aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java149
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java80
5 files changed, 191 insertions, 117 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 0bbfe25b2..e0ebcbab3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -548,7 +548,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// now validate the extended infoboxes
verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl());
- return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+ return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, false);
}
@@ -610,7 +610,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
- return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+ return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, true);
}
/**
@@ -623,7 +623,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException
* @throws ValidateException
*/
- public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
+ public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, boolean fromMandate)
throws
ConfigurationException,
BuildException,
@@ -635,21 +635,24 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- //BZ.., calculate bPK for signing to be already present in AuthBlock
- IdentityLink identityLink = session.getIdentityLink();
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(
- identityLink.getIdentificationValue(),
- session.getTarget());
- identityLink.setIdentificationValue(bpkBase64);
- }
- //..BZ
+
+ if (!fromMandate) {
+ //BZ.., calculate bPK for signing to be already present in AuthBlock
+ IdentityLink identityLink = session.getIdentityLink();
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(
+ identityLink.getIdentificationValue(),
+ session.getTarget());
+ identityLink.setIdentificationValue(bpkBase64);
+ }
+ //..BZ
+ }
// builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session);
+ String authBlock = buildAuthenticationBlock(session, fromMandate);
+
// session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
String[] transformsInfos = oaParam.getTransformsInfos();
@@ -832,7 +835,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException If an error occurs on serializing an extended SAML attribute
* to be appended to the AUTH-Block.
*/
- private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
+ private String buildAuthenticationBlock(AuthenticationSession session, boolean fromMandate) throws BuildException {
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
@@ -857,7 +860,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
oaURL,
gebDat,
extendedSAMLAttributes,
- session);
+ session,
+ fromMandate);
return authBlock;
}
@@ -1204,7 +1208,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
if (dob != null && !"".equals(dob)) {
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
-
}
// Mandate
@@ -1398,77 +1401,73 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
+
// Exchange person data information by a mandate if needed
+ boolean mandateMode = session.getUseMandate();
+
List oaAttributes = session.getExtendedSAMLAttributesOA();
IdentityLink replacementIdentityLink = null;
- if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) {
- // look if we have a mandate
- boolean foundMandate = false;
- Iterator it = oaAttributes.iterator();
- while (!foundMandate && it.hasNext()) {
- ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
- if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) {
- Object value = samlAttribute.getValue();
- if (value instanceof Element) {
- Element mandate = (Element) value;
- replacementIdentityLink = new IdentityLink();
- Element mandator = ParepUtils.extractMandator(mandate);
- String dateOfBirth = "";
- Element prPerson = null;
- String familyName = "";
- String givenName = "";
- String identificationType = "";
- String identificationValue = "";
- if (mandator != null) {
- boolean physical = ParepUtils.isPhysicalPerson(mandator);
- if (physical) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- familyName = ParepUtils.extractMandatorFullName(mandator);
- }
- identificationType = ParepUtils.getIdentification(mandator, "Type");
- identificationValue = ParepUtils.extractMandatorWbpk(mandator);
- prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
- if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
- // now we calculate the wbPK and do so if we got it from the BKU
- identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
- identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
- ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
- }
- }
- replacementIdentityLink.setDateOfBirth(dateOfBirth);
- replacementIdentityLink.setFamilyName(familyName);
- replacementIdentityLink.setGivenName(givenName);
- replacementIdentityLink.setIdentificationType(identificationType);
- replacementIdentityLink.setIdentificationValue(identificationValue);
- replacementIdentityLink.setPrPerson(prPerson);
- try {
- replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
- } catch (Exception e) {
- throw new ValidateException("validator.64", null);
- }
- } else {
- Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\"");
- throw new ValidateException("validator.64", null);
- }
- }
- }
- }
+// if (mandateMode) {
+// Iterator it = oaAttributes.iterator();
+// //ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
+// Element mandate = session.getMandateElem();
+// replacementIdentityLink = new IdentityLink();
+// Element mandator = ParepUtils.extractMandator(mandate);
+// String dateOfBirth = "";
+// Element prPerson = null;
+// String familyName = "";
+// String givenName = "";
+// String identificationType = "";
+// String identificationValue = "";
+// if (mandator != null) {
+// boolean physical = ParepUtils.isPhysicalPerson(mandator);
+// if (physical) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// familyName = ParepUtils.extractMandatorFullName(mandator);
+// }
+// identificationType = ParepUtils.getIdentification(mandator, "Type");
+// identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+// if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
+// // now we calculate the wbPK and do so if we got it from the BKU
+// identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
+// identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
+// ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
+// }
+//
+//
+// replacementIdentityLink.setDateOfBirth(dateOfBirth);
+// replacementIdentityLink.setFamilyName(familyName);
+// replacementIdentityLink.setGivenName(givenName);
+// replacementIdentityLink.setIdentificationType(identificationType);
+// replacementIdentityLink.setIdentificationValue(identificationValue);
+// replacementIdentityLink.setPrPerson(prPerson);
+// try {
+// replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
+// } catch (Exception e) {
+// throw new ValidateException("validator.64", null);
+// }
+//
+// }
+//
+// }
// builds authentication data and stores it together with a SAML artifact
AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
String samlArtifact =
- new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
storeAuthenticationData(samlArtifact, authData);
// invalidates the authentication session
sessionStore.remove(sessionID);
Logger.info(
- "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+ "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 98bc0197f..d48054e4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -24,10 +24,21 @@
package at.gv.egovernment.moa.id.auth.builder;
+import java.io.StringWriter;
import java.text.MessageFormat;
import java.util.List;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
@@ -143,7 +154,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List extendedSAMLAttributes,
- AuthenticationSession session)
+ AuthenticationSession session,
+ boolean fromMandate)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
@@ -197,12 +209,21 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
Logger.error("Error on building AUTH-Block: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
}
- ExtendedSAMLAttribute bpkAttribute =
- new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
- System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size());
+// String s = xmlToString(bpkSamlValueElement);
+// System.out.println("bpkSamlValueElement: " + s);
+
+
+ if (!fromMandate) {
+ ExtendedSAMLAttribute bpkAttribute =
+ new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ //System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size());
+
+ extendedSAMLAttributes.add(bpkAttribute);
+ }
+
- extendedSAMLAttributes.add(bpkAttribute);
//gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
@@ -332,6 +353,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
Logger.error("Error on building AUTH-Block: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
}
+
ExtendedSAMLAttribute bpkAttribute =
new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
@@ -370,5 +392,23 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
return assertion;
}
-
+
+
+ public static String xmlToString(Node node) {
+ try {
+ Source source = new DOMSource(node);
+ StringWriter stringWriter = new StringWriter();
+ Result result = new StreamResult(stringWriter);
+ TransformerFactory factory = TransformerFactory.newInstance();
+ Transformer transformer = factory.newTransformer();
+ transformer.transform(source, result);
+ return stringWriter.getBuffer().toString();
+ } catch (TransformerConfigurationException e) {
+ e.printStackTrace();
+ } catch (TransformerException e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 7af327180..640c60e49 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -155,8 +155,12 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
pkValue = authData.getBPK();
}
+// System.out.println("pkType; " + pkType);
+// System.out.println("pkValue; " + pkValue);
+
String assertion;
try {
+
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index d67d5cd83..bae95c2a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -32,6 +32,8 @@ import java.util.Iterator;
import java.util.List;
import java.util.Vector;
+import org.w3c.dom.Element;
+
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -84,7 +86,26 @@ public class AuthenticationSession {
*/
private boolean useMandate;
- /**
+ /**
+ * Selected mandate
+ */
+ private Element mandateElem;
+
+ /**
+ * @return the mandateElem
+ */
+ public Element getMandateElem() {
+ return mandateElem;
+ }
+
+ /**
+ * @param mandateElem the mandateElem to set
+ */
+ public void setMandateElem(Element mandateElem) {
+ this.mandateElem = mandateElem;
+ }
+
+ /**
* SessionID for MIS
*/
private String misSessionID;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index ad0592694..5c193aca1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -24,40 +24,40 @@
package at.gv.egovernment.moa.id.auth.servlet;
-import iaik.pki.PKIException;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.security.GeneralSecurityException;
-import java.util.List;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
/**
* Servlet requested for getting the foreign eID
@@ -161,7 +161,13 @@ public class GetMISSessionIDServlet extends AuthServlet {
// verify mandate signature
String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
-
+
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ Document mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null);
+ session.setMandateElem(mandateDoc.getDocumentElement());
+ //System.out.println("stringMandate: " + stringMandate);
+
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
@@ -187,6 +193,10 @@ public class GetMISSessionIDServlet extends AuthServlet {
handleError(null, e, req, resp);
} catch (MISSimpleClientException e) {
handleError(null, e, req, resp);
+ } catch (SAXException e) {
+ handleError(null, e, req, resp);
+ } catch (ParserConfigurationException e) {
+ handleError(null, e, req, resp);
}
}