrl,
+ DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
+ null);
+
+ if (sloContainer.getSloFailedOAs() == null ||
+ sloContainer.getSloFailedOAs().size() == 0) {
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+ config.putCustomParameter("successMsg",
+ MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
+
+ } else {
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+ config.putCustomParameterWithOutEscaption("errorMsg",
+ MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+
+ }
+ guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+
+ }
+
+ }
+
+ } catch (GUIBuildException e) {
+ Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+ throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ if (pvpReq != null) {
+ SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+
+ }else {
+ //print SLO information directly
+ DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+ authUrl,
+ DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
+ null);
+
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+ config.putCustomParameterWithOutEscaption("errorMsg",
+ MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+
+ try {
+ guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+
+ } catch (GUIBuildException e1) {
+ Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+ throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+
+ }
+
+ }
+
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
@@ -221,7 +417,7 @@ public class SingleLogOutBuilder {
}
- public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException {
+ public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
SecureRandomIdentifierGenerator gen;
@@ -237,17 +433,17 @@ public class SingleLogOutBuilder {
DateTime now = new DateTime();
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL()));
+ issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
issuer.setFormat(NameID.ENTITY);
sloReq.setIssuer(issuer);
sloReq.setIssueInstant(now);
sloReq.setNotOnOrAfter(now.plusMinutes(5));
- sloReq.setDestination(sloInfo.getServiceURL());
+ sloReq.setDestination(sloDescr.getServiceURL());
NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
- nameID.setFormat(sloInfo.getUserNameIDFormat());
- nameID.setValue(sloInfo.getUserNameIdentifier());
+ nameID.setFormat(sloDescr.getUserNameIDFormat());
+ nameID.setValue(sloDescr.getUserNameIdentifier());
sloReq.setNameID(nameID );
//sign message
@@ -435,9 +631,9 @@ public class SingleLogOutBuilder {
public void parseActiveOAs(SLOInformationContainer container,
List<OASessionStore> dbOAs, String removeOAID) {
if (container.getActiveBackChannelOAs() == null)
- container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (container.getActiveFrontChannalOAs() == null)
- container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (dbOAs != null) {
@@ -491,9 +687,9 @@ public class SingleLogOutBuilder {
public void parseActiveIDPs(SLOInformationContainer container,
List<InterfederationSessionStore> dbIDPs, String removeIDP) {
if (container.getActiveBackChannelOAs() == null)
- container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (container.getActiveFrontChannalOAs() == null)
- container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+ container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
if (dbIDPs != null) {
for (InterfederationSessionStore el : dbIDPs) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 40c85945f..056e2bba0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.id.util.QAALevelVerifier;
import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
* @param issuerEntityID EnitiyID, which should be used for this IDP response
* @param attrQuery AttributeQuery request from Service-Provider
* @param attrList List of PVP response attributes
- * @param now Current time
+ * @param now Current time
* @param validTo ValidTo time of the assertion
* @param qaaLevel QAA level of the authentication
* @param sessionIndex SAML2 SessionIndex, which should be included *
@@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnContextClassRef authnContextClassRef = SAML2Utils
.createSAMLObject(AuthnContextClassRef.class);
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+ ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
} else {
- boolean stork_qaa_1_4_found = false;
+ boolean eIDAS_qaa_found = false;
List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
.getAuthnContextClassRefs();
- if (reqAuthnContextClassRefIt.size() == 0) {
-
- QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
- STORK_QAA_1_4);
+ if (reqAuthnContextClassRefIt.size() == 0) {
+ QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ eIDAS_qaa_found = true;
+ authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
} else {
for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
String qaa_uri = authnClassRef.getAuthnContextClassRef();
- if (qaa_uri.trim().equals(STORK_QAA_1_4)
- || qaa_uri.trim().equals(STORK_QAA_1_3)
- || qaa_uri.trim().equals(STORK_QAA_1_2)
- || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+
+ if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
+ Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
+ qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
+
+ }
+
+ if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
+ || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
+ || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
if (authData.isForeigner()) {
- QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
- STORK_QAA_PREFIX + oaParam.getQaaLevel());
+ QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+ eIDAS_qaa_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
} else {
- QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(),
qaa_uri.trim());
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+ eIDAS_qaa_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
}
break;
@@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- if (!stork_qaa_1_4_found) {
- throw new QAANotSupportedException(STORK_QAA_1_4);
- }
+ if (!eIDAS_qaa_found)
+ throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
+
}
@@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
//build nameID and nameID Format from moasession
//TODO: nameID generation
- if (authData.isUseMandate()) {
+ if (authData instanceof IMOAAuthData &&
+ ((IMOAAuthData)authData).isUseMandate()) {
String bpktype = null;
String bpk = null;
- Element mandate = authData.getMandate();
+ Element mandate = ((IMOAAuthData)authData).getMandate();
if(mandate != null) {
Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
index e462b277e..6ccacd6c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
@@ -31,7 +31,7 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 64f5c7d73..81eca3765 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -44,7 +44,8 @@ import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -157,7 +158,7 @@ public class PVPConfiguration {
try {
Logger.trace("Load metadata signing certificate for online application " + entityID);
- IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+ ISPConfiguration oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
if (oaParam == null) {
Logger.info("Online Application with ID " + entityID + " not found!");
return null;
@@ -186,6 +187,11 @@ public class PVPConfiguration {
} catch (IOException e) {
Logger.warn("Metadata signer certificate is not decodeable.", e);
return null;
+
+ } catch (EAAFConfigurationException e) {
+ Logger.error("Configuration is not accessable.", e);
+ return null;
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b1e7df014..c82e6bdf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
public NameIDFormatNotSupportedException(String nameIDFormat) {
- super("pvp2.12", new Object[] {nameIDFormat});
+ super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 86284a2f4..7d43732a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -49,12 +49,14 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
@@ -72,7 +74,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
// private static MOAMetadataProvider instance = null;
MetadataProvider internalProvider = null;
- private Timer timer = null;
+ private Timer timer = null;
private static Object mutex = new Object();
//private Map<String, Date> lastAccess = null;
@@ -110,7 +112,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
Logger.trace("Check consistence of PVP2X metadata");
addAndRemoveMetadataProvider();
- } catch (ConfigurationException e) {
+ } catch (ConfigurationException | EAAFConfigurationException e) {
Logger.error("Access to MOA-ID configuration FAILED.", e);
}
@@ -156,8 +158,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
//reload metadata provider
- IOAAuthParameters oaParam =
- authConfig.getOnlineApplicationParameter(entityID);
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
if (oaParam != null) {
String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
if (MiscUtil.isNotEmpty(metadataURL)) {
@@ -175,7 +176,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
if (MiscUtil.isNotEmpty(certBase64)) {
byte[] cert = Base64Utils.decode(certBase64, false);
- String oaFriendlyName = oaParam.getFriendlyName();
+ String oaFriendlyName = oaParam.getUniqueIdentifier();
if (timer == null)
timer = new Timer(true);
@@ -222,6 +223,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
} catch (ConfigurationException e) {
Logger.warn("Refresh PVP2X metadata for onlineApplication: "
+ entityID + " FAILED.", e);
+
+ } catch (EAAFConfigurationException e) {
+ Logger.warn("Refresh PVP2X metadata for onlineApplication: "
+ + entityID + " FAILED.", e);
}
return false;
@@ -246,7 +251,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
- private void addAndRemoveMetadataProvider() throws ConfigurationException {
+ private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
Logger.info("Reload MOAMetaDataProvider.");
@@ -282,8 +287,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- IOAAuthParameters oaParam =
- authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -409,7 +413,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
* This method is deprecated because OA metadata should be loaded dynamically
* if the corresponding OA is requested.
*/
- private void loadAllPVPMetadataFromKonfiguration() {
+ private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
@@ -423,11 +427,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- IOAAuthParameters oaParam =
- authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
- String oaFriendlyName = oaParam.getFriendlyName();
+ String oaFriendlyName = oaParam.getUniqueIdentifier();
MetadataProvider httpProvider = null;
try {
@@ -489,7 +492,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
}
- private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
+ private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
filterChain.getFilters().add(
@@ -497,7 +500,9 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
false)));
- if (oaParam.isInderfederationIDP()) {
+
+
+ if ((new OAAuthParameterDecorator(oaParam)).isInderfederationIDP()) {
Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 6c2235654..c87b7515f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
import java.io.File;
+import java.net.MalformedURLException;
import java.util.Timer;
import javax.net.ssl.SSLHandshakeException;
@@ -57,6 +58,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
@Autowired
+ //protected IConfiguration authConfig;
protected AuthConfiguration authConfig;
/**
@@ -76,21 +78,30 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
else {
- String absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
- metadataLocation,
- authConfig.getRootConfigFileDir());
-
- if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
- File metadataFile = new File(absoluteMetadataLocation);
- if (metadataFile.exists())
- return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+ String absoluteMetadataLocation;
+ try {
+ absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+ metadataLocation,
+ authConfig.getConfigurationRootDirectory().toURL().toString());
- else {
- Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
- return null;
- }
+ if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+ File metadataFile = new File(absoluteMetadataLocation);
+ if (metadataFile.exists())
+ return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+
+ else {
+ Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+ return null;
+ }
+
+ }
- }
+
+ } catch (MalformedURLException e) {
+ Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+
+ }
+
}
Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index af9ba0180..dd94e0093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -55,8 +56,9 @@ public abstract class AbstractCredentialProvider {
* Get KeyStore
*
* @return URL to the keyStore
+ * @throws ConfigurationException
*/
- public abstract String getKeyStoreFilePath();
+ public abstract String getKeyStoreFilePath() throws ConfigurationException;
/**
* Get keyStore password
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 381289824..ebaef348c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -53,14 +54,14 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
* @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
*/
@Override
- public String getKeyStoreFilePath() {
+ public String getKeyStoreFilePath() throws ConfigurationException {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
+
return FileUtils.makeAbsoluteURL(
- props.getProperty(IDP_JAVAKEYSTORE),
- authConfig.getRootConfigFileDir());
-
+ props.getProperty(IDP_JAVAKEYSTORE),
+ authConfig.getRootConfigFileDir());
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 528d8cbb6..d89d04664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -34,7 +34,8 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -52,8 +53,8 @@ public class EntityVerifier {
public static byte[] fetchSavedCredential(String entityID) {
// List<OnlineApplication> oaList = ConfigurationDBRead
// .getAllActiveOnlineApplications();
- try {
- IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+ try {
+ ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
if (oa == null) {
Logger.debug("No OnlineApplication with EntityID: " + entityID);
@@ -67,7 +68,7 @@ public class EntityVerifier {
}
- } catch (ConfigurationException e) {
+ } catch (ConfigurationException | EAAFConfigurationException e) {
Logger.error("Access MOA-ID configuration FAILED.", e);
} catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 870c70efe..50bc7fb68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -62,7 +62,7 @@ public class SAMLVerificationEngine {
public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
try {
- if (msg instanceof MOARequest &&
+ if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
@@ -112,10 +112,10 @@ public class SAMLVerificationEngine {
} catch (ValidationException e) {
Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
} catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
}
@@ -126,11 +126,11 @@ public class SAMLVerificationEngine {
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
}
} catch (org.opensaml.xml.security.SecurityException e) {
Logger.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
}
}
@@ -142,10 +142,10 @@ public class SAMLVerificationEngine {
} catch (ValidationException e) {
Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
} catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
}
@@ -156,11 +156,11 @@ public class SAMLVerificationEngine {
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
}
} catch (org.opensaml.xml.security.SecurityException e) {
Logger.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 9ae41c06c..c5f02e7de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -40,15 +40,17 @@ import org.springframework.transaction.annotation.Transactional;
import com.fasterxml.jackson.core.JsonProcessingException;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
@@ -68,14 +71,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
@PersistenceContext(unitName="session")
- private EntityManager entityManager;
+ private EntityManager entityManager;
@Autowired AuthConfiguration authConfig;
private static JsonMapper mapper = new JsonMapper();
-
- //@Autowired MOASessionDBUtils moaSessionDBUtils;
-
+
@Override
public boolean isAuthenticated(String internalSsoSessionID) {
@@ -108,7 +109,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
dbsession.setAdditionalInformation(mapper.serialize(sessionExt).getBytes("UTF-8"));
- AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
+ AuthenticationSession session = new AuthenticationSession(id, now,
+ new AuthenticationSessionWrapper(target.genericFullDataStorage()));
