aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java14
6 files changed, 68 insertions, 60 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 3dc2639d5..f19881578 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1723,13 +1723,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// data.setRepresentative(representative);
// data.setRepresented(represented);
// data.setMandateContent(mandateContent);
- request.setPEPSData(data);
-
+ if(null != PEPSIdentifier)
+ request.setPEPSData(data);
+
+ // TODO add MIS data
// request.setMIS(value)
Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());
+ return response;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index e4bf37417..3bc152ec8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -36,8 +36,7 @@ public class StartAuthenticationBuilder {
Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
// STORK or normal authentication
- //TODO: commented because npe was thrown
- /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
//STORK authentication
Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
Logger.debug("Starting STORK authentication");
@@ -45,13 +44,13 @@ public class StartAuthenticationBuilder {
AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
return "";
- } else {*/
+ } else {
//normal MOA-ID authentication
Logger.debug("Starting normal MOA-ID authentication");
String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req);
return getIdentityLinkForm;
- //}
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 4a7676ec8..3ab6701c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -26,6 +26,7 @@ import java.util.Vector;
import org.w3c.dom.Element;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
@@ -254,7 +255,9 @@ public class AuthenticationSession implements Serializable {
private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
private boolean isForeigner;
-
+
+ private IPersonalAttributeList storkAttributes;
+
// private String requestedProtocolURL = null;
public String getModul() {
@@ -962,6 +965,24 @@ public class AuthenticationSession implements Serializable {
public void setAuthBlockTokken(String authBlockTokken) {
this.authBlockTokken = authBlockTokken;
}
+
+ /**
+ * Memorizes the stork attribute list.
+ *
+ * @param personalAttributeList the new stork attributes
+ */
+ public void setStorkAttributes(IPersonalAttributeList personalAttributeList) {
+ this.storkAttributes = personalAttributeList;
+ }
+
+ /**
+ * Recalls the stork attribute list.
+ *
+ * @return the stork attributes
+ */
+ public IPersonalAttributeList getStorkAttributes() {
+ return this.storkAttributes;
+ }
/**
// * @return the oAuth20SessionObject
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index f1ee4c181..f05180932 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -78,9 +78,6 @@ public class PEPSConnectorServlet extends AuthServlet {
//No authentication session has been started before
Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
- } else {
- //We know user and MOA takes over session handling, invalidate HttpSession
- httpSession.invalidate();
}
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
@@ -192,49 +189,28 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.info("Received Identity Link from SZR Gateway");
moaSession.setIdentityLink(identityLink);
- Logger.debug("Adding addtional STORK attributes to MOA assertion");
- //add other stork attributes to MOA assertion
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes());
- moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes);
+ Logger.debug("Adding addtional STORK attributes to MOA session");
+ moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
//We don't have BKUURL, setting from null to "Not applicable"
moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
- Logger.debug("Starting to assemble MOA assertion");
- //produce MOA-Assertion and artifact
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
- Logger.info("MOA assertion assembled and SAML Artifact generated.");
+
+ // free for single use
+ moaSession.setAuthenticatedUsed(false);
+
+ // stork did the authentication step
+ moaSession.setAuthenticated(true);
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
//redirect
String redirectURL = null;
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- /*redirectURL = moaSession.getOAURLRequested();
- if (!moaSession.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = response.encodeRedirectURL(redirectURL);*/
-
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
- } else {
-
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
- }
-
- try {
- AuthenticationSessionStoreage.storeSession(moaSession);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("Session store error", null);
- }
response.setContentType("text/html");
response.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index 9dede7179..664d0cf57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -14,7 +14,6 @@ import javax.xml.namespace.QName;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -35,7 +34,6 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -44,6 +42,7 @@ import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.util.SAMLUtil;
@@ -389,33 +388,29 @@ public class STORKResponseProcessor {
/**
* Transforms additional STORK attributes to MOA Extended attributes
- * @param storkAttributeList STORK attribute list
+ * @param iPersonalAttributeList STORK attribute list
* @return
*/
- public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(List<Attribute> storkAttributeList) {
+ public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
+ if(null == iPersonalAttributeList)
+ return moaExtendedSAMLAttributeList;
+
Logger.trace("Adding the following attributes to MOA assertion: ");
int count = 0;
- //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc
- for (Attribute attribute : storkAttributeList) {
- //attribute is not in default returned attribute set
- if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) {
-
- String attributeValue = null;
- if (!attribute.getAttributeValues().isEmpty()) {
- //we have attribute value
- attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0));
- }
- ExtendedSAMLAttribute extendedSAMLAttribute =
- new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
- moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
- count++;
- Logger.trace("Additional attribute: " + attribute.getName());
- }
+
+ for (PersonalAttribute attribute : iPersonalAttributeList) {
+ Object attributeValue = attribute.getValue();
+ if (null == attributeValue)
+ attributeValue = attribute.getComplexValue();
+ ExtendedSAMLAttribute extendedSAMLAttribute =
+ new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
+ moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
+ count++;
+ Logger.trace("Additional attribute: " + attribute.getName());
}
-
Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
return moaExtendedSAMLAttributeList;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index fa9dbe990..bf353bce4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -1,12 +1,17 @@
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -48,6 +53,15 @@ public class GetArtifactAction implements IAction {
oaParam,
target);
+ // add other stork attributes to MOA assertion if available
+ if(null != session.getStorkAttributes()) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes());
+ session.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes);
+ //produce MOA-Assertion and artifact
+ AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+ Logger.info("MOA assertion assembled and SAML Artifact generated.");
+ }
+
String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {