diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
9 files changed, 205 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9e15e04dd..27a2f3050 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,11 +24,15 @@ package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -90,7 +94,6 @@ import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidat import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -114,6 +117,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; + /** * API for MOA ID Authentication Service.<br> * {@link AuthenticationSession} is stored in a session store and retrieved @@ -295,6 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * </ul> * @param authURL URL of the servlet to be used as data URL * @param target "Geschäftsbereich" of the online application requested + * @param targetFriendlyName Friendly name of the target if the target is configured via configuration * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be <code>null</code>; in this case, the default location will be used @@ -310,6 +315,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String startAuthentication( String authURL, String target, + String targetFriendlyName, String oaURL, String templateURL, String bkuURL, @@ -343,15 +349,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { + if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { target = null; + targetFriendlyName = null; } session = newSession(); Logger.info("MOASession " + session.getSessionID() + " angelegt"); session.setTarget(target); + session.setTargetFriendlyName(targetFriendlyName); session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); @@ -509,7 +517,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // e.printStackTrace(); // } // - + // parses the <InfoboxReadResponse> IdentityLink identityLink = @@ -845,6 +853,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) //String oaURL = session.getPublicOAURLPrefix(); String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); @@ -854,6 +863,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { issueInstant, authURL, target, + targetFriendlyName, identificationValue, identificationType, oaURL, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 35c4244c6..db70a6111 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -150,6 +150,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String issueInstant, String authURL, String target, + String targetFriendlyName, String identityLinkValue, String identityLinkType, String oaURL, @@ -192,7 +193,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } } else { // OA is a govermental application - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + if (StringUtils.isEmpty(sectorName)) { + if (targetFriendlyName != null) + sectorName = targetFriendlyName; + } + + System.out.println("targetFriendlyName: " + targetFriendlyName); + System.out.println("sectorName: " + sectorName); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 61e4cd28b..e13379bda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -61,6 +61,14 @@ public class AuthenticationSession { */ private String target; /** + * Friendly name for the target, if target is configured via MOA-ID configuration + */ + private String targetFriendlyName; + /** + * Indicates if target from configuration is used or not + */ + private boolean useTargetFromConfig; + /** * public online application URL requested */ private String oaURLRequested; @@ -277,6 +285,14 @@ public class AuthenticationSession { public String getTarget() { return target; } + + /** + * Returns the target friendly name. + * @return String + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } /** * Sets the oaURLRequested. @@ -318,6 +334,13 @@ public class AuthenticationSession { this.target = target; } } + /** + * Sets the target. If the target includes the target prefix, the prefix will be stripped off. + * @param target The target to set + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } /** * Returns the authURL. @@ -643,6 +666,23 @@ public class AuthenticationSession { /** * + * @param useTargetFromConfig indicates if target from config is used or not + */ + public void setUseTargetFromConfig(boolean useTargetFromConfig) { + this.useTargetFromConfig = useTargetFromConfig; + + } + + /** + * Returns if target is used from mandate or not + * @return + */ + public boolean getUseTargetFromConfig() { + return this.useTargetFromConfig; + } + + /** + * * @param misSessionID indicates the MIS session ID */ public void setMISSessionID(String misSessionID) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index da787fe3f..2e20f483c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -246,10 +246,16 @@ public class IdentityLinkAssertionParser { XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); identityLink.setIdentificationType( XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); - identityLink.setGivenName( - XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); - identityLink.setFamilyName( - XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "")); + + String givenname = XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""); + String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""); + + // replace ' in name with ' + givenname = givenname.replace("'", "'"); + familyname = familyname.replace("'", "'"); + + identityLink.setGivenName(givenname); + identityLink.setFamilyName(familyname); identityLink.setDateOfBirth( XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); NodeIterator dsigRefTransforms = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index dc1cee3b2..dd8a3144a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -35,14 +35,17 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; /** * Servlet requested