encryptSession(session, dbsession);
//store AssertionStore element to Database
@@ -123,7 +125,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
} catch (JsonProcessingException | UnsupportedEncodingException e) {
Logger.warn("Extended session information can not be stored.", e);
- throw new MOADatabaseException(e);
+ throw new MOADatabaseException("Extended session information can not be stored.", e);
}
@@ -180,7 +182,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
} catch (MOADatabaseException e) {
Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
+ throw new MOADatabaseException("MOASession could not be stored.", e);
} catch (JsonProcessingException | UnsupportedEncodingException e) {
Logger.warn("Extended session information can not be stored.", e);
@@ -228,12 +230,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
- MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException {
+ MiscUtil.assertNotNull(externelSSOId, "SSOsessionID");
+ Logger.trace("Get authenticated session with SSOID " + externelSSOId + " from database.");
Query query = entityManager.createNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOSessionID);
+ query.setParameter("sessionid", externelSSOId);
List<AuthenticatedSessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -245,7 +247,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
} else
try {
- return decryptSession(results.get(0));
+ return decryptSession(results.get(0)).getSSOSessionID();
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
@@ -312,7 +314,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//check if OA already has an active OA session
if (dbsession.getActiveOAsessions() != null) {
for (OASessionStore el : dbsession.getActiveOAsessions()) {
- if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
+ if (el.getOaurlprefix().equals(protocolRequest.getSPEntityId()))
activeOA = el;
}
}
@@ -321,7 +323,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
activeOA = new OASessionStore();
//set active OA applications
- activeOA.setOaurlprefix(protocolRequest.getOAURL());
+ activeOA.setOaurlprefix(protocolRequest.getSPEntityId());
activeOA.setMoasession(dbsession);
activeOA.setCreated(new Date());
@@ -360,21 +362,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
entityManager.merge(dbsession);
if (SLOInfo != null)
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId()
+ " and AssertionID: " + SLOInfo.getSessionIndex());
else
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId());
}
@Override
- public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
- MiscUtil.assertNotNull(moaSession, "MOASession");
+ public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId) {
+ MiscUtil.assertNotNull( ssoSessionId, "MOASession");
- Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
+ Logger.trace("Get OAs for moaSession " + ssoSessionId + " from database.");
Query query = entityManager.createNamedQuery("getAllActiveOAsForSessionID");
- query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("sessionID", ssoSessionId);
List<OASessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -384,13 +386,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
- MiscUtil.assertNotNull(moaSession, "MOASession");
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId) {
+ MiscUtil.assertNotNull( ssoSessionId, "MOASession");
- Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
+ Logger.trace("Get active IDPs for moaSession " + ssoSessionId + " from database.");
Query query = entityManager.createNamedQuery("getAllActiveIDPsForSessionID");
- query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("sessionID", ssoSessionId);
List<InterfederationSessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -399,7 +401,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID) {
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
@@ -419,8 +421,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
- try {
- return decryptSession(results.get(0));
+ try {
+ AuthenticationSession decrytedSession = decryptSession(results.get(0));
+
+ return decrytedSession.getSSOSessionID();
} catch (BuildException e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e);
@@ -434,11 +438,11 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(moaSession, "MOASession");
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(protocolType, "usedProtocol");
- Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSSOSessionID() + " with OAID "
+ oaID + " from database.");
Query query = entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
- query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("sessionID", moaSession.getSSOSessionID());
query.setParameter("oaID", oaID);
query.setParameter("protocol", protocolType);
List<AuthenticatedSessionStore> results = query.getResultList();
@@ -545,25 +549,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
+ public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException {
AuthenticatedSessionStore dbsession = null;
- AuthenticationSession moaSession = null;
+ String ssoSessionId = null;
Date now = new Date();
//search for active session
- if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
- Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
- moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+ if (MiscUtil.isNotEmpty(req.getSSOSessionIdentifier())) {
+ Logger.debug("Internal SSO-Session object: " + req.getSSOSessionIdentifier() + " used for federated SSO");
+ ssoSessionId = getInternalSSOSessionWithSSOID(req.getSSOSessionIdentifier());
} else {
Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
- moaSession = createInternalSSOSession(req);
+ ssoSessionId = createInternalSSOSession(req).getSSOSessionID();
}
- if (moaSession != null) {
+ if (MiscUtil.isNotEmpty(ssoSessionId)) {
try {
- dbsession = searchInDatabase(moaSession.getSessionID());
+ dbsession = searchInDatabase(ssoSessionId);
}catch (MOADatabaseException e) {
Logger.error("NO MOASession found but MOASession MUST already exist!");
@@ -617,7 +621,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
idp.setIdpurlprefix(idpEntityID);
idp.setAuthURL(req.getAuthURL());
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix());
+ IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(idp.getIdpurlprefix(), OAAuthParameterDecorator.class);
idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed());
idp.setMoasession(dbsession);
idpList.add(idp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 958ef4977..27d9d394d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -241,16 +241,17 @@ public class DBTransactionStorage implements ITransactionStorage {
}
}
-// public Object getAssertionStore(String key) throws MOADatabaseException{
-// return searchInDatabase(key);
-//
-// }
+ @Override
+ public Object getRaw(String key) throws MOADatabaseException {
+ return searchInDatabase(key);
+
+ }
-// @Override
-// public void putAssertionStore(Object element) throws MOADatabaseException{
-// entityManager.merge(element);
-//
-// }
+ @Override
+ public void putRaw(String key, Object element) throws MOADatabaseException {
+ entityManager.merge(element);
+
+ }
private void cleanDelete(AssertionStore element) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index 414df1328..ff9c4e358 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -26,7 +26,8 @@ import java.util.Date;
import java.util.List;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -110,13 +111,13 @@ public interface IAuthenticationSessionStoreage {
public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated);
/**
- * Find the MOASessionId of an active Single Sign-On session
+ * Find the internal SSO session identifier of an active Single Sign-On session
*
- * @param SSOSessionID Single Sign-On sessionID
- * @return internal MOA SSO-Session of the associated SSO-Session Id
+ * @param externelSSOId external Single Sign-On sessionID
+ * @return internal SSO-Session identifier
* @throws MOADatabaseException
*/
- public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException;
+ public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException;
/**
* Check if a MOASession is an active Single Sign-On session
@@ -151,28 +152,28 @@ public interface IAuthenticationSessionStoreage {
/**
* Get all Single Sign-On authenticated Service-Provider of a MOASession
*
- * @param moaSession MOASession data object
+ * @param ssoSessionId SSO session id
* @return List of Service-Provider information
*/
- public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession);
+ public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId);
/**
* Get all active interfederation connections for a MOASession
*
- * @param moaSession MOASession data object
+ * @param ssoSessionId SSO session id
* @return List of Interfederation-IDP information
*/
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession);
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId);
/**
- * Search a MOASession by using already transfered authentication information
+ * Search a SSO session by using already transfered authentication information
*
* @param oaID Service-Provider identifier, which has received the authentication information
* @param userNameID UserId (bPK), which was send to this Service-Provider
- * @return MOASession, or null if no corresponding MOASession is found
+ * @return SSO-session identifier, or null if no corresponding SSO session is found
*/
- public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+ public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID);
/**
* Search a active Single Sign-On session for a specific Service-Provider
@@ -220,8 +221,9 @@ public interface IAuthenticationSessionStoreage {
* @throws MOADatabaseException
* @throws AssertionAttributeExtractorExeption
* @throws BuildException
+ * @throws EAAFConfigurationException
*/
- public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException;
+ public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException;
/**
* Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index f30613474..8d36e81bb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -40,6 +40,7 @@ import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
@@ -352,12 +353,13 @@ private AssertionStore prepareAssertion(AssertionStore element, String key, Obje
}
@Override
-public Object getAssertionStore(String key) throws MOADatabaseException {
+public Object getRaw(String key) throws EAAFException {
return searchInDatabase(key);
+
}
@Override
-public void putAssertionStore(Object element) throws MOADatabaseException {
+public void putRaw(String key, Object element) throws EAAFException {
// TODO Auto-generated method stub
AssertionStore as = (AssertionStore)element;
final int expTime = redisTemplate.getExpire(as.getArtifact(), TimeUnit.MILLISECONDS).intValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
index 099a70470..3e3d9dafc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -33,7 +33,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class PVPtoSTORKMapper {
+public class LoALevelMapper {
private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
@@ -47,17 +47,17 @@ public class PVPtoSTORKMapper {
private Properties mapping = null;
- private static PVPtoSTORKMapper instance = null;
+ private static LoALevelMapper instance = null;
- public static PVPtoSTORKMapper getInstance() {
+ public static LoALevelMapper getInstance() {
if (instance == null) {
- instance = new PVPtoSTORKMapper();
+ instance = new LoALevelMapper();
}
return instance;
}
- private PVPtoSTORKMapper() {
+ private LoALevelMapper() {
try {
mapping = new Properties();
mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
index 88a64bd07..ca71ad946 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
@@ -22,8 +22,9 @@
*/
package at.gv.egovernment.moa.id.util;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
+import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -33,10 +34,23 @@ public class QAALevelVerifier {
public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
- Integer qaaA = Integer.valueOf(qaaAuth.substring(PVPConstants.STORK_QAA_PREFIX.length()));
- Integer qaaR = Integer.valueOf(qaaRequest.substring(PVPConstants.STORK_QAA_PREFIX.length()));
+ if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) &&
+ (EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) ||
+ EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+ EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+ )
+ Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
- if (qaaA < qaaR)
+ else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) &&
+ (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+ EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+ )
+ Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+
+ else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+ Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+
+ else
throw new QAANotAllowedException(qaaAuth, qaaRequest);
}