diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java')
4 files changed, 6 insertions, 187 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index b30720501..3857cd15c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -29,17 +29,13 @@ import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; -import java.io.CharArrayWriter; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; -import java.net.HttpURLConnection; -import java.net.URL; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; //import java.security.cert.CertificateFactory; -import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.Iterator; @@ -58,14 +54,6 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.xpath.XPathAPI; -import org.opensaml.Configuration; -import org.opensaml.common.SAMLObjectBuilder; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.Endpoint; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.springframework.util.xml.DomUtils; @@ -104,7 +92,6 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; -import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; @@ -1860,16 +1847,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { for (OAStorkAttribute logReqAttr : attributesFromConfig) Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); } - - + //TODO: check Target in case of SSO!! String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; - - String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest authnRequest = new STORKAuthnRequest(); @@ -1931,7 +1914,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Preparing to send STORK AuthnRequest."); Logger.info("prepared STORKAuthnRequest: "); Logger.info(new String(authnRequest.getTokenSaml())); -// SAMLRequest = PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()); try { Logger.trace("Initialize VelocityEngine..."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 43ba83f91..4a7676ec8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -26,6 +26,8 @@ import java.util.Vector; import org.w3c.dom.Element; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java deleted file mode 100644 index e5c55d038..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java +++ /dev/null @@ -1,165 +0,0 @@ -/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Class handling all necessary functionality for STORK AuthnRequest processing
- *
- * @author bzwattendorfer
- *
- */
-public class STORKAuthnRequestProcessor {
-
- /**
- * Creates a STORK AuthnRequest
- * @param destination Destination URL
- * @param acsURL Assertion Consumer Service URL
- * @param providerName SP Provider Name
- * @param issuerValue Issuer Name
- * @param qaaLevel STORK QAALevel to be requested
- * @param requestedAttributes Requested Attributes to be requested
- * @param spSector Sp Sector
- * @param spInstitution SP Institution
- * @param spApplication SP Application
- * @param spCountry SP Country
- * @param textToBeSigned text to be included in signedDoc element
- * @param mimeType mimeType for the text to be signed in signedDoc
- * @return STORK AuthnRequest
- */
- public static STORKAuthnRequest generateSTORKAuthnRequest(
- String destination,
- String acsURL,
- String providerName,
- String issuerValue,
- QualityAuthenticationAssuranceLevel qaaLevel,
- RequestedAttributes requestedAttributes,
- String spSector,
- String spInstitution,
- String spApplication,
- String spCountry,
- String textToBeSigned,
- String mimeType) {
-
-
- STORKAuthnRequest storkAuthnRequest =
- STORKMessagesBuilder.buildSTORKAuthnRequest(
- destination,
- acsURL,
- providerName,
- issuerValue,
- qaaLevel,
- requestedAttributes,
- spSector,
- spInstitution,
- spApplication,
- spCountry);
-
- STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
-
- Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
-
- return storkAuthnRequest;
-
- }
-
- /**
- * Signs a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthRequest to sign
- * @param keyStorePath KeyStorePath to the signing key
- * @param keyStorePassword KeyStore Password
- * @param keyName Signing key name
- * @param keyPassword Signing key password
- * @return Signed STORK AuthnRequest
- * @throws SAMLException
- */
- public static STORKAuthnRequest signSTORKAuthnRequest(
- STORKAuthnRequest storkAuthnRequest,
- String keyStorePath,
- String keyStorePassword,
- String keyName,
- String keyPassword) throws SAMLException {
-
- Logger.trace("Building Credential Provider for signing process");
-
- CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
-
- Credential credential = credentialProvider.getCredential();
-
- Logger.trace("Credentials found");
-
- SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
-
- return storkAuthnRequest;
- }
-
- /**
- * Validates a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthnRequest to validate
- * @throws SAMLValidationException
- */
- public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
-
- SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
-
- }
-
- /**
- * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
- * @param request HttpServletRequest
- * @param response HttpServletResponse
- * @param storkAuthnRequest STORK AuthnRequest to send
- * @throws Exception
- */
- public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
-
- Logger.trace("Create endpoint...");
- Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
- endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- endpoint.setLocation(storkAuthnRequest.getDestination());
-
-
- Logger.trace("Prepare SAMLMessageContext...");
- HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());
- BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
- samlMessageContext.setOutboundMessageTransport(outTransport);
- samlMessageContext.setPeerEntityEndpoint(endpoint);
-
- Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
- samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
-
- Logger.trace("Initialize VelocityEngine...");
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-
-// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
- HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
-
- Logger.trace("HTTP-Post encode SAMLMessageContext...");
- encoder.encode(samlMessageContext);
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index f44f21db9..aa97c548a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -338,9 +338,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //Initialize OpenSAML for STORK - Logger.info("Starting initialization of OpenSAML..."); - STORKBootstrap.bootstrap(); - Logger.debug("OpenSAML successfully initialized"); +// Logger.info("Starting initialization of OpenSAML..."); +// STORKBootstrap.bootstrap(); +// Logger.debug("OpenSAML successfully initialized"); String legacyconfig = props.getProperty("configuration.xml.legacy"); |