for selecting a BKU. @@ -114,8 +117,6 @@ public class SelectBKUServlet extends AuthServlet { try { // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) @@ -123,9 +124,33 @@ public class SelectBKUServlet extends AuthServlet { if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + + String returnValue = null; + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + } + else { + // use target from config + returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); + } - String returnValue = AuthenticationServer.getInstance().selectBKU( - authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { // bkuSelectionType==HTMLComplete diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 0eed89655..ca3883dad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -24,14 +24,9 @@ package at.gv.egovernment.moa.id.auth.servlet; -import iaik.pki.PKIException; - import java.io.IOException; import java.io.PrintWriter; -import java.security.GeneralSecurityException; -import java.util.List; -import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -39,19 +34,17 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; /** * Servlet requested for starting a MOA ID authentication session. @@ -109,9 +102,7 @@ public class StartAuthenticationServlet extends AuthServlet { try { // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - if (!ParamValidatorUtils.isValidOA(oaURL)) + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); @@ -122,12 +113,30 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - - String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); - + String getIdentityLinkForm = null; + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + } + else { + // use target from config + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + } + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index f6127eb12..d49d038fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -96,12 +96,16 @@ public class CreateXMLSignatureResponseValidator { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); } + // replace ' in name with ' + issuer = issuer.replace("'", "'"); + String issueInstant = samlAssertion.getAttribute("IssueInstant"); if (!issueInstant.equals(session.getIssueInstant())) { throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); } String name = identityLink.getName(); + if (!issuer.equals(name)) { throw new ValidateException("validator.33", new Object[] {issuer, name}); } @@ -174,10 +178,16 @@ public class CreateXMLSignatureResponseValidator { } } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundGB = true; - //BZ.. - gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; - //..BZ + foundGB = true; + String targetFriendlyName = session.getTargetFriendlyName(); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget); + if (StringUtils.isEmpty(sectorName)) { + if (targetFriendlyName != null) + sectorName = targetFriendlyName; + } + gbTarget = gbTarget + " (" + sectorName + ")"; + //gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; + System.out.println("Validate: " + gbTarget + " - " + samlAttribute.getValue()); if (!gbTarget.equals((String)samlAttribute.getValue())) { throw new ValidateException("validator.13", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index bdd0c3294..d81435f83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -504,6 +504,8 @@ public class ConfigurationBuilder { oap.setPublicURLPrefix(publicURLPrefix); oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); oap.setFriendlyName(oAElem.getAttribute("friendlyName")); + String targetConfig = oAElem.getAttribute("target"); + String targetFriendlyNameConfig = oAElem.getAttribute("targetFriendlyName"); // get the type of the online application String oaType = oAElem.getAttribute("type"); @@ -525,6 +527,17 @@ public class ConfigurationBuilder { Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } + + if (!StringUtils.isEmpty(targetConfig)) { + Logger.error("Target attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + if (!StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + + if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); //BZ.., setting type of IdLinkDomainIdentifier @@ -542,11 +555,19 @@ public class ConfigurationBuilder { slVersion = "1.2"; } else { - + + if (StringUtils.isEmpty(targetConfig) && !StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set alone for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + oap.setTarget(targetConfig); + oap.setTargetFriendlyName(targetFriendlyNameConfig); + if (authComponent!=null) { slVersion = authComponent.getAttribute("slVersion"); } + } oap.setSlVersion(slVersion); //Check if there is an Auth-Block to read from configuration diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 0c747b29f..56c97a802 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -55,6 +55,15 @@ public class OAParameter { private String friendlyName; /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + private String target; + /** + * specifies a friendly name for the target + */ + private String targetFriendlyName; + + /** * Returns the type of the online application. * @return the type of the online application. */ @@ -119,6 +128,37 @@ public class OAParameter { this.friendlyName = friendlyName; } + /** + * Gets the target of the OA + * @return target of the OA + */ + public String getTarget() { + return target; + } + + /** + * Sets the target of the OA + * @param target + */ + public void setTarget(String target) { + this.target = target; + } + /** + * Gets the target friendly name of the OA + * @return target Friendly Name of the OA + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the target friendly name of the OA + * @param targetFriendlyName + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + } |