aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java384
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java628
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java109
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java148
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java166
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java386
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java1070
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java155
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java156
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java126
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java165
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java120
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java97
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java232
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java165
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java92
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java228
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java184
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java350
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java467
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java92
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java361
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java124
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java144
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java185
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java152
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java186
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java204
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java)26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java)23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java)112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java)52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java96
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java161
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java)7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java177
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java53
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java635
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java42
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties29
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties187
199 files changed, 8688 insertions, 3726 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index d4b5d1c05..f20339506 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
@@ -51,7 +52,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -73,6 +75,7 @@ public class StatisticLogger {
private static final String ERRORTYPE_MOASP = "moa-sp";
private static final String ERRORTYPE_MANDATE = "mandate";
private static final String ERRORTYPE_MOAID = "moa-id";
+ private static final String ERRORTYPE_SZRGW = "szrgw";
private static StatisticLogger instance;
@@ -97,9 +100,9 @@ public class StatisticLogger {
}
}
- public void logSuccessOperation(IRequest protocolRequest, AuthenticationSession moasession, boolean isSSOSession) {
+ public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) {
- if ( isAktive && protocolRequest != null && moasession != null) {
+ if ( isAktive && protocolRequest != null && authData != null) {
OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(protocolRequest.getOAURL());
@@ -128,9 +131,18 @@ public class StatisticLogger {
dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue());
else
dblog.setOatarget(dbOA.getTarget());
+
+ dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession());
- dblog.setBkuurl(moasession.getBkuURL());
- dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ if (authData.isInterfederatedSSOSession()) {
+ dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
+ dblog.setBkuurl(authData.getInterfederatedIDP());
+
+ } else {
+ dblog.setBkuurl(authData.getBkuURL());
+ dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA));
+
+ }
dblog.setProtocoltype(protocolRequest.requestedModule());
dblog.setProtocolsubtype(protocolRequest.requestedAction());
@@ -138,10 +150,10 @@ public class StatisticLogger {
//log MandateInforamtion
- if (moasession.getUseMandate()) {
- dblog.setMandatelogin(moasession.getUseMandate());
+ if (authData.isUseMandate()) {
+ dblog.setMandatelogin(authData.isUseMandate());
- MISMandate mandate = moasession.getMISMandate();
+ MISMandate mandate = authData.getMISMandate();
if (mandate != null) {
if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
@@ -297,7 +309,13 @@ public class StatisticLogger {
dblog.setErrorcode(error.getBkuErrorCode());
dblog.setErrormessage(getErrorMessageWithMaxLength(error.getBkuErrorMessage(), MAXERRORLENGTH));
- }else if (throwable instanceof MISSimpleClientException) {
+ } else if (throwable instanceof SZRGWClientException) {
+ SZRGWClientException error = (SZRGWClientException) throwable;
+ dblog.setErrortype(ERRORTYPE_SZRGW);
+ dblog.setErrorcode(error.getSzrErrorCode());
+ dblog.setErrormessage(getErrorMessageWithMaxLength(error.getSzrErrorMessage(), MAXERRORLENGTH));
+
+ } else if (throwable instanceof MISSimpleClientException) {
MISSimpleClientException error = (MISSimpleClientException) throwable;
dblog.setErrortype(ERRORTYPE_MANDATE);
dblog.setErrorcode(error.getMISErrorCode());
@@ -333,13 +351,13 @@ public class StatisticLogger {
BKUURLS bkuurls = oaAuth.getBKUURLS();
if (bkuurls != null) {
if (bkuURL.equals(bkuurls.getHandyBKU()))
- return OAAuthParameter.HANDYBKU;
+ return IOAAuthParameters.HANDYBKU;
if (bkuURL.equals(bkuurls.getLocalBKU()))
- return OAAuthParameter.LOCALBKU;
+ return IOAAuthParameters.LOCALBKU;
if (bkuURL.equals(bkuurls.getOnlineBKU()))
- return OAAuthParameter.ONLINEBKU;
+ return IOAAuthParameters.ONLINEBKU;
}
}
}
@@ -348,14 +366,14 @@ public class StatisticLogger {
try {
AuthConfigurationProvider authconfig = AuthConfigurationProvider.getInstance();
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.ONLINEBKU)))
- return OAAuthParameter.ONLINEBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))
+ return IOAAuthParameters.ONLINEBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.LOCALBKU)))
- return OAAuthParameter.LOCALBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+ return IOAAuthParameters.LOCALBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.HANDYBKU)))
- return OAAuthParameter.HANDYBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+ return IOAAuthParameters.HANDYBKU;
} catch (ConfigurationException e) {
Logger.info("Advanced Logging: Default BKUs read failed");
@@ -364,17 +382,17 @@ public class StatisticLogger {
Logger.debug("Staticic Log search BKUType from generneric Parameters");
if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.LOCALBKU);
- return OAAuthParameter.LOCALBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
+ return IOAAuthParameters.LOCALBKU;
}
if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.HANDYBKU);
- return OAAuthParameter.HANDYBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
+ return IOAAuthParameters.HANDYBKU;
}
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.ONLINEBKU);
- return OAAuthParameter.ONLINEBKU;
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU);
+ return IOAAuthParameters.ONLINEBKU;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d7083ec81..4709f8c68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,6 +2,7 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
+import iaik.pki.PKIRuntimeException;
import iaik.util.logging.Log;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -314,12 +315,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
- //TODO: cleanup before MOA-ID 2.1 release
- String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- session.getBkuURL(), infoboxReadRequest, dataURL, null,
- null, pushInfobox, oaParam, appletheigth, appletwidth);
-
- return htmlForm;
+ //TODO: cleanup before MOA-ID 2.1 release
+ try {
+ String htmlForm = new GetIdentityLinkFormBuilder().build(template,
+ session.getBkuURL(), infoboxReadRequest, dataURL, null,
+ null, pushInfobox, oaParam, appletheigth, appletwidth);
+
+ return htmlForm;
+
+ } catch (BuildException e) {
+ throw new BuildException("builder.07", null, e);
+
+ }
}
/**
@@ -524,16 +531,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} catch (SAXException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (IOException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (ParserConfigurationException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
} catch (TransformerException e) {
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[]{GET_MIS_SESSIONID}, e);
}
@@ -553,9 +560,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam) throws ConfigurationException,
BuildException, ValidateException {
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
if (authConf == null)
authConf = AuthConfigurationProvider.getInstance();
@@ -611,9 +618,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam, X509Certificate cert)
throws ConfigurationException {
- // check for intermediate processing of the infoboxes
- if (session.isValidatorInputPending())
- return "Redirect to Input Processor";
+// // check for intermediate processing of the infoboxes
+// if (session.isValidatorInputPending())
+// return "Redirect to Input Processor";
if (authConf == null)
authConf = AuthConfigurationProvider.getInstance();
@@ -1164,11 +1171,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
vtids, tpid);
// debug output
- // invokes the call
- Element domVsresp = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVsreq);
- // debug output
+ Element domVsresp = null;
+
+// try {
+ // invokes the call
+ domVsresp = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVsreq);
+ // debug output
+
+// } catch ( ServiceException e) {
+// Logger.error("Signature verification error. ", e);
+// Logger.error("Signed Data: " + session.getAuthBlock());
+// try {
+// Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+// } catch (TransformerException e1) {
+// e1.printStackTrace();
+//
+// } catch (IOException e1) {
+// e1.printStackTrace();
+//
+// }
+//
+// throw e;
+// }
+
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
domVsresp).parseData();
@@ -1196,48 +1223,66 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// date and time
CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
- // compares the public keys from the identityLink with the AuthBlock
- VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
- vsresp, session.getIdentityLink());
-
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- boolean formpending = false;
- if (iter != null) {
- while (!formpending && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector.get(1);
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator.validate(csresp
- .getSamlAssertion());
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier + " infobox:"
- + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[]{friendlyName});
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40", new Object[]{
- friendlyName,
- infoboxValidationResult.getErrorMessage()});
- }
- String form = infoboxvalidator.getForm();
- if (ParepUtils.isEmpty(form)) {
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- } else {
- return "Redirect to Input Processor";
- }
- }
- }
+ try {
+ // compares the public keys from the identityLink with the AuthBlock
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
+ vsresp, session.getIdentityLink());
+
+ } catch ( ValidateException e) {
+ Logger.error("Signature verification error. ", e);
+ Logger.error("Signed Data: " + session.getAuthBlock());
+ try {
+ Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+ Logger.error("VerifyResponse: " + DOMUtils.serializeNode(domVsresp));
+ } catch (TransformerException e1) {
+ e1.printStackTrace();
+
+ } catch (IOException e1) {
+ e1.printStackTrace();
+
+ }
+
+ throw e;
+ }
+
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// boolean formpending = false;
+// if (iter != null) {
+// while (!formpending && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector.get(1);
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator.validate(csresp
+// .getSamlAssertion());
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier + " infobox:"
+// + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[]{friendlyName});
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40", new Object[]{
+// friendlyName,
+// infoboxValidationResult.getErrorMessage()});
+// }
+// String form = infoboxvalidator.getForm();
+// if (ParepUtils.isEmpty(form)) {
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// } else {
+// return "Redirect to Input Processor";
+// }
+// }
+// }
session.setXMLVerifySignatureResponse(vsresp);
session.setSignerCertificate(vsresp.getX509certificate());
@@ -1358,44 +1403,44 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
- // post processing of the infoboxes
- Iterator iter = session.getInfoboxValidatorIterator();
- boolean formpending = false;
- if (iter != null) {
- while (!formpending && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- String identifier = (String) infoboxValidatorVector.get(0);
- String friendlyName = (String) infoboxValidatorVector.get(1);
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- InfoboxValidationResult infoboxValidationResult = null;
- try {
- infoboxValidationResult = infoboxvalidator.validate(session
- .getIdentityLink().getSamlAssertion());
- } catch (ValidateException e) {
- Logger.error("Error validating " + identifier + " infobox:"
- + e.getMessage());
- throw new ValidateException("validator.44",
- new Object[]{friendlyName});
- }
- if (!infoboxValidationResult.isValid()) {
- Logger.info("Validation of " + identifier
- + " infobox failed.");
- throw new ValidateException("validator.40", new Object[]{
- friendlyName,
- infoboxValidationResult.getErrorMessage()});
- }
- String form = infoboxvalidator.getForm();
- if (ParepUtils.isEmpty(form)) {
- AddAdditionalSAMLAttributes(
- session,
- infoboxValidationResult.getExtendedSamlAttributes(),
- identifier, friendlyName);
- } else {
- return "Redirect to Input Processor";
- }
- }
- }
+// // post processing of the infoboxes
+// Iterator iter = session.getInfoboxValidatorIterator();
+// boolean formpending = false;
+// if (iter != null) {
+// while (!formpending && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// String identifier = (String) infoboxValidatorVector.get(0);
+// String friendlyName = (String) infoboxValidatorVector.get(1);
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+// .get(2);
+// InfoboxValidationResult infoboxValidationResult = null;
+// try {
+// infoboxValidationResult = infoboxvalidator.validate(session
+// .getIdentityLink().getSamlAssertion());
+// } catch (ValidateException e) {
+// Logger.error("Error validating " + identifier + " infobox:"
+// + e.getMessage());
+// throw new ValidateException("validator.44",
+// new Object[]{friendlyName});
+// }
+// if (!infoboxValidationResult.isValid()) {
+// Logger.info("Validation of " + identifier
+// + " infobox failed.");
+// throw new ValidateException("validator.40", new Object[]{
+// friendlyName,
+// infoboxValidationResult.getErrorMessage()});
+// }
+// String form = infoboxvalidator.getForm();
+// if (ParepUtils.isEmpty(form)) {
+// AddAdditionalSAMLAttributes(
+// session,
+// infoboxValidationResult.getExtendedSamlAttributes(),
+// identifier, friendlyName);
+// } else {
+// return "Redirect to Input Processor";
+// }
+// }
+// }
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
X509Certificate cert = session.getSignerCertificate();
@@ -1415,127 +1460,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Builds the AuthenticationData object together with the corresponding
- * <code>&lt;saml:Assertion&gt;</code>
- *
- * @param session authentication session
- * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP
- * @param useUTC uses correct UTC time format
- * @param useUTC indicates that authenticated citizen is a foreigner
- * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates
- * @return AuthenticationData object
- * @throws ConfigurationException while accessing configuration data
- * @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
- */
- public static AuthenticationData buildAuthenticationData(
- AuthenticationSession session, OAAuthParameter oaParam, String target)
- throws ConfigurationException, BuildException {
-
- IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
-
- VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
-
- boolean businessService = oaParam.getBusinessService();
-
- authData.setMajorVersion(1);
- authData.setMinorVersion(0);
- authData.setAssertionID(Random.nextRandom());
- authData.setIssuer(session.getAuthURL());
-
- authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar
- .getInstance()));
-
- //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
- authData.setIdentificationValue(identityLink.getIdentificationValue());
- authData.setIdentificationType(identityLink.getIdentificationType());
-
- authData.setGivenName(identityLink.getGivenName());
- authData.setFamilyName(identityLink.getFamilyName());
- authData.setDateOfBirth(identityLink.getDateOfBirth());
- authData.setQualifiedCertificate(verifyXMLSigResp
- .isQualifiedCertificate());
- authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
- authData.setPublicAuthorityCode(verifyXMLSigResp
- .getPublicAuthorityCode());
- authData.setBkuURL(session.getBkuURL());
-
- try {
-
- MISMandate mandate = session.getMISMandate();
-
- if (session.getUseMandate() && session.isOW()
- && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) {
- authData.setBPK(mandate.getOWbPK());
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
- authData.setIdentityLink(identityLink);
- Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
-
- } else {
-
- if (businessService) {
- //since we have foreigner, wbPK is not calculated in BKU
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-
- String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
- } else {
- authData.setBPK(identityLink.getIdentificationValue());
- authData.setBPKType(identityLink.getIdentificationType());
-
- }
-
- Logger.trace("Authenticate user with wbPK " + authData.getBPK());
-
- Element idlassertion = session.getIdentityLink().getSamlAssertion();
- //set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- prIdentification.getFirstChild().setNodeValue(authData.getBPK());
- //set bkp/wpbk type
- Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
- prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
-
- IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IdentityLink idl = idlparser.parseIdentityLink();
- authData.setIdentityLink(idl);
-
- } else {
-
- if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
- }
-
- Logger.trace("Authenticate user with bPK " + authData.getBPK());
-
- authData.setIdentityLink(identityLink);
- }
- }
-
- return authData;
-
- } catch (Throwable ex) {
- throw new BuildException("builder.00", new Object[]{
- "AuthenticationData", ex.toString()}, ex);
- }
- }
-
- /**
* Retrieves a session from the session store.
*
* @param id session ID
@@ -1773,6 +1697,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
request.setMIS(mis);
}
+ if (MiscUtil.isEmpty(connectionParameters.getUrl())) {
+ Logger.warn("SZR-Gateway Service URL is empty");
+ throw new SZRGWClientException("service.07");
+ }
+
Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl());
return response;
@@ -1826,11 +1755,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String destination = cpeps.getPepsURL().toExternalForm();
Logger.debug("C-PEPS URL: " + destination);
- String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+ String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
+ PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
String providerName = oaParam.getFriendlyName();
- String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
// prepare collection of required attributes
@@ -1903,6 +1834,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest succesfully assembled.");
STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing");
+
+ if (samlEngine == null) {
+ Logger.error("Could not initalize STORK SAML engine.");
+ throw new MOAIDException("stork.00", null);
+
+ }
+
try {
authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
} catch (STORKSAMLEngineException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 0173c67a1..6f83da367 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -31,6 +31,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_MODUL = "MODUL";
public static final String PARAM_ACTION = "ACTION";
public static final String PARAM_SSO = "SSO";
+ public static final String INTERFEDERATION_IDP = "interIDP";
+
/** servlet parameter &quot;sourceID&quot; */
public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index db9bc588f..a6c2cde05 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -272,7 +273,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
@@ -424,7 +425,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
@@ -454,12 +455,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
- public static String generateSpecialText(String inputtext, String issuer, String issueInstant) {
+ public static String generateSpecialText(String inputtext, String issuer, String gebDat, String issueInstant) {
Calendar datetime = DatatypeConverter.parseDateTime(issueInstant);
SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss");
String text = inputtext.replaceAll("#NAME#", issuer);
+ text = text.replaceAll("#BIRTHDAY#", gebDat);
text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime()));
text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime()));
@@ -495,7 +497,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
- OAAuthParameter oaParam)
+ IOAAuthParameters oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
@@ -536,7 +538,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
if (MiscUtil.isEmpty(text))
text="";
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 531303300..ba4440bf8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -224,7 +225,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
* @throws BuildException if an error occurs during the build process
*/
public String build(
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String xmlPersonData,
String xmlAuthBlock,
String xmlIdentityLink,
@@ -238,6 +239,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
{
String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
+
String publicAuthorityAttribute = "";
if (authData.isPublicAuthority()) {
String publicAuthorityIdentification = authData.getPublicAuthorityCode();
@@ -344,7 +346,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
* @throws BuildException if an error occurs during the build process
*/
public String buildMandate(
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String xmlPersonData,
String xmlMandateData,
String xmlAuthBlock,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
new file mode 100644
index 000000000..792b6cdd7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -0,0 +1,628 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.SecurityException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationDataBuilder implements MOAIDAuthConstants {
+
+ public static IAuthData buildAuthenticationData(IRequest protocolRequest,
+ AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+
+
+ String oaID = protocolRequest.getOAURL();
+ if (oaID == null) {
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+ }
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaID))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+ AuthenticationData authdata = null;
+
+ if (protocolRequest instanceof SAML1RequestImpl) {
+ //request is SAML1
+ SAML1AuthenticationData saml1authdata = new SAML1AuthenticationData();
+ saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA());
+
+ authdata = saml1authdata;
+
+ } else {
+ authdata = new AuthenticationData();
+
+ }
+
+ //reuse some parameters if it is a reauthentication
+ OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+ if (activeOA != null) {
+ authdata.setSessionIndex(activeOA.getAssertionSessionID());
+ authdata.setNameID(activeOA.getUserNameID());
+ authdata.setNameIDFormat(activeOA.getUserNameIDFormat());
+
+ //mark AttributeQuery as used
+ if ( protocolRequest instanceof PVPTargetConfiguration &&
+ ((PVPTargetConfiguration) protocolRequest).getRequest() instanceof MOARequest &&
+ ((PVPTargetConfiguration) protocolRequest).getRequest().getInboundMessage() instanceof AttributeQuery) {
+ try {
+ activeOA.setAttributeQueryUsed(true);
+ MOASessionDBUtils.saveOrUpdate(activeOA);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOASession interfederation information can not stored to database.", e);
+
+ }
+ }
+
+ }
+
+ InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
+
+ IOAAuthParameters oaParam = null;
+ if (reqAttributes == null) {
+ //get OnlineApplication from MOA-ID-Auth configuration
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaID);
+
+ } else {
+ //build OnlineApplication dynamic from requested attributes
+ oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
+
+ }
+
+ if (interfIDP != null ) {
+ //IDP is a chained interfederated IDP and Authentication is requested
+ if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration &&
+ !(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) {
+ //only set minimal response attributes
+ authdata.setQAALevel(interfIDP.getQAALevel());
+ authdata.setBPK(interfIDP.getUserNameID());
+
+ } else {
+ //get attributes from interfederated IDP
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes);
+
+ //mark attribute request as used
+ try {
+ if (idp.isInterfederationSSOStorageAllowed()) {
+ interfIDP.setAttributesRequested(true);
+ MOASessionDBUtils.saveOrUpdate(interfIDP);
+
+ } else {
+ MOASessionDBUtils.delete(interfIDP);
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOASession interfederation information can not stored to database.", e);
+
+ }
+ }
+
+ } else {
+ //build AuthenticationData from MOASession
+ buildAuthDataFormMOASession(authdata, session, oaParam);
+
+ }
+
+ return authdata;
+ }
+
+ /**
+ * @param req
+ * @param session
+ * @param reqAttributes
+ * @return
+ * @throws WrongParametersException
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws DynamicOABuildException
+ */
+ public static IAuthData buildAuthenticationData(IRequest req,
+ AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
+ return buildAuthenticationData(req, session, null);
+ }
+
+ /**
+ * @param authdata
+ * @param session
+ * @param oaParam
+ * @param protocolRequest
+ * @param interfIDP
+ * @param idp
+ * @param reqQueryAttr
+ * @throws ConfigurationException
+ */
+ private static void getAuthDataFromInterfederation(
+ AuthenticationData authdata, AuthenticationSession session,
+ IOAAuthParameters oaParam, IRequest req,
+ InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
+
+ try {
+ List<Attribute> attributs = null;
+
+ //IDP is a chained interfederated IDP and request is of type AttributQuery
+ if (oaParam.isInderfederationIDP() && req instanceof PVPTargetConfiguration &&
+ (((PVPTargetConfiguration)req).getRequest() instanceof AttributeQuery) &&
+ reqQueryAttr != null) {
+ attributs = reqQueryAttr;
+
+ //IDP is a service provider IDP and request interfederated IDP to collect attributes
+ } else {
+
+ //TODO: check if response include attributes and map this attributes to requested attributes
+
+ //get PVP 2.1 attributes from protocol specific requested attributes
+ attributs = req.getRequestedAttributes();
+
+ }
+
+ //collect attributes by using BackChannel communication
+ String endpoint = idp.getIDPAttributQueryServiceURL();
+ if (MiscUtil.isEmpty(endpoint)) {
+ Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
+ throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
+ }
+
+ //build attributQuery request
+ AttributeQuery query =
+ AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+
+ }
+
+ if (xmlObjects.get(0) instanceof Response) {
+ Response intfResp = (Response) xmlObjects.get(0);
+
+ //validate PVP 2.1 response
+ try {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ SAMLVerificationEngine.validateAssertion(intfResp, false);
+
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+ }
+
+ //parse response information to authData
+ buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+
+ }
+
+ } catch (SOAPException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (SecurityException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AttributQueryException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (BuildException e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AssertionValidationExeption e) {
+ throw new BuildException("builder.06", null, e);
+
+ } catch (AssertionAttributeExtractorExeption e) {
+ throw new BuildException("builder.06", null, e);
+
+ }
+ }
+
+ private static void buildAuthDataFormInterfederationResponse(AuthenticationData authData, AuthenticationSession session,
+ Response intfResp) throws BuildException, AssertionAttributeExtractorExeption {
+
+ Logger.debug("Build AuthData from assertion starts ....");
+
+ Assertion assertion = intfResp.getAssertions().get(0);
+
+ if (assertion.getAttributeStatements().size() == 0) {
+ Logger.warn("Can not build AuthData from Assertion. NO Attributes included.");
+ throw new AssertionAttributeExtractorExeption("Can not build AuthData from Assertion. NO Attributes included.", null);
+
+ }
+
+ AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
+ for (Attribute attr : attrStat.getAttributes()) {
+
+ if (attr.getName().equals(PVPConstants.PRINCIPAL_NAME_NAME))
+ authData.setFamilyName(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.GIVEN_NAME_NAME))
+ authData.setGivenName(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.BIRTHDATE_NAME))
+ authData.setDateOfBirth(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.BPK_NAME)) {
+ String pvpbPK = attr.getAttributeValues().get(0).getDOM().getTextContent();
+ authData.setBPK(pvpbPK.split(":")[1]);
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))
+ authData.setBPKType(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
+ attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_ISSUING_NATION_NAME))
+ authData.setCcc(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_CCS_URL_NAME))
+ authData.setBkuURL(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_AUTH_BLOCK_NAME)) {
+ try {
+ byte[] authBlock = Base64Utils.decode(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+ authData.setAuthBlock(new String(authBlock, "UTF-8"));
+
+ } catch (IOException e) {
+ Logger.error("Received AuthBlock is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) {
+ try {
+ authData.setSignerCertificate(Base64Utils.decode(
+ attr.getAttributeValues().get(0).getDOM().getTextContent(), false));
+
+ } catch (IOException e) {
+ Logger.error("Received SignerCertificate is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_NAME))
+ authData.setIdentificationValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_TYPE_NAME))
+ authData.setIdentificationType(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ if (attr.getName().equals(PVPConstants.EID_IDENTITY_LINK_NAME)) {
+ try {
+ InputStream idlStream = Base64Utils.decodeToStream(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+ IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
+ authData.setIdentityLink(idl);
+
+ } catch (ParseException e) {
+ Logger.error("Received IdentityLink is not valid", e);
+
+ } catch (Exception e) {
+ Logger.error("Received IdentityLink is not valid", e);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.MANDATE_REFERENCE_VALUE_NAME))
+ authData.setMandateReferenceValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+
+ if (attr.getName().equals(PVPConstants.MANDATE_FULL_MANDATE_NAME)) {
+ try {
+ byte[] mandate = Base64Utils.decode(
+ attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
+
+ if (authData.getMISMandate() == null)
+ authData.setMISMandate(new MISMandate());
+ authData.getMISMandate().setMandate(mandate);
+
+ authData.setUseMandate(true);
+
+ } catch (Exception e) {
+ Logger.error("Received Mandate is not valid", e);
+ throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+
+ }
+ }
+
+ if (attr.getName().equals(PVPConstants.MANDATE_PROF_REP_OID_NAME)) {
+ if (authData.getMISMandate() == null)
+ authData.setMISMandate(new MISMandate());
+ authData.getMISMandate().setProfRep(
+ attr.getAttributeValues().get(0).getDOM().getTextContent());
+
+ }
+
+ if (attr.getName().equals(PVPConstants.EID_STORK_TOKEN_NAME)) {
+ authData.setStorkAuthnResponse(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ authData.setForeigner(true);
+ }
+
+ if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {
+
+ if (authData.getStorkAttributes() == null)
+ authData.setStorkAttributes(new PersonalAttributeList());
+
+ List<String> storkAttrValues = new ArrayList<String>();
+ storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
+ false, storkAttrValues , "Available");
+ authData.getStorkAttributes().put(attr.getName(), storkAttr );
+ authData.setForeigner(true);
+ }
+
+ }
+
+ authData.setSsoSession(true);
+
+ //only for SAML1
+ if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel()))
+ authData.setQualifiedCertificate(true);
+ else
+ authData.setQualifiedCertificate(false);
+ authData.setPublicAuthority(false);
+ }
+
+ private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
+ IOAAuthParameters oaParam) throws BuildException {
+
+ String target = oaParam.getTarget();
+
+ IdentityLink identityLink = session.getIdentityLink();
+
+ VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+
+ boolean businessService = oaParam.getBusinessService();
+
+ authData.setIssuer(session.getAuthURL());
+
+ //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
+ authData.setIdentificationType(identityLink.getIdentificationType());
+
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp
+ .isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp
+ .getPublicAuthorityCode());
+ authData.setBkuURL(session.getBkuURL());
+
+ authData.setStorkAttributes(session.getStorkAttributes());
+ authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
+ authData.setStorkRequest(session.getStorkAuthnRequest());
+
+ authData.setSignerCertificate(session.getEncodedSignerCertificate());
+ authData.setAuthBlock(session.getAuthBlock());
+
+ authData.setForeigner(session.isForeigner());
+ authData.setQAALevel(session.getQAALevel());
+
+ if (session.isForeigner()) {
+ if (authData.getStorkAuthnRequest() != null) {
+ authData.setCcc(authData.getStorkAuthnRequest()
+ .getCitizenCountryCode());
+
+ } else {
+
+ try {
+ //TODO: replace with TSL lookup when TSL is ready!
+ X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
+
+ if (certificate != null) {
+
+ LdapName ln = new LdapName(certificate.getIssuerDN()
+ .getName());
+ for (Rdn rdn : ln.getRdns()) {
+ if (rdn.getType().equalsIgnoreCase("C")) {
+ Logger.info("C is: " + rdn.getValue());
+ authData.setCcc(rdn.getValue().toString());
+ break;
+ }
+ }
+ }
+
+ } catch (Exception e) {
+ Logger.error("Failed to extract country code from certificate", e);
+
+ }
+ }
+
+ } else {
+ authData.setCcc("AT");
+
+ }
+
+ try {
+
+ authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
+
+
+ /* TODO: Support SSO Mandate MODE!
+ * Insert functionality to translate mandates in case of SSO
+ */
+
+
+ MISMandate mandate = session.getMISMandate();
+ authData.setMISMandate(mandate);
+ authData.setUseMandate(session.getUseMandate());
+ authData.setMandateReferenceValue(session.getMandateReferenceValue());
+
+ if (session.getUseMandate() && session.isOW()
+ && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) {
+ authData.setBPK(mandate.getOWbPK());
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+
+ //TODO: check in case of mandates for business services
+ authData.setIdentityLink(identityLink);
+ Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
+
+ } else {
+
+ if (businessService) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
+
+ }
+
+ Logger.trace("Authenticate user with wbPK " + authData.getBPK());
+
+ Element idlassertion = session.getIdentityLink().getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
+
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink idl = idlparser.parseIdentityLink();
+
+ //resign IDL
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ Element resignedilAssertion;
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion());
+ IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+ IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
+
+ authData.setIdentityLink(resignedIDL);
+
+ } else {
+
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ }
+
+ Logger.trace("Authenticate user with bPK " + authData.getBPK());
+
+ authData.setIdentityLink(identityLink);
+ }
+ }
+
+
+ } catch (Throwable ex) {
+ throw new BuildException("builder.00", new Object[]{
+ "AuthenticationData", ex.toString()}, ex);
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
new file mode 100644
index 000000000..132b6af01
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOAAuthParameterBuilder {
+
+ public static IOAAuthParameters buildFromAttributeQuery(List<Attribute> reqAttributes, InterfederationSessionStore interfIDP) throws DynamicOABuildException {
+
+ Logger.debug("Build dynamic OAConfiguration from AttributeQuery and interfederation information");
+
+ try {
+ DynamicOAAuthParameters dynamicOA = new DynamicOAAuthParameters();
+
+ for (Attribute attr : reqAttributes) {
+ //get Target or BusinessService from request
+ if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
+ if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
+ dynamicOA.setBusinessService(false);
+ dynamicOA.setTarget(attrValue.substring((Constants.URN_PREFIX_CDID + "+").length()));
+
+ } else if( attrValue.startsWith(Constants.URN_PREFIX_WBPK) ||
+ attrValue.startsWith(Constants.URN_PREFIX_STORK) ) {
+ dynamicOA.setBusinessService(true);
+ dynamicOA.setTarget(attrValue);
+
+ } else {
+ Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea");
+ throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null);
+
+ }
+
+ }
+
+ }
+
+ if (interfIDP != null) {
+ //load interfederated IDP informations
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ if (idp == null) {
+ Logger.warn("Interfederated IDP configuration is not loadable.");
+ throw new DynamicOABuildException("Interfederated IDP configuration is not loadable.", null);
+
+ }
+
+ dynamicOA.setApplicationID(idp.getPublicURLPrefix());
+ dynamicOA.setInderfederatedIDP(idp.isInderfederationIDP());
+ dynamicOA.setIDPQueryURL(idp.getIDPAttributQueryServiceURL());
+
+ //check if IDP service area policy. BusinessService IDPs can only request wbPKs
+ if (!dynamicOA.getBusinessService() && !idp.isIDPPublicService()) {
+ Logger.error("Interfederated IDP " + idp.getPublicURLPrefix()
+ + " has a BusinessService-IDP but requests PublicService attributes.");
+ throw new DynamicOABuildException("Interfederated IDP " + idp.getPublicURLPrefix()
+ + " has a BusinessService-IDP but requests PublicService attributes.", null);
+
+ }
+ }
+
+ return dynamicOA;
+
+ } catch (ConfigurationException e) {
+ Logger.warn("Internel server errror. Basic configuration load failed.", e);
+ throw new DynamicOABuildException("Basic configuration load failed.", null);
+ }
+
+
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index ab93f509c..dc981ba33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -52,7 +52,7 @@ import java.io.StringWriter;
import java.util.Map;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -153,7 +153,7 @@ public class GetIdentityLinkFormBuilder extends Builder {
String dataURL,
String certInfoXMLRequest,
String certInfoDataURL,
- String pushInfobox, OAAuthParameter oaParam,
+ String pushInfobox, IOAAuthParameters oaParam,
String appletheigth,
String appletwidth)
throws BuildException
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 4d80be1e8..54196427e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
@@ -105,9 +106,9 @@ public class LoginFormBuilder {
IOUtils.copy(input, writer);
template = writer.toString();
template = template.replace(AUTH_URL, SERVLET);
- template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
- template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
- template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
+ template = template.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
+ template = template.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU);
+ template = template.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU);
} catch (Exception e) {
Logger.error("Failed to read template", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 4bae0300b..c5ba49b2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -203,10 +203,10 @@ public class AuthenticationSession implements Serializable {
*/
private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH;
- /**
- * If infobox validators are needed after signing, they can be stored in this list.
- */
- private List infoboxValidators;
+// /**
+// * If infobox validators are needed after signing, they can be stored in this list.
+// */
+// private List infoboxValidators;
/**
* The register and number in the register parameter in case of a business service application.
@@ -347,7 +347,7 @@ public class AuthenticationSession implements Serializable {
public AuthenticationSession(String id) {
sessionID = id;
// setTimestampStart();
- infoboxValidators = new ArrayList();
+// infoboxValidators = new ArrayList();
}
public X509Certificate getSignerCertificate() {
@@ -712,15 +712,15 @@ public class AuthenticationSession implements Serializable {
this.issueInstant = issueInstant;
}
- /**
- * Returns the iterator to the stored infobox validators.
- *
- * @return Iterator
- */
- public Iterator getInfoboxValidatorIterator() {
- if (infoboxValidators == null) return null;
- return infoboxValidators.iterator();
- }
+// /**
+// * Returns the iterator to the stored infobox validators.
+// *
+// * @return Iterator
+// */
+// public Iterator getInfoboxValidatorIterator() {
+// if (infoboxValidators == null) return null;
+// return infoboxValidators.iterator();
+// }
// /**
// * Adds an infobox validator class to the stored infobox validators.
@@ -744,23 +744,23 @@ public class AuthenticationSession implements Serializable {
// return infoboxValidators.iterator();
// }
- /**
- * Tests for pending input events of the infobox validators.
- *
- * @return true if a validator has a form to show
- */
- public boolean isValidatorInputPending() {
- boolean result = false;
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (!result && iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
- }
- }
- return result;
- }
+// /**
+// * Tests for pending input events of the infobox validators.
+// *
+// * @return true if a validator has a form to show
+// */
+// public boolean isValidatorInputPending() {
+// boolean result = false;
+// Iterator iter = getInfoboxValidatorIterator();
+// if (iter != null) {
+// while (!result && iter.hasNext()) {
+// Vector infoboxValidatorVector = (Vector) iter.next();
+// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
+// }
+// }
+// return result;
+// }
// /**
// * Returns the first pending infobox validator.
@@ -956,20 +956,7 @@ public class AuthenticationSession implements Serializable {
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
-
- public Element getMandate() {
- try {
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-
- }
- catch (Throwable e) {
- Logger.warn("Mandate content could not be generated from MISMandate.");
- return null;
- }
- }
-
+
/**
* @return the ssoRequested
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
index f1d3b078e..9c2960c4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
@@ -29,16 +29,6 @@ public class BKUException extends MOAIDException {
private String bkuErrorCode;
private String bkuErrorMessage;
- public BKUException(String messageId, Object[] parameters) {
- super(messageId, parameters);
-
- }
-
-
- public BKUException(String messageId, Object[] parameters, Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
public BKUException(String messageId, Object[] parameters,
String bkuErrorCode, String bkuErrorMessage) {
super(messageId, parameters);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
new file mode 100644
index 000000000..554cf7370
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOABuildException extends MOAIDException {
+
+
+ private static final long serialVersionUID = 3756862942519706809L;
+
+
+ public DynamicOABuildException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
new file mode 100644
index 000000000..4f68bbac0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InvalidProtocolRequestException extends MOAIDException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7866198705324084601L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public InvalidProtocolRequestException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
index e26ab6597..c80cbea26 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
@@ -46,6 +46,7 @@
package at.gv.egovernment.moa.id.auth.exception;
+
public class MISSimpleClientException extends MOAIDException {
private static final long serialVersionUID = 1L;
@@ -59,22 +60,16 @@ public class MISSimpleClientException extends MOAIDException {
public MISSimpleClientException(String message) {
super(message, null);
- this.misErrorMessage = message;
}
public MISSimpleClientException(String message, String code, String text) {
- super(message, null);
+ super(message, new Object[] { code , text });
this.misErrorMessage = text;
this.misErrorCode = code;
}
- public MISSimpleClientException(Throwable cause) {
- super("UNDEFINED ERROR", null, cause);
- }
-
public MISSimpleClientException(String message, Throwable cause) {
super(message, null, cause);
- this.misErrorMessage = message;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index ab4a91df9..e2802c1d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -241,7 +241,7 @@ public class IdentityLinkAssertionParser {
* @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as InputStream
* @throws ParseException on any parsing error
*/
- public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception {
+ public IdentityLinkAssertionParser(InputStream xmlAssertion) throws ParseException {
try {
assertionElem = DOMUtils.parseXmlValidating(xmlAssertion);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index f6cd2b776..175aeeab7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -75,6 +75,7 @@ import org.apache.commons.fileupload.servlet.ServletFileUpload;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
@@ -193,6 +194,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
req.setAttribute("LogLevel", "debug");
}
+ if (!(exceptionThrown instanceof MOAIDException)) {
+ Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+
+ }
+
IExceptionStore store = DBExceptionStoreImpl.getStore();
String id = store.storeException(exceptionThrown);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 17dd9e343..f11489dd2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -208,7 +208,8 @@ public class GetForeignIDServlet extends AuthServlet {
if (null != response.getErrorResponse()){
// TODO fix exception parameter
- throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException("service.08", (String)response.getErrorResponse().getErrorCode(),
+ (String)response.getErrorResponse().getInfo());
}
else {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index a776bbe9a..9e2e845b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -65,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -190,13 +189,9 @@ public class GetMISSessionIDServlet extends AuthServlet {
List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
connectionParameters.getUrl(), misSessionID, sslFactory);
- if (list == null) {
+ if (list == null || list.size() == 0) {
Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ throw new AuthenticationException("auth.15", null);
}
// for now: list contains only one element
@@ -205,7 +200,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
String sMandate = new String(mandate.getMandate());
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
- throw new AuthenticationException("auth.16",
+ throw new AuthenticationException("auth.15",
new Object[] { GET_MIS_SESSIONID });
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index fc4ec305d..9b300578a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -53,7 +53,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
@@ -62,7 +61,6 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -101,13 +99,13 @@ public class LogOutServlet extends AuthServlet {
}
- if (ssomanager.isValidSSOSession(ssoid, req)) {
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
//TODO: Single LogOut Implementation
//delete SSO session and MOA session
AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
+ String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 00acdc540..57755ca9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -53,8 +54,10 @@ public class RedirectServlet extends AuthServlet{
String url = req.getParameter(REDIRCT_PARAM_URL);
String target = req.getParameter(PARAM_TARGET);
String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+ String interIDP = req.getParameter(INTERFEDERATION_IDP);
- if (MiscUtil.isEmpty(artifact)) {
+
+ if (MiscUtil.isEmpty(artifact) && MiscUtil.isEmpty(interIDP)) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
}
@@ -68,14 +71,57 @@ public class RedirectServlet extends AuthServlet{
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
- } else {
- try {
- String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
- if (MiscUtil.isNotEmpty(test))
- redirectTarget = test;
+ } else {
+ //Redirect is a SAML1 send Artifact redirct
+ if (MiscUtil.isNotEmpty(artifact)) {
+ try {
+ String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
+ if (MiscUtil.isNotEmpty(test))
+ redirectTarget = test;
+
+ } catch (Exception e) {
+ Logger.debug("Use default redirectTarget.");
+ }
+
+ Logger.info("Redirect to " + url);
+
+ if (MiscUtil.isNotEmpty(target)) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_TARGET,
+ URLEncoder.encode(target, "UTF-8"));
+
+
+ }
+ url = addURLParameter(url, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(artifact, "UTF-8"));
+ url = resp.encodeRedirectURL(url);
+
+ String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.setStatus(HttpServletResponse.SC_OK);
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.write(redirect_form);
+ out.flush();
+
+ } else if (MiscUtil.isNotEmpty(interIDP)) {
+ //store IDP identifier and redirect to generate AuthRequst service
+ Logger.info("Receive an interfederation redirect request for IDP " + interIDP);
+ SSOManager sso = SSOManager.getInstance();
+ sso.setInterfederationIDPCookie(req, resp, interIDP);
+
+ Logger.debug("Redirect to " + url);
+ url = resp.encodeRedirectURL(url);
+ resp.setContentType("text/html");
+ resp.setStatus(HttpServletResponse.SC_FOUND);
+ resp.addHeader("Location", url);
+
+
+ } else {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
+ return;
- } catch (Exception e) {
- Logger.debug("Use default redirectTarget.");
}
}
@@ -88,29 +134,6 @@ public class RedirectServlet extends AuthServlet{
ConfigurationDBUtils.closeSession();
}
-
- Logger.info("Redirect to " + url);
-
- if (MiscUtil.isNotEmpty(target)) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
- url = addURLParameter(url, PARAM_TARGET,
- URLEncoder.encode(target, "UTF-8"));
-
-
- }
- url = addURLParameter(url, PARAM_SAMLARTIFACT,
- URLEncoder.encode(artifact, "UTF-8"));
- url = resp.encodeRedirectURL(url);
-
- String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.write(redirect_form);
- out.flush();
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index 997241822..495c4ca5b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -108,7 +108,7 @@ public class SSOSendAssertionServlet extends AuthServlet{
}
}
- boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
String moaSessionID = null;
@@ -124,7 +124,7 @@ public class SSOSendAssertionServlet extends AuthServlet{
}
if (valueString.compareToIgnoreCase("true") == 0) {
- moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
+ moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 787dc6f10..98edf1fe4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -227,7 +227,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
if (profiles == null) {
Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
}
// String profilesArray[] = profiles.split(",");
@@ -238,6 +238,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String oaFriendlyName = oaParam.getFriendlyName();
String mandateReferenceValue = session.getMandateReferenceValue();
byte[] cert = session.getEncodedSignerCertificate();
+ byte[] authBlock = session.getAuthBlock().getBytes();
//TODO: check in case of SSO!!!
String targetType = null;
@@ -252,7 +253,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profiles, targetType, sslFactory);
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
+ connectionParameters.getUrl(),
+ idl,
+ cert,
+ oaFriendlyName,
+ redirectURL,
+ mandateReferenceValue,
+ profiles,
+ targetType,
+ authBlock,
+ sslFactory);
if (misSessionID == null) {
Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
@@ -323,78 +334,5 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
}
-
- /**
- * Calls the MIS Service
- * @param session
- * @throws IOException
- */
-// private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
-//
-// try {
-// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
-// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
-// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-//
-// // get identitity link as byte[]
-// Element elem = session.getIdentityLink().getSamlAssertion();
-// String s = DOMUtils.serializeNode(elem);
-//
-// System.out.println("IDL: " + s);
-//
-// byte[] idl = s.getBytes();
-//
-// // redirect url
-// // build redirect(to the GetMISSessionIdSerlvet)
-// String redirectURL =
-// new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// GET_MIS_SESSIONID,
-// session.getSessionID());
-//
-// String oaURL = session.getOAURLRequested();
-// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
-// String profiles = oaParam.getMandateProfiles();
-//
-// if (profiles == null) {
-// Logger.error("No Mandate/Profile for OA configured.");
-// throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
-// }
-//
-// String profilesArray[] = profiles.split(",");
-// for(int i = 0; i < profilesArray.length; i++) {
-// profilesArray[i] = profilesArray[i].trim();
-// }
-//
-// String oaFriendlyName = oaParam.getFriendlyName();
-// String mandateReferenceValue = session.getMandateReferenceValue();
-// X509Certificate cert = session.getSignerCertificate();
-// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
-// String redirectMISGUI = misSessionID.getRedirectURL();
-//
-// if (misSessionID == null) {
-// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
-// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
-// }
-//
-// session.setMISSessionID(misSessionID.getSessiondId());
-//
-// resp.setStatus(302);
-// resp.addHeader("Location", redirectMISGUI);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-// }
-// catch (MOAIDException ex) {
-// handleError(null, ex, req, resp);
-// } catch (GeneralSecurityException ex) {
-// handleError(null, ex, req, resp);
-// } catch (PKIException e) {
-// handleError(null, e, req, resp);
-// } catch (MISSimpleClientException e) {
-// handleError(null, e, req, resp);
-// } catch (TransformerException e) {
-// handleError(null, e, req, resp);
-// }
-// }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index c3b45f165..2c8b44404 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
@@ -124,8 +125,9 @@ public class STORKResponseProcessor {
* @param filters the filters
* @return Identity Link
* @throws STORKException the sTORK exception
+ * @throws MOAIDException
*/
- public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException, MOAIDException {
Logger.trace("Calling SZR Gateway with the following attributes:");
CreateIdentityLinkResponse identityLinkResponse = null;
@@ -209,8 +211,8 @@ public class STORKResponseProcessor {
}
if (null != identityLinkResponse.getErrorResponse()){
- // TODO fix exception parameter
- throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException("service.08", (String)identityLinkResponse.getErrorResponse().getErrorCode(),
+ (String)identityLinkResponse.getErrorResponse().getInfo());
}
else {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink()));
@@ -223,19 +225,13 @@ public class STORKResponseProcessor {
// }
}
- } catch (SZRGWClientException e) {
- Logger.error("Error connecting SZR-Gateway: ", e);
- throw new STORKException("Error connecting SZR-Gateway: ", e);
+
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
- throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
- } catch(STORKException e) {
- throw e;
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
+ throw new MOAIDException("auth.25", null, e);
+
+ }
+
return identityLink;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index b2c47fac0..762d9af2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -299,7 +299,7 @@ public class CreateXMLSignatureResponseValidator {
}
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
@@ -528,7 +528,7 @@ public class CreateXMLSignatureResponseValidator {
}
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index b69fdd9ab..4fd7fa965 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -229,10 +229,17 @@ public class VerifyXMLSignatureResponseValidator {
if(ecdsakey.equals(ecdsaPubKeySignature))
found = true;
}
+
+// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
+// + " Resp-Pubkey=" + pubKeySignature.getClass().getName());
+
}
- if (!found)
+ if (!found) {
+
throw new ValidateException("validator.09", null);
+
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 5483b865e..0e2251f21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -113,27 +113,27 @@ public class ParepUtils {
}
}
- /*
- *
- */
- public static String extractRepresentativeID(Element mandate) throws ValidateException {
- try {
- Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
- Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
- if (resultNode != null) {
- // because following line is not ready for JDK 1.4.x we need to get the childnode;
- // return resultNode.getTextContent();
- Node textNode = resultNode.getFirstChild();
- if (textNode != null) {
- return textNode.getNodeValue();
- }
- }
- return null;
- } catch (Exception e) {
- throw new ValidateException("validator.62", null);
- }
- }
+// /*
+// *
+// */
+// public static String extractRepresentativeID(Element mandate) throws ValidateException {
+// try {
+// Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+// Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+// if (resultNode != null) {
+// // because following line is not ready for JDK 1.4.x we need to get the childnode;
+// // return resultNode.getTextContent();
+// Node textNode = resultNode.getFirstChild();
+// if (textNode != null) {
+// return textNode.getNodeValue();
+// }
+// }
+// return null;
+// } catch (Exception e) {
+// throw new ValidateException("validator.62", null);
+// }
+// }
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
index a9f41819d..c675885c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
@@ -69,7 +69,7 @@ public class SZRGWClient {
if (serviceUrl.toLowerCase().startsWith("https")) {
Logger.trace("Using ssl for SZRGW client request.");
if (sslContext == null) {
- throw new SZRGWClientException("SSL context from configuration is empty. Please configure an SSL context in the configuration first.", null);
+ throw new SZRGWClientException();
}
requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext);
@@ -95,7 +95,7 @@ public class SZRGWClient {
} catch (Exception e) {
Logger.warn("SZRGW Client initialization FAILED.", e);
- throw new SZRGWClientException("SZRGW Client initialization FAILED.", null);
+ throw new SZRGWClientException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
index d15ded8a8..2038e3f18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
@@ -28,12 +28,47 @@ public class SZRGWClientException extends MOAIDException{
private static final long serialVersionUID = 1L;
+ private String szrErrorCode = null;
+ private String szrErrorMessage = null;
+
public SZRGWClientException(String messageId, Object[] parameters) {
super(messageId, parameters);
}
- public SZRGWClientException(SZRGWClientException e1) {
- super("", null, e1);
+ public SZRGWClientException(String messageId) {
+ super(messageId, null);
+ }
+
+ public SZRGWClientException(String messageId, Throwable e1) {
+ super(messageId, null, e1);
+ }
+
+ public SZRGWClientException(String messageId, String szrErrorCode, String szrErrorMessage) {
+ super(messageId, null);
+ this.szrErrorCode = szrErrorCode;
+ this.szrErrorMessage = szrErrorMessage;
+ }
+
+ /**
+ *
+ */
+ public SZRGWClientException() {
+ super("service.09", null);
+ }
+
+ /**
+ * @return the szrErrorCode
+ */
+ public String getSzrErrorCode() {
+ return szrErrorCode;
+ }
+
+ /**
+ * @return the szrErrorMessage
+ */
+ public String getSzrErrorMessage() {
+ return szrErrorMessage;
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index dc5ec430e..88ed7885f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -135,23 +135,11 @@ public class ConfigurationProvider {
return rootConfigFileDir;
}
- /**
- * Return the chaining mode for a given trust anchor.
- *
- * @param trustAnchor The trust anchor for which the chaining mode should be
- * returned.
- * @return The chaining mode for the given trust anchor. If the trust anchor
- * has not been configured separately, the system default will be returned.
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- Principal issuer = trustAnchor.getIssuerDN();
- BigInteger serial = trustAnchor.getSerialNumber();
- IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-
- String mode = (String) chainingModes.get(issuerAndSerial);
- return mode != null ? mode : defaultChainingMode;
+ public String getDefaultChainingMode() {
+ return defaultChainingMode;
}
-
+
+
/**
* Returns the trustedCACertificates.
* @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index 31b88263b..b2bcd443f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -68,6 +68,7 @@ public class OAParameter {
this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20();
+ this.isInderfederationIDP = oa.isIsInterfederationIDP();
}
@@ -104,6 +105,8 @@ public class OAParameter {
private boolean removePBKFromAuthblock;
+ private Boolean isInderfederationIDP;
+
/**
* Contains the oAuth 2.0 configuration (client id, secret and redirect uri)
*/
@@ -141,4 +144,16 @@ public class OAParameter {
return oAuth20Config;
}
+ /**
+ * @return the isInderfederationIDP
+ */
+ public boolean isInderfederationIDP() {
+ if (isInderfederationIDP == null)
+ return false;
+
+ return isInderfederationIDP;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 8b5c8d796..dca0958f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -63,7 +63,6 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import org.hibernate.cfg.Configuration;
-import org.opensaml.DefaultBootstrap;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -96,6 +95,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
@@ -339,6 +339,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
config.addAnnotatedClass(OASessionStore.class);
config.addAnnotatedClass(OldSSOSessionIDStore.class);
config.addAnnotatedClass(ExceptionStore.class);
+ config.addAnnotatedClass(InterfederationSessionStore.class);
config.addProperties(moaSessionProp);
MOASessionDBUtils.initHibernate(config, moaSessionProp);
@@ -695,17 +696,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
throw new ConfigurationException("config.02", null);
} else {
- SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU());
- SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU());
- SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU());
+ SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU());
+ SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU());
+ SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU());
}
//set Default BKU URLS
DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs();
if (bkuuls != null) {
- DefaultBKUURLs.put(OAAuthParameter.ONLINEBKU, bkuuls.getOnlineBKU());
- DefaultBKUURLs.put(OAAuthParameter.LOCALBKU, bkuuls.getLocalBKU());
- DefaultBKUURLs.put(OAAuthParameter.HANDYBKU, bkuuls.getHandyBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU());
+ DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU());
}
//set SSO Config
@@ -884,7 +885,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
- + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
@@ -899,7 +900,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
- + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
new file mode 100644
index 000000000..a59cc10e0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IOAAuthParameters {
+
+ public static final String ONLINEBKU = "online";
+ public static final String HANDYBKU = "handy";
+ public static final String LOCALBKU = "local";
+ public static final String INDERFEDERATEDIDP = "interfederated";
+
+
+ public String getPublicURLPrefix();
+
+ public boolean getBusinessService();
+
+ public String getTarget();
+
+ public boolean isInderfederationIDP();
+
+ /**
+ * @return the identityLinkDomainIdentifier
+ */
+ public String getIdentityLinkDomainIdentifier();
+
+ /**
+ * @return the keyBoxIdentifier
+ */
+ public String getKeyBoxIdentifier();
+
+ /**
+ * @return the transformsInfos
+ */
+ public List<String> getTransformsInfos();
+
+ public OASAML1 getSAML1Parameter();
+
+ public OAPVP2 getPVP2Parameter();
+
+ /**
+ * @return the templateURL
+ */
+ public List<TemplateType> getTemplateURL();
+
+ public String getAditionalAuthBlockText();
+
+ public String getBKUURL(String bkutype);
+
+ public List<String> getBKUURL();
+
+ public boolean useSSO();
+
+ public boolean useSSOQuestion();
+
+ public String getSingleLogOutURL();
+
+ /**
+ * @return the mandateProfiles
+ */
+ public List<String> getMandateProfiles();
+
+ /**
+ * @return the identityLinkDomainIdentifierType
+ */
+ public String getIdentityLinkDomainIdentifierType();
+
+ public boolean isShowMandateCheckBox();
+
+ public boolean isOnlyMandateAllowed();
+
+ /**
+ * Shall we show the stork login in the bku selection frontend?
+ *
+ * @return true, if is we should show stork login
+ */
+ public boolean isShowStorkLogin();
+
+ public Map<String, String> getFormCustomizaten();
+
+ public Integer getQaaLevel();
+
+ /**
+ * @return the requestedAttributes
+ */
+ public List<OAStorkAttribute> getRequestedAttributes();
+
+ public boolean isRequireConsentForStorkAttributes();
+
+ public List<AttributeProviderPlugin> getStorkAPs();
+
+ public byte[] getBKUSelectionTemplate();
+
+ public byte[] getSendAssertionTemplate();
+
+ public List<CPEPS> getPepsList();
+
+ public String getIDPAttributQueryServiceURL();
+
+ /**
+ * @return
+ */
+ boolean isInboundSSOInterfederationAllowed();
+
+ /**
+ * @return
+ */
+ boolean isInterfederationSSOStorageAllowed();
+
+ /**
+ * @return
+ */
+ boolean isOutboundSSOInterfederationAllowed();
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 492770aad..7fc5746ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
@@ -85,13 +86,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
*
* @author Harald Bratko
*/
-public class OAAuthParameter extends OAParameter {
+public class OAAuthParameter extends OAParameter implements IOAAuthParameters {
- public static final String ONLINEBKU = "online";
- public static final String HANDYBKU = "handy";
- public static final String LOCALBKU = "local";
-
private AuthComponentOA oa_auth;
+ private String keyBoxIdentifier;
+ private InterfederationIDPType inderfederatedIDP = null;
public OAAuthParameter(OnlineApplication oa) {
super(oa);
@@ -99,13 +98,15 @@ public class OAAuthParameter extends OAParameter {
this.oa_auth = oa.getAuthComponentOA();
this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
-}
+
+ this.inderfederatedIDP = oa.getInterfederationIDP();
+ }
- private String keyBoxIdentifier;
-/**
- * @return the identityLinkDomainIdentifier
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
*/
+@Override
public String getIdentityLinkDomainIdentifier() {
IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
@@ -115,34 +116,45 @@ public String getIdentityLinkDomainIdentifier() {
return null;
}
-/**
- * @return the keyBoxIdentifier
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
*/
+@Override
public String getKeyBoxIdentifier() {
return keyBoxIdentifier;
}
-/**
- * @return the transformsInfos
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos()
*/
+@Override
public List<String> getTransformsInfos() {
List<TransformsInfoType> transformations = oa_auth.getTransformsInfo();
return ConfigurationUtils.getTransformInfos(transformations);
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+ */
+ @Override
public OASAML1 getSAML1Parameter() {
return oa_auth.getOASAML1();
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter()
+ */
+ @Override
public OAPVP2 getPVP2Parameter() {
return oa_auth.getOAPVP2();
}
- /**
- * @return the templateURL
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
*/
+ @Override
public List<TemplateType> getTemplateURL() {
TemplatesType templates = oa_auth.getTemplates();
@@ -154,6 +166,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+ */
+ @Override
public String getAditionalAuthBlockText() {
TemplatesType templates = oa_auth.getTemplates();
@@ -163,6 +179,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+ */
+ @Override
public String getBKUURL(String bkutype) {
BKUURLS bkuurls = oa_auth.getBKUURLS();
if (bkuurls != null) {
@@ -179,6 +199,10 @@ public List<String> getTransformsInfos() {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+ */
+ @Override
public List<String> getBKUURL() {
BKUURLS bkuurls = oa_auth.getBKUURLS();
@@ -196,6 +220,10 @@ public List<String> getTransformsInfos() {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+ */
+ @Override
public boolean useSSO() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -204,6 +232,10 @@ public List<String> getTransformsInfos() {
return false;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+ */
+ @Override
public boolean useSSOQuestion() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -213,6 +245,10 @@ public List<String> getTransformsInfos() {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL()
+ */
+ @Override
public String getSingleLogOutURL() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
@@ -221,9 +257,10 @@ public List<String> getTransformsInfos() {
return null;
}
-/**
- * @return the mandateProfiles
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
*/
+@Override
public List<String> getMandateProfiles() {
Mandates mandates = oa_auth.getMandates();
@@ -253,9 +290,10 @@ public List<String> getMandateProfiles() {
return null;
}
-/**
- * @return the identityLinkDomainIdentifierType
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
*/
+@Override
public String getIdentityLinkDomainIdentifierType() {
IdentificationNumber idnumber = oa_auth.getIdentificationNumber();
if (idnumber != null)
@@ -265,6 +303,10 @@ public String getIdentityLinkDomainIdentifierType() {
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+ */
+@Override
public boolean isShowMandateCheckBox() {
TemplatesType templates = oa_auth.getTemplates();
if (templates != null) {
@@ -277,6 +319,10 @@ public boolean isShowMandateCheckBox() {
return true;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+ */
+@Override
public boolean isOnlyMandateAllowed() {
TemplatesType templates = oa_auth.getTemplates();
if (templates != null) {
@@ -289,11 +335,10 @@ public boolean isOnlyMandateAllowed() {
return false;
}
- /**
- * Shall we show the stork login in the bku selection frontend?
- *
- * @return true, if is we should show stork login
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
*/
+ @Override
public boolean isShowStorkLogin() {
try {
return oa_auth.getOASTORK().isStorkLogonEnabled();
@@ -303,6 +348,10 @@ public boolean isOnlyMandateAllowed() {
}
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+ */
+@Override
public Map<String, String> getFormCustomizaten() {
TemplatesType templates = oa_auth.getTemplates();
@@ -354,6 +403,10 @@ public Map<String, String> getFormCustomizaten() {
return map;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+ */
+@Override
public Integer getQaaLevel() {
if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null)
@@ -363,21 +416,34 @@ public Integer getQaaLevel() {
return 4;
}
-/**
- * @return the requestedAttributes
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
*/
+@Override
public List<OAStorkAttribute> getRequestedAttributes() {
return oa_auth.getOASTORK().getOAAttributes();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+ */
+@Override
public boolean isRequireConsentForStorkAttributes() {
return oa_auth.getOASTORK().isRequireConsent();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+ */
+@Override
public List<AttributeProviderPlugin> getStorkAPs() {
return oa_auth.getOASTORK().getAttributeProviders();
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+ */
+@Override
public byte[] getBKUSelectionTemplate() {
TemplatesType templates = oa_auth.getTemplates();
@@ -389,6 +455,10 @@ public byte[] getBKUSelectionTemplate() {
return null;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+ */
+@Override
public byte[] getSendAssertionTemplate() {
TemplatesType templates = oa_auth.getTemplates();
@@ -400,8 +470,54 @@ public byte[] getSendAssertionTemplate() {
return null;
}
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+ */
+@Override
public List<CPEPS> getPepsList() {
return new ArrayList<CPEPS>(oa_auth.getOASTORK().getCPEPS());
}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+ */
+@Override
+public String getIDPAttributQueryServiceURL() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.getAttributeQueryURL();
+
+ else
+ return null;
+
+}
+
+@Override
+public boolean isInboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isInboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isOutboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isOutboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isInterfederationSSOStorageAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isStoreSSOSession();
+ else
+ return false;
+}
+
+public boolean isIDPPublicService() {
+ return !getBusinessService();
}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
new file mode 100644
index 000000000..02ac09d70
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -0,0 +1,386 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOAAuthParameters implements IOAAuthParameters {
+
+ private String applicationID = null;
+
+ private boolean isBusinessService;
+ private String target;
+ private String businessTarget;
+
+ private boolean inderfederatedIDP;
+ private String IDPQueryURL;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService()
+ */
+ @Override
+ public boolean getBusinessService() {
+ return this.isBusinessService;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
+ */
+ @Override
+ public String getTarget() {
+ return this.target;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
+ */
+ @Override
+ public String getIdentityLinkDomainIdentifier() {
+ return this.businessTarget;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP()
+ */
+ @Override
+ public boolean isInderfederationIDP() {
+ return this.inderfederatedIDP;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+ */
+ @Override
+ public String getIDPAttributQueryServiceURL() {
+ return this.IDPQueryURL;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
+ */
+ @Override
+ public String getKeyBoxIdentifier() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos()
+ */
+ @Override
+ public List<String> getTransformsInfos() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+ */
+ @Override
+ public OASAML1 getSAML1Parameter() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter()
+ */
+ @Override
+ public OAPVP2 getPVP2Parameter() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
+ */
+ @Override
+ public List<TemplateType> getTemplateURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+ */
+ @Override
+ public String getAditionalAuthBlockText() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+ */
+ @Override
+ public String getBKUURL(String bkutype) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+ */
+ @Override
+ public List<String> getBKUURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+ */
+ @Override
+ public boolean useSSO() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+ */
+ @Override
+ public boolean useSSOQuestion() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL()
+ */
+ @Override
+ public String getSingleLogOutURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
+ */
+ @Override
+ public List<String> getMandateProfiles() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
+ */
+ @Override
+ public String getIdentityLinkDomainIdentifierType() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+ */
+ @Override
+ public boolean isShowMandateCheckBox() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+ */
+ @Override
+ public boolean isOnlyMandateAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
+ */
+ @Override
+ public boolean isShowStorkLogin() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+ */
+ @Override
+ public Map<String, String> getFormCustomizaten() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+ */
+ @Override
+ public Integer getQaaLevel() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
+ */
+ @Override
+ public List<OAStorkAttribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+ */
+ @Override
+ public boolean isRequireConsentForStorkAttributes() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+ */
+ @Override
+ public List<AttributeProviderPlugin> getStorkAPs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+ */
+ @Override
+ public byte[] getBKUSelectionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+ */
+ @Override
+ public byte[] getSendAssertionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+ */
+ @Override
+ public List<CPEPS> getPepsList() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /**
+ * @param isBusinessService the isBusinessService to set
+ */
+ public void setBusinessService(boolean isBusinessService) {
+ this.isBusinessService = isBusinessService;
+ }
+
+ /**
+ * @param target the target to set
+ */
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ /**
+ * @param businessTarget the businessTarget to set
+ */
+ public void setBusinessTarget(String businessTarget) {
+ this.businessTarget = businessTarget;
+ }
+
+ /**
+ * @param inderfederatedIDP the inderfederatedIDP to set
+ */
+ public void setInderfederatedIDP(boolean inderfederatedIDP) {
+ this.inderfederatedIDP = inderfederatedIDP;
+ }
+
+ /**
+ * @param iDPQueryURL the iDPQueryURL to set
+ */
+ public void setIDPQueryURL(String iDPQueryURL) {
+ IDPQueryURL = iDPQueryURL;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix()
+ */
+ @Override
+ public String getPublicURLPrefix() {
+ return this.applicationID;
+ }
+
+ /**
+ * @param applicationID the applicationID to set
+ */
+ public void setApplicationID(String applicationID) {
+ this.applicationID = applicationID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isInboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed()
+ */
+ @Override
+ public boolean isInterfederationSSOStorageAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isOutboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index f9d3986d7..33e62d3d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -1,27 +1,5 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
/*
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
@@ -42,455 +20,643 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egovernment.moa.id.data;
import java.io.Serializable;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
import java.util.Date;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
- * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ * @author tlenz
*
- * @author Paul Ivancsics
- * @version $Id$
*/
+public class AuthenticationData implements IAuthData, Serializable {
-public class AuthenticationData implements Serializable {
- /**
- *
- */
private static final long serialVersionUID = -1042697056735596866L;
-/**
- * major version number of the SAML assertion
- */
- private int majorVersion;
- /**
- * minor version number of the SAML assertion
- */
- private int minorVersion;
- /**
- * identifier for this assertion
- */
- private String assertionID;
- /**
- * URL of the MOA-ID Auth component issueing this assertion
- */
- private String issuer;
- /**
- * time instant of issue of this assertion
- */
- private String issueInstant;
- /**
- * user identification value (Stammzahl); <code>null</code>,
- * if the authentication module is configured not to return this data
- */
- private String identificationValue;
- /**
- * user identification type
- */
- private String identificationType;
+ public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+ /**
+ * URL of the MOA-ID Auth component issueing this assertion
+ */
+ private String issuer;
+ /**
+ * time instant of issue of this assertion
+ */
+ private Date issueInstant;
+ /**
+ * user identification value (Stammzahl); <code>null</code>,
+ * if the authentication module is configured not to return this data
+ */
+ private String identificationValue;
+ /**
+ * user identification type
+ */
+ private String identificationType;
+
+ /**
+ * user identityLink specialized to OAParamter
+ */
+ private IdentityLink identityLink;
+
+ /**
+ * application specific user identifier (bPK/wbPK)
+ */
+ private String bPK;
+
+ /**
+ * application specific user identifier type
+ */
+ private String bPKType;
+
+ /**
+ * given name of the user
+ */
+ private String givenName;
+ /**
+ * family name of the user
+ */
+ private String familyName;
+ /**
+ * date of birth of the user
+ */
+ private Date dateOfBirth;
+ /**
+ * says whether the certificate is a qualified certificate or not
+ */
+ private boolean qualifiedCertificate;
+ /**
+ * says whether the certificate is a public authority or not
+ */
+ private boolean publicAuthority;
+ /**
+ * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+ */
+ private String publicAuthorityCode;
+
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+ /**
+ * the corresponding <code>lt;saml:Assertion&gt;</code>
+ */
+
+ /**
+ * STORK attributes from response
+ */
+ private String ccc = null;
+ private IPersonalAttributeList storkAttributes = null;
+ private String storkAuthnResponse;
+ private STORKAuthnRequest storkRequest = null;
+
+ private byte[] signerCertificate = null;
+
+ private String authBlock = null;
+
+ private boolean useMandate = false;
+ private MISMandate mandate = null;
+ private String mandateReferenceValue = null;
+
+ private boolean foreigner =false;
+ private String QAALevel = null;
+
+ private boolean ssoSession = false;
+
+ private boolean interfederatedSSOSession = false;
+ private String interfederatedIDP = null;
+
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String nameIDFormat = null;
+
+ public AuthenticationData() {
+ issueInstant = new Date();
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return String
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the bPK.
+ * @return String
+ */
+ public String getBPK() {
+ return bPK;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityIdentification The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+ this.publicAuthorityCode = publicAuthorityIdentification;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the bPK.
+ * @param bPK The bPK to set
+ */
+ public void setBPK(String bPK) {
+ this.bPK = bPK;
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return String
+ */
+ public Date getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ public String getFormatedDateOfBirth() {
+ DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ if (getDateOfBirth() != null)
+ return pvpDateFormat.format(getDateOfBirth());
+ else
+ return "1900-01-01";
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Returns the identificationValue.
+ * @return String
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Returns the identificationType
+ * @return String
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public String getIssueInstantString() {
+ return DateTimeUtils.buildDateTimeUTC(issueInstant);
+
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public Date getIssueInstant() {
+ return issueInstant;
+
+ }
+
+ public void setIssueInstant(Date date) {
+ this.issueInstant = date;
+ }
+
+ /**
+ * Returns the issuer.
+ * @return String
+ */
+ public String getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns the BKU URL.
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(Date dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ public void setDateOfBirth(String dateOfBirth) {
+ try {
+ if (MiscUtil.isNotEmpty(dateOfBirth)) {
+ DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+ }
+
+ } catch (ParseException e) {
+ Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+
+ }
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the identificationType.
+ * @param identificationType The identificationType to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * Sets the issuer.
+ * @param issuer The issuer to set
+ */
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
+ /**
+ * Sets the bkuURL
+ * @param url The BKU URL to set
+ */
+ public void setBkuURL(String url) {
+ this.bkuURL = url;
+ }
+
+ public String getBPKType() {
+ return bPKType;
+ }
+
+ public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+ }
+
+ /**
+ * @return the identityLink
+ */
+ public IdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * @param identityLink the identityLink to set
+ */
+ public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+
+ /**
+ * @return the storkAttributes
+ */
+ public IPersonalAttributeList getStorkAttributes() {
+ return storkAttributes;
+ }
+
+
/**
- * user identityLink specialized to OAParamter
+ * @param storkAttributes the storkAttributes to set
*/
- private IdentityLink identityLink;
+ public void setStorkAttributes(IPersonalAttributeList storkAttributes) {
+ this.storkAttributes = storkAttributes;
+ }
+
+
+ /**
+ * @return the signerCertificate
+ */
+ public byte[] getSignerCertificate() {
+ return signerCertificate;
+ }
+
+
+ /**
+ * @param signerCertificate the signerCertificate to set
+ */
+ public void setSignerCertificate(byte[] signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
+
+ /**
+ * @return the authBlock
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+
+ /**
+ * @param authBlock the authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+
+ /**
+ * @return the mandate
+ */
+ public MISMandate getMISMandate() {
+ return mandate;
+ }
+
+ public Element getMandate() {
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
- /**
- * application specific user identifier (bPK/wbPK)
- */
- private String bPK;
-
- /**
- * application specific user identifier type
- */
- private String bPKType;
-
- /**
- * given name of the user
- */
- private String givenName;
- /**
- * family name of the user
- */
- private String familyName;
- /**
- * date of birth of the user
- */
- private String dateOfBirth;
- /**
- * says whether the certificate is a qualified certificate or not
- */
- private boolean qualifiedCertificate;
- /**
- * says whether the certificate is a public authority or not
- */
- private boolean publicAuthority;
- /**
- * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
- */
- private String publicAuthorityCode;
- /**
- * The base64 encoded signer certificate.
- */
- private String signerCertificate;
- /**
- * URL of the BKU
- */
- private String bkuURL;
- /**
- * the corresponding <code>lt;saml:Assertion&gt;</code>
- */
- private String samlAssertion;
-
- /** useUTC */
-// private boolean useUTC;
- /**
- * creation timestamp
- */
- Date timestamp;
-
-
-
- //this method is only required for MOA-ID Proxy 2.0 Release.
- //TODO: remove it, if MOA-ID Proxy is not supported anymore.
- public String getWBPK() {
- return bPK;
- }
-
-
- /**
- * Constructor for AuthenticationData.
- */
- public AuthenticationData() {
- timestamp = new Date();
- }
-
- /**
- * Returns the minorVersion.
- * @return int
- */
- public int getMinorVersion() {
- return minorVersion;
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return String
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the bPK.
- * @return String
- */
- public String getBPK() {
- return bPK;
- }
-
-// /**
-// * Returns useUTC
-// * @return useUTC
-// */
-// public boolean getUseUTC() {
-// return useUTC;
-// }
-
- /**
- * Sets the minorVersion.
- * @param minorVersion The minorVersion to set
- */
- public void setMinorVersion(int minorVersion) {
- this.minorVersion = minorVersion;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityIdentification The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityIdentification) {
- this.publicAuthorityCode = publicAuthorityIdentification;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the bPK.
- * @param bPK The bPK to set
- */
- public void setBPK(String bPK) {
- this.bPK = bPK;
- }
-
-// /**
-// * Sets the wbPK.
-// * @param wbPK The wbPK to set
-// */
-// public void setWBPK(String wbPK) {
-// this.wbPK = wbPK;
-// }
-
-// public void setUseUTC(boolean useUTC) {
-// this.useUTC = useUTC;
-// }
-
- /**
- * Returns the assertionID.
- * @return String
- */
- public String getAssertionID() {
- return assertionID;
- }
-
- /**
- * Returns the dateOfBirth.
- * @return String
- */
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Returns the identificationValue.
- * @return String
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Returns the identificationType
- * @return String
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Returns the issueInstant.
- * @return String
- */
- public String getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Returns the issuer.
- * @return String
- */
- public String getIssuer() {
- return issuer;
- }
-
- /**
- * Returns the majorVersion.
- * @return int
- */
- public int getMajorVersion() {
- return majorVersion;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Returns the signer certificate.
- * @return String
- */
- public String getSignerCertificate() {
- return signerCertificate;
- }
-
- /**
- * Sets the assertionID.
- * @param assertionID The assertionID to set
- */
- public void setAssertionID(String assertionID) {
- this.assertionID = assertionID;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the identificationType.
- * @param identificationType The identificationType to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Sets the issueInstant.
- * @param issueInstant The issueInstant to set
- */
- public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
- /**
- * Sets the issuer.
- * @param issuer The issuer to set
- */
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
-
- /**
- * Sets the majorVersion.
- * @param majorVersion The majorVersion to set
- */
- public void setMajorVersion(int majorVersion) {
- this.majorVersion = majorVersion;
- }
-
- /**
- * Sets the bkuURL
- * @param url The BKU URL to set
- */
- public void setBkuURL(String url) {
- this.bkuURL = url;
- }
-
- /**
- * Sets the signer certificate
- * @param signerCertificate The signer certificate
- */
- public void setSignerCertificate(String signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
- /**
- * Returns the samlAssertion.
- * @return String
- */
- public String getSamlAssertion() {
- return samlAssertion;
- }
-
- /**
- * Sets the samlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(String samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Returns the timestamp.
- * @return Date
- */
- public Date getTimestamp() {
- return timestamp;
- }
-
-public String getBPKType() {
- return bPKType;
-}
-public void setBPKType(String bPKType) {
- this.bPKType = bPKType;
-}
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMISMandate(MISMandate mandate) {
+ this.mandate = mandate;
+ }
-/**
- * @return the identityLink
- */
-public IdentityLink getIdentityLink() {
- return identityLink;
-}
-/**
- * @param identityLink the identityLink to set
- */
-public void setIdentityLink(IdentityLink identityLink) {
- this.identityLink = identityLink;
-}
+ /**
+ * @return the useMandate
+ */
+ public boolean isUseMandate() {
+ return useMandate;
+ }
+ /**
+ * @param useMandate the useMandate to set
+ */
+ public void setUseMandate(boolean useMandate) {
+ this.useMandate = useMandate;
+ }
-
+
+ /**
+ * @return
+ */
+ public String getQAALevel() {
+ return this.QAALevel;
+ }
+
+
+ /**
+ * @return
+ */
+ public boolean isForeigner() {
+ return this.foreigner;
+ }
+
+
+ /**
+ * @param foreigner the foreigner to set
+ */
+ public void setForeigner(boolean foreigner) {
+ this.foreigner = foreigner;
+ }
+
+
+ /**
+ * @param qAALevel the qAALevel to set
+ */
+ public void setQAALevel(String qAALevel) {
+ QAALevel = qAALevel;
+ }
+
+
+ /**
+ * @return the ssoSession
+ */
+ public boolean isSsoSession() {
+ return ssoSession;
+ }
+
+
+ /**
+ * @param ssoSession the ssoSession to set
+ */
+ public void setSsoSession(boolean ssoSession) {
+ this.ssoSession = ssoSession;
+ }
+
+ /**
+ * @param storkRequest the storkRequest to set
+ */
+ public void setStorkRequest(STORKAuthnRequest storkRequest) {
+ this.storkRequest = storkRequest;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest()
+ */
+ @Override
+ public STORKAuthnRequest getStorkAuthnRequest() {
+ return this.storkRequest;
+ }
+
+ /**
+ * @return the storkAuthnResponse
+ */
+ public String getStorkAuthnResponse() {
+ return storkAuthnResponse;
+ }
+
+ /**
+ * @param storkAuthnResponse the storkAuthnResponse to set
+ */
+ public void setStorkAuthnResponse(String storkAuthnResponse) {
+ this.storkAuthnResponse = storkAuthnResponse;
+ }
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ public String getMandateReferenceValue() {
+ return mandateReferenceValue;
+ }
+
+ /**
+ * @param mandateReferenceValue the mandateReferenceValue to set
+ */
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ this.mandateReferenceValue = mandateReferenceValue;
+ }
+
+ /**
+ * @return the ccc
+ */
+ public String getCcc() {
+ return ccc;
+ }
+
+ /**
+ * @param ccc the ccc to set
+ */
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+ /**
+ * @return the sessionIndex
+ */
+ public String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+ */
+ @Override
+ public String getNameID() {
+ return this.nameID;
+ }
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setNameID(String nameID) {
+ this.nameID = nameID;
+ }
+
+ /**
+ * @return the nameIDFormat
+ */
+ public String getNameIDFormat() {
+ return nameIDFormat;
+ }
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the interfederatedSSOSession
+ */
+ public boolean isInterfederatedSSOSession() {
+ return interfederatedSSOSession;
+ }
+
+ /**
+ * @param interfederatedSSOSession the interfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+ this.interfederatedSSOSession = interfederatedSSOSession;
+ }
+
+ /**
+ * @return the interfederatedIDP
+ */
+ public String getInterfederatedIDP() {
+ return interfederatedIDP;
+ }
+
+ /**
+ * @param interfederatedIDP the interfederatedIDP to set
+ */
+ public void setInterfederatedIDP(String interfederatedIDP) {
+ this.interfederatedIDP = interfederatedIDP;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
new file mode 100644
index 000000000..4ea81f134
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.util.Date;
+
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthData {
+
+ Date getIssueInstant();
+ String getIssuer();
+
+ boolean isSsoSession();
+ boolean isInterfederatedSSOSession();
+ boolean isUseMandate();
+
+ String getFamilyName();
+ String getGivenName();
+ Date getDateOfBirth();
+ String getFormatedDateOfBirth();
+
+ String getBPK();
+ String getBPKType();
+
+ String getInterfederatedIDP();
+
+ String getIdentificationValue();
+ String getIdentificationType();
+
+ String getBkuURL();
+
+ IdentityLink getIdentityLink();
+ byte[] getSignerCertificate();
+ String getAuthBlock();
+
+ boolean isPublicAuthority();
+ String getPublicAuthorityCode();
+ boolean isQualifiedCertificate();
+
+ MISMandate getMISMandate();
+ Element getMandate();
+ String getMandateReferenceValue();
+
+ String getQAALevel();
+
+ String getSessionIndex();
+ String getNameID();
+ String getNameIDFormat();
+
+ boolean isForeigner();
+ String getCcc();
+ STORKAuthnRequest getStorkAuthnRequest();
+ String getStorkAuthnResponse();
+ IPersonalAttributeList getStorkAttributes();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
new file mode 100644
index 000000000..a0f3dd309
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationContainer implements Serializable {
+
+ private static final long serialVersionUID = 7148730740582881862L;
+
+ private PVPTargetConfiguration sloRequest = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs = null;
+ private List<String> sloFailedOAs = null;
+
+
+ public void parseActiveOAs(List<OASessionStore> dbOAs, String removeOAID) {
+ activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>();
+ activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>();
+
+ if (dbOAs != null) {
+ for (OASessionStore oa : dbOAs) {
+ //Actually only PVP 2.1 support Single LogOut
+ if (PVP2XProtocol.NAME.equals(oa.getProtocolType()) &&
+ !oa.getOaurlprefix().equals(removeOAID)) {
+ SingleLogoutService sloDesc;
+ try {
+ sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix());
+
+ if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ activeBackChannelOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ else
+ activeFrontChannalOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ } catch (NOSLOServiceDescriptorException e) {
+ putFailedOA(oa.getOaurlprefix());
+
+ }
+
+ } else
+ putFailedOA(oa.getOaurlprefix());
+ }
+ }
+ }
+
+ public String getNextFrontChannelOA() {
+ Iterator<String> interator = activeFrontChannalOAs.keySet().iterator();
+ if (interator.hasNext())
+ return interator.next();
+
+ else
+ return null;
+ }
+
+ public SLOInformationImpl getFrontChannelOASessionDescripten(String oaID) {
+ return activeFrontChannalOAs.get(oaID);
+ }
+
+ public void removeFrontChannelOA(String oaID) {
+ activeFrontChannalOAs.remove(oaID);
+ }
+
+ public Iterator<String> getNextBackChannelOA() {
+ return activeBackChannelOAs.keySet().iterator();
+ }
+
+ public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+ return activeBackChannelOAs.get(oaID);
+ }
+
+ public void removeBackChannelOA(String oaID) {
+ activeBackChannelOAs.remove(oaID);
+ }
+
+ /**
+ * @return the sloRequest
+ */
+ public PVPTargetConfiguration getSloRequest() {
+ return sloRequest;
+ }
+
+ /**
+ * @param sloRequest the sloRequest to set
+ */
+ public void setSloRequest(PVPTargetConfiguration sloRequest) {
+ this.sloRequest = sloRequest;
+ }
+
+ /**
+ * @return the sloFailedOAs
+ */
+ public List<String> getSloFailedOAs() {
+ return sloFailedOAs;
+ }
+
+ public void putFailedOA(String oaID) {
+ if (sloFailedOAs == null)
+ sloFailedOAs = new ArrayList<String>();
+ sloFailedOAs.add(oaID);
+ }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
new file mode 100644
index 000000000..55b213702
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationImpl implements SLOInformationInterface, Serializable {
+
+ private static final long serialVersionUID = 295577931870512387L;
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String protocolType = null;
+ private String nameIDFormat = null;
+ private String binding = null;
+ private String serviceURL = null;
+
+ public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) {
+ new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null);
+ }
+
+ public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
+ this.sessionIndex = sessionID;
+ this.nameID = nameID;
+ this.nameIDFormat = nameIDFormat;
+ this.protocolType = protocolType;
+
+ if (sloService != null) {
+ this.binding = sloService.getBinding();
+ this.serviceURL = sloService.getLocation();
+
+ }
+ }
+
+
+ /**
+ *
+ */
+ public SLOInformationImpl() {
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
+ */
+ @Override
+ public String getSessionIndex() {
+ return sessionIndex;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
+ */
+ @Override
+ public String getUserNameIdentifier() {
+ return nameID;
+
+ }
+
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setUserNameIdentifier(String nameID) {
+ this.nameID = nameID;
+ }
+
+
+
+ /**
+ * @param protocolType the protocolType to set
+ */
+ public void setProtocolType(String protocolType) {
+ this.protocolType = protocolType;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
+ */
+ @Override
+ public String getProtocolType() {
+ return protocolType;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
+ */
+ @Override
+ public String getUserNameIDFormat() {
+ return this.nameIDFormat;
+ }
+
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+ /**
+ * @return the binding
+ */
+ public String getBinding() {
+ return binding;
+ }
+
+ /**
+ * @return the serviceURL
+ */
+ public String getServiceURL() {
+ return serviceURL;
+ }
+
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
new file mode 100644
index 000000000..b2241f8ed
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface SLOInformationInterface{
+
+
+ /**
+ * get AssertionID which was used for Service Provider Single LogOut request
+ *
+ * @return
+ * SessionID (SessionIndex in case of SAML2)
+ */
+ public String getSessionIndex();
+
+ /**
+ * get user identifier which was used
+ *
+ * @return
+ * bPK / wbPK (nameID in case of SAML2)
+ */
+ public String getUserNameIdentifier();
+
+
+ /**
+ * get protocol type which was used for authentication
+ *
+ * @return
+ * return authentication protocol type
+ */
+ public String getProtocolType();
+
+ /**
+ * @return
+ */
+ public String getUserNameIDFormat();
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 480deb867..a3827ab73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -25,20 +25,18 @@ package at.gv.egovernment.moa.id.entrypoints;
import java.io.IOException;
import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
@@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
@@ -223,8 +224,10 @@ public class DispatcherServlet extends AuthServlet{
}
}
- //HttpSession httpSession = req.getSession();
- //Map<String, IRequest> protocolRequests = null;
+ //get SSO Cookie for Request
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoId = ssomanager.getSSOSessionID(req);
+
IRequest protocolRequest = null;
try {
@@ -249,18 +252,47 @@ public class DispatcherServlet extends AuthServlet{
try {
protocolRequest = info.preProcess(req, resp, action);
- if (protocolRequest != null) {
-
+ //request is a valid interfederation response
+ if (protocolRequest != null &&
+ protocolRequest.getInterfederationResponse() != null ) {
+ Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest");
+
+ //reload SP protocol implementation
+ info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
+ moduleAction = info.getAction(protocolRequest.requestedAction());
+
+ //create interfederated mOASession
+ String sessionID =
+ AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
+ req.getParameterMap().put(PARAM_SESSIONID, sessionID);
+
+ Logger.info("PreProcessing of SSO interfederation response complete. ");
+
+ //request is a not valid interfederation response -> Restart local authentication
+ } else if (protocolRequest != null &&
+ MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
+ Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()
+ + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
+
+ //request is a new authentication request
+ } else if (protocolRequest != null &&
+ MiscUtil.isEmpty(protocolRequest.getRequestID())) {
//Start new Authentication
- protocolRequest.setAction(action);
protocolRequest.setModule(module);
- protocolRequestID = Random.nextRandom();
- protocolRequest.setRequestID(protocolRequestID);
- RequestStorage.setPendingRequest(protocolRequest);
+ //if preProcessing has not set a specific action from decoded request
+ // then set the default action
+ if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
+ protocolRequest.setAction(action);
+ else
+ moduleAction = info.getAction(protocolRequest.requestedAction());
+ protocolRequestID = Random.nextRandom();
+ protocolRequest.setRequestID(protocolRequestID);
+ RequestStorage.setPendingRequest(protocolRequest);
Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
-
+
+
} else {
Logger.error("Failed to generate a valid protocol request!");
resp.setContentType("text/html;charset=UTF-8");
@@ -280,30 +312,42 @@ public class DispatcherServlet extends AuthServlet{
StatisticLogger logger = StatisticLogger.getInstance();
logger.logErrorOperation(e, e.getErrorRequest());
return;
-
- } catch (MOAIDException e) {
+
+ }catch (InvalidProtocolRequestException e) {
+ ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
+ String code = utils.mapInternalErrorToExternalError(e.getMessageId());
+ String descr = e.getMessage();
+ Logger.error("Protocol validation FAILED!");
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
+ "(Errorcode=" + code +
+ " | Description=" + descr + ")");
+ return;
+ } catch (MOAIDException e) {
Logger.error("Failed to generate a valid protocol request!");
resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+ "(Errorcode=6000"
+ +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
return;
}
}
AuthenticationManager authmanager = AuthenticationManager.getInstance();
- SSOManager ssomanager = SSOManager.getInstance();
String moasessionID = null;
String newSSOSessionId = null;
AuthenticationSession moasession = null;
-
- //get SSO Cookie for Request
- String ssoId = ssomanager.getSSOSessionID(req);
-
- boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
+ IAuthData authData = null;
+
+ boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
if (needAuthentication) {
-
+
+ //check if interfederation IDP is requested
+ ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
+
//check SSO session
if (ssoId != null) {
String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
@@ -326,8 +370,8 @@ public class DispatcherServlet extends AuthServlet{
}
- isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
- useSSOOA = oaParam.useSSO();
+ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
+ useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
//if a legacy request is used SSO should not be allowed, actually
@@ -377,38 +421,36 @@ public class DispatcherServlet extends AuthServlet{
if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
return;
- }
- }
- else {
+ }
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
+ } else {
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
- }
-
+
+ }
//save SSO session usage in Database
newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
- if (newSSOSessionId != null) {
+ if (MiscUtil.isNotEmpty(newSSOSessionId)) {
ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
} else {
ssomanager.deleteSSOSessionID(req, resp);
+
}
- } else {
-
- moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
+ } else {
+ moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
+
}
-
-
+ //build authenticationdata from session information and OA configuration
+ authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);
}
-
- String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
+
+ SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
RequestStorage.removePendingRequest(protocolRequestID);
@@ -436,7 +478,7 @@ public class DispatcherServlet extends AuthServlet{
//Advanced statistic logging
StatisticLogger logger = StatisticLogger.getInstance();
- logger.logSuccessOperation(protocolRequest, moasession, isSSOSession);
+ logger.logSuccessOperation(protocolRequest, authData, isSSOSession);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
deleted file mode 100644
index b6fe20a61..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-import at.gv.egovernment.moa.logging.Logger;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.certstore.CertStoreParameters;
-import iaik.pki.store.certstore.CertStoreTypes;
-import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-
-import java.io.File;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CertStoreConfigurationImpl extends ObservableImpl
- implements CertStoreConfiguration, DirectoryCertStoreParameters {
- /**
- * identifies the rootDirectory
- */
- private String rootDirectory;
- /**
- * ConfigurationProvider
- */
- private ConfigurationProvider conf;
- /**
- * Array for storing all CertStoreParameters
- */
- private CertStoreParameters[] parameters;
-
- /**
- * Create a new <code>CertStoreConfigurationImpl</code>.
- *
- * @param conf The MOA configuration from which the configuration data is
- * @throws ConfigurationException an any config-error
- * being read.
- */
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf = conf;
-
- String certStoreRootDirParam = conf.getCertstoreDirectory();
-
- if (certStoreRootDirParam == null)
- throw new ConfigurationException(
- "config.08", new Object[]{"CertStoreDirectory"});
-
- //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
- rootDirectory = certStoreRootDirParam;
- Logger.error("Using file: " + rootDirectory);
- if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5);
- Logger.error("Using file2: " + rootDirectory);
-
- File f = new File(rootDirectory);
- //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir());
-
- if (!f.exists()) {
- Logger.error("File does not exists: " + f.getAbsolutePath());
- throw new ConfigurationException(
- "config.05", new Object[]{"CertStoreDirectory"});
- }
-
- if (!f.isDirectory()) {
- Logger.error("File is not a directory: " + f.getAbsolutePath());
- throw new ConfigurationException(
- "config.05", new Object[]{"CertStoreDirectory"});
- }
-
-
- parameters = new CertStoreParameters[]{this};
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
- */
- public CertStoreParameters[] getParameters() {
- return parameters;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
- */
- public String getRootDirectory() {
- return rootDirectory;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
- */
- public boolean createNew() {
- return false;
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#getId()
- */
- public String getId() {
- return "MOA ID Directory CertStore";
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
- */
- public boolean isReadOnly() {
- return false;
- }
-
- /**
- * @return <code>CertStoreTypes.DIRECTORY</code>
- * @see iaik.pki.store.certstore.CertStoreParameters#getType()
- */
- public String getType() {
- return CertStoreTypes.DIRECTORY;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
deleted file mode 100644
index 064d8a835..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.pathvalidation.ValidationConfiguration;
-import iaik.pki.revocation.RevocationConfiguration;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.revocation.archive.ArchiveConfiguration;
-
-/**
- * Implementation of interface <code>PKIConfiguration</code> needed to
- * initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIConfigurationImpl implements PKIConfiguration {
- /** The configuration for the CertStore */
- private CertStoreConfiguration certStoreConfiguration;
- /** The configuration for the RevocationChecks */
- private RevocationConfiguration revocationConfiguration;
- /** The configuration for the Validation */
- private ValidationConfiguration validationConfiguration;
-
- /**
- * Constructor
- * @param conf the Configuration for the PKIConfig
- * @throws ConfigurationException for any config error
- */
- public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
-
- certStoreConfiguration = new CertStoreConfigurationImpl(conf);
- revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(conf);
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
- */
- public CertStoreConfiguration getCertStoreConfiguration() {
- return certStoreConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
- */
- public RevocationConfiguration getRevocationConfiguration() {
- return revocationConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
- */
- public ArchiveConfiguration getArchiveConfiguration() {
- return null;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
- */
- public ValidationConfiguration getValidationConfiguration() {
- return validationConfiguration;
- }
-
-/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
- */
- public int getTimeout() {
- // TODO Auto-generated method stub
- return 0;
-}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
deleted file mode 100644
index 2c24161f6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.revocation.RevocationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
- */
- public Set getAlternativeDistributionPoints(
- X509Certificate arg0,
- X509Certificate arg1,
- Date arg2) {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
- */
- public boolean archiveRevocationInfo(String arg0, String arg1) {
- return false;
- }
-
- public Integer getCrlRetentionInterval(String arg0) {
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
deleted file mode 100644
index d230eef26..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.pathvalidation.ValidationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ValidationConfigurationImpl extends ObservableImpl
- implements ValidationConfiguration {
- /** The ConfigurationProvider for the validation*/
- private ConfigurationProvider conf;
-
- /**
- * Constructor
- * @param conf with the configuration
- */
- public ValidationConfigurationImpl(ConfigurationProvider conf) {
- this.conf = conf;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- String chainingMode = conf.getChainingMode(trustAnchor);
- return chainingMode;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
- */
- public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
- return null;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
- */
- public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
deleted file mode 100644
index 8afba2a12..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ /dev/null
@@ -1,232 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.pki;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Set;
-
-import iaik.pki.PKIProfile;
-import iaik.pki.pathvalidation.ValidationProfile;
-import iaik.pki.revocation.RevocationProfile;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.pki.store.truststore.TrustStoreProfile;
-import iaik.pki.store.truststore.TrustStoreTypes;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of the <code>PKIProfile</code> interface and subinterfaces
- * providing information needed for certificate path validation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIProfileImpl extends ObservableImpl
- implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
- /**
- * URI to the truststore
- */
- private String trustStoreURI;
-
- /**
- * revocation checking;
- */
- private boolean revocationChecking;
-
- /**
- * The trust profile identifier.
- */
- private String id;
-
-
- /**
- * Create a new <code>PKIProfileImpl</code>.
- *
- * @param trustStoreURI trust store URI
- */
- public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
- this.trustStoreURI = trustStoreURI;
- this.revocationChecking = revocationChecking;
- String id = String.valueOf(System.currentTimeMillis());
- setId("id-" + id);
- }
-
- /**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getRevocationProfile()
- */
- public RevocationProfile getRevocationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getTrustStoreProfile()
- */
- public TrustStoreProfile getTrustStoreProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getValidationProfile()
- */
- public ValidationProfile getValidationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
- */
- public boolean useAuthorityInfoAccess() {
- return true;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
- */
- public long getMaxRevocationAge(String arg0) {
- return 0;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
- */
- public String getOCSPRequestHashAlgorithm() {
- return null;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
- */
- public String[] getPreferredServiceOrder(X509Certificate arg0) {
- return new String[] {RevocationSourceTypes.CRL};
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
- */
- public String getType() {
- return TrustStoreTypes.DIRECTORY;
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
- */
- public String getURI() {
- return trustStoreURI;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
- */
- public boolean getInitialAnyPolicyInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
- */
- public boolean getInitialExplicitPolicy() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
- */
- public boolean getInitialPolicyMappingInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
- */
- public Set getInitialPolicySet() {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
- */
- public boolean getNameConstraintsProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
- */
- public boolean getPolicyProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
- */
- public boolean getRevocationChecking() {
- return this.revocationChecking;
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
- */
- public String getId() {
- return id;
- }
- /**
- * Sets the trust profile identifier.
- * @param id The id to set.
- */
- public void setId(String id) {
- this.id = id;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
deleted file mode 100644
index 202be882e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.pki.jsse;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-/**
- * <code>TrustManager</code> implementation featuring CRL checking (inherited from
- * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDTrustManager extends IAIKX509TrustManager {
-
- /** an x509Certificate array containing all accepted server certificates*/
- private X509Certificate[] acceptedServerCertificates;
-
- /**
- * Constructor
- * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
- * @throws GeneralSecurityException occurs on security errors
- * @throws IOException occurs on IO errors
- */
- public MOAIDTrustManager(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- if (acceptedServerCertificateStoreURL != null)
- buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
- else
- acceptedServerCertificates = null;
- }
-
-
- /**
- * Initializes the LoggingContextManager logging context.
- * Fixes a bug occuring in the case MOA-SP is called by API.
- * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
- * This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
- public static void initializeLoggingContext() {
- if (LoggingContextManager.getInstance().getLoggingContext() == null)
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext(Thread.currentThread().getName()));
- }
-
-
- /**
- * Builds an Array of accepted server certificates from an URL,
- * and stores it in <code>acceptedServerCertificates</code>.
- * @param acceptedServerCertificateStoreURL file URL pointing to the directory
- * containing accepted server X509 certificates
- * @throws GeneralSecurityException on security errors
- * @throws IOException on any IO errors
- */
- private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- List<X509Certificate> certList = new ArrayList<X509Certificate>();
- URL storeURL = new URL(acceptedServerCertificateStoreURL);
- File storeDir = new File(storeURL.getFile());
- // list certificate files in directory
- File[] certFiles = storeDir.listFiles();
- for (int i = 0; i < certFiles.length; i++) {
- // for each: create an X509Certificate and store it in list
- File certFile = certFiles[i];
- FileInputStream fis = new FileInputStream(certFile.getPath());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
- fis.close();
- certList.add(cert);
- }
- // store acceptedServerCertificates
- acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
- }
-
- /**
- * Does additional server-end-SSL-certificate checking.
- * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
- */
- public boolean isServerTrusted(X509Certificate[] certChain) {
- boolean trusted = super.isServerTrusted(certChain);
- if (! trusted || acceptedServerCertificates == null)
- return trusted;
- else {
- // check server-end-SSL-certificate with acceptedServerCertificates
- X509Certificate serverCert = certChain[0];
- for (int i = 0; i < acceptedServerCertificates.length; i++) {
- X509Certificate acceptedServerCert = acceptedServerCertificates[i];
- if (serverCert.equals(acceptedServerCert))
- return true;
- }
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
- return false;
- }
- }
- /**
- * In rare cases, this method is being called although it should not be.
- * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
- */
- public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
- {
- return true;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
deleted file mode 100644
index 16184502d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.servertools.observer;
-
-import iaik.pki.store.observer.NotificationData;
-import iaik.pki.store.observer.Observable;
-import iaik.pki.store.observer.Observer;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-
-/**
- * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ObservableImpl implements Observable {
- /** a List for all observers */
- private List<Observer> observers = new ArrayList<Observer>();
-
- /**
- * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
- */
- public void addObserver(Observer observer) {
- observers.add(observer);
- }
-
- /**
- * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
- */
- public boolean removeObserver(Observer observer) {
- return observers.remove(observer);
- }
-
- /**
- * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
- */
- public void notify(NotificationData data) {
- Iterator<Observer> iter = observers.iterator();
- for (iter = observers.iterator(); iter.hasNext();) {
- Observer observer = (Observer) iter.next();
- observer.notify(data);
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 03a61d08f..5a06b3ecd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -24,12 +24,37 @@ package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.joda.time.DateTime;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCredentialResolverFactory;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
@@ -42,9 +67,17 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
public class AuthenticationManager extends AuthServlet {
@@ -65,7 +98,6 @@ public class AuthenticationManager extends AuthServlet {
return instance;
}
-
/**
* Checks if this request can authenticate a MOA Session
*
@@ -82,9 +114,7 @@ public class AuthenticationManager extends AuthServlet {
AuthenticationSession authSession;
try {
authSession = AuthenticationSessionStoreage.getSession(sessionID);
-
-
-
+
if (authSession != null) {
Logger.info("MOASession found! A: "
+ authSession.isAuthenticated() + ", AU "
@@ -148,16 +178,168 @@ public class AuthenticationManager extends AuthServlet {
public void doAuthentication(HttpServletRequest request,
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
+
Logger.info("Starting authentication ...");
+
+ if (MiscUtil.isEmpty(target.getRequestedIDP())) {
+ perfomLocalAuthentication(request, response, target);
+
+ } else {
+ Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
+ buildPVP21AuthenticationRequest(request, response, target);
+
+ }
+ }
+
+ public void sendTransmitAssertionQuestion(HttpServletRequest request,
+ HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
+ throws ServletException, IOException, MOAIDException {
+
+ String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
+ target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(form);
+ out.flush();
+ }
+
+ private void buildPVP21AuthenticationRequest(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+
+ boolean requiredLocalAuthentication = true;
+
+ Logger.debug("Build PVP 2.1 authentication request");
+
+ //get IDP metadata
+ try {
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+ Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+ Logger.info("Switch to local authentication on this IDP ... ");
+ perfomLocalAuthentication(request, response, target);
+ return;
+
+ }
+
+ EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
+ getEntityDescriptor(target.getRequestedIDP());
+
+ if (idpEntity != null ) {
+
+ //fetch endpoint from IDP metadata
+ SingleSignOnService redirectEndpoint = null;
+ for (SingleSignOnService sss :
+ idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+
+ // use POST binding as default if it exists
+ //TODO: maybe use RedirectBinding as default
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ redirectEndpoint = sss;
+
+ } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) &&
+ redirectEndpoint == null )
+ redirectEndpoint = sss;
+ }
+
+ if (redirectEndpoint != null) {
+
+ AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
-// if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.12");
-//
-// if (target.getOAURL() == null) {
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.12");
-// }
+ //send passive AuthnRequest
+ authReq.setIsPassive(true);
+
+ authReq.setAssertionConsumerServiceIndex(0);
+ authReq.setIssueInstant(new DateTime());
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath();
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+
+ subject.setNameID(name);
+ authReq.setSubject(subject);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+ NameIDPolicy policy = SAML2Utils
+ .createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameID.TRANSIENT);
+ authReq.setNameIDPolicy(policy);
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+
+ AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ authReq.setRequestedAuthnContext(reqAuthContext);
+
+
+ IEncoder binding = null;
+ if (redirectEndpoint.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (redirectEndpoint.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ binding.encodeRequest(request, response, authReq,
+ redirectEndpoint.getLocation(), target.getRequestID());
+
+ //build and send request without an error
+ requiredLocalAuthentication = false;
+
+ } else {
+ Logger.warn("Requested IDP " + target.getRequestedIDP()
+ + " does not support POST or Redirect Binding.");
+
+ }
+
+ } else {
+ Logger.warn("Requested IDP " + target.getRequestedIDP()
+ + " is not found in InterFederation configuration");
+
+ }
+
+ } catch (MetadataProviderException e) {
+ Logger.error("IDP metadata error." , e);
+
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ } catch (SecurityException e) {
+ Logger.error("Build IDP authentication request FAILED.", e);
+
+ }
+
+ if (requiredLocalAuthentication) {
+ Logger.info("Switch to local authentication on this IDP ... ");
+ perfomLocalAuthentication(request, response, target);
+ }
+ }
+
+
+ private void perfomLocalAuthentication(HttpServletRequest request,
+ HttpServletResponse response, IRequest target)
+ throws ServletException, IOException, MOAIDException {
+ Logger.debug("Starting authentication on this IDP ...");
setNoCachingHeadersInHttpRespone(request, response);
@@ -183,17 +365,12 @@ public class AuthenticationManager extends AuthServlet {
if (legacyallowed && legacyparamavail) {
- //parse request parameter into MOASession
-
+ //parse request parameter into MOASession
StartAuthentificationParameterParser.parse(request, response, moasession, target);
Logger.info("Start Authentication Module: " + moasession.getModul()
+ " Action: " + moasession.getAction());
-
- //start authentication process
-// session.getServletContext().getNamedDispatcher("StartAuthentication")
-// .forward(request, response);
-
+
StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
String getIdentityLinkForm = startauth.build(moasession, request, response);
@@ -260,17 +437,4 @@ public class AuthenticationManager extends AuthServlet {
out.flush();
}
}
-
- public void sendTransmitAssertionQuestion(HttpServletRequest request,
- HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
- throws ServletException, IOException, MOAIDException {
-
- String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
- target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath());
-
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(response.getOutputStream());
- out.print(form);
- out.flush();
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index 9a3d3986b..529e2ab81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -26,11 +26,13 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
public interface IAction extends MOAIDAuthConstants {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData)
throws MOAIDException;
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 2ef24c084..aaeb84f92 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,6 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+
public interface IRequest {
public String getOAURL();
public boolean isPassiv();
@@ -33,7 +39,10 @@ public interface IRequest {
public void setAction(String action);
public String getTarget();
public void setRequestID(String id);
- public String getRequestID();
+ public String getRequestID();
+ public String getRequestedIDP();
+ public MOAResponse getInterfederationResponse();
+ public List<Attribute> getRequestedAttributes();
//public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index b9b1742e4..4a54a516b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -23,8 +23,13 @@
package at.gv.egovernment.moa.id.moduls;
import java.io.Serializable;
+import java.util.List;
-public class RequestImpl implements IRequest, Serializable{
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+
+public abstract class RequestImpl implements IRequest, Serializable{
private static final long serialVersionUID = 1L;
@@ -37,6 +42,16 @@ public class RequestImpl implements IRequest, Serializable{
private String target = null;
private String requestID;
+ //MOA-ID interfederation
+ private String requestedIDP = null;
+ private MOAResponse response = null;
+
+ /**
+ * This method map the protocol specific requested attributes to PVP 2.1 attributes.
+ *
+ * @return List of PVP 2.1 attributes with maps all protocol specific attributes
+ */
+ public abstract List<Attribute> getRequestedAttributes();
public void setOAURL(String value) {
oaURL = value;
@@ -102,4 +117,36 @@ public class RequestImpl implements IRequest, Serializable{
public String getRequestID() {
return requestID;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+ */
+ @Override
+ public String getRequestedIDP() {
+ return requestedIDP;
+ }
+
+ /**
+ * @param requestedIDP the requestedIDP to set
+ */
+ public void setRequestedIDP(String requestedIDP) {
+ this.requestedIDP = requestedIDP;
+ }
+
+ /**
+ * @return the response
+ */
+ public MOAResponse getInterfederationResponse() {
+ return response;
+ }
+
+ /**
+ * @param response the response to set
+ */
+ public void setInterfederationResponse(MOAResponse response) {
+ this.response = response;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 684c6630a..f4f89a4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,11 +31,15 @@ import javax.servlet.http.HttpServletResponse;
import org.hibernate.Query;
import org.hibernate.Session;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class SSOManager {
private static final String SSOCOOKIE = "MOA_ID_SSO";
+ private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
+ private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+
private static SSOManager instance = null;
private static int sso_timeout;
@@ -68,7 +75,46 @@ public class SSOManager {
return instance;
}
- public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+ public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IRequest protocolRequest) {
+ String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
+
+ if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
+ Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+
+ }
+
+ if (protocolRequest instanceof RequestImpl) {
+ //check if IDP is requested
+ RequestImpl moaReq = (RequestImpl) protocolRequest;
+ if (MiscUtil.isNotEmpty(interIDP)) {
+ Logger.info("Receive SSO request for interfederation IDP " + interIDP);
+ moaReq.setRequestedIDP(interIDP);
+
+ } else {
+ //check if IDP cookie is set
+ String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+ if (MiscUtil.isNotEmpty(cookie)) {
+ Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
+ moaReq.setRequestedIDP(cookie);
+
+ deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
+ }
+ }
+
+ } else {
+ Logger.warn("Request is not of type RequestImpl");
+
+ }
+ }
+
+ public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
+ setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+
+ }
+
+
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
// search SSO Session
if (ssoSessionID == null) {
@@ -76,15 +122,43 @@ public class SSOManager {
return false;
}
- // String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
- // AuthenticationManager.MOA_SESSION, null);
+ AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
- return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+ if (storedSession == null)
+ return false;
+
+ else {
+ if (protocolRequest != null &&
+ protocolRequest instanceof RequestImpl &&
+ storedSession.isInterfederatedSSOSession() &&
+ !storedSession.isAuthenticated()) {
+
+ if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
+ InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
+
+ if (selectedIDP != null) {
+ //no local SSO session exist -> request interfederated IDP
+ ((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix());
+
+ } else {
+ Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+ MOASessionDBUtils.delete(storedSession);
+
+ }
+ }
+
+ return false;
+
+ }
+
+ return true;
+ }
}
public String getMOASession(String ssoSessionID) {
- return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+ return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+
}
public String existsOldSSOSession(String ssoId) {
@@ -95,24 +169,10 @@ public class SSOManager {
List<OldSSOSessionIDStore> result;
synchronized (session) {
-
-// try {
-// session.getTransaction().rollback();
-// }
-// catch (Exception e) {
-// e.printStackTrace();
-// }
-// try {
-// session.getSessionFactory().openSession();
-// }
-// catch (Exception e) {
-// e.printStackTrace();
-// }
- // session.getTransaction().begin();
-
+
session.beginTransaction();
Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
- query.setString("sessionid", ssoId);
+ query.setParameter("sessionid", ssoId);
result = query.list();
// send transaction
@@ -156,22 +216,58 @@ public class SSOManager {
return newSSOId;
}
-
+
public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
- Cookie[] cookies = httpReq.getCookies();
+ setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout);
- if (cookies != null) {
- deleteSSOSessionID(httpReq, httpResp);
- }
+ }
- Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
- cookie.setMaxAge(sso_timeout);
- cookie.setSecure(true);
- cookie.setPath(httpReq.getContextPath());
- httpResp.addCookie(cookie);
+ public String getSSOSessionID(HttpServletRequest httpReq) {
+ return getValueFromCookie(httpReq, SSOCOOKIE);
+
+ }
+
+ public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ deleteCookie(httpReq, httpResp, SSOCOOKIE);
}
- public String getSSOSessionID(HttpServletRequest httpReq) {
+ /**
+ * @param entityID
+ * @param request
+ */
+ public boolean removeInterfederatedSSOIDP(String entityID,
+ HttpServletRequest request) {
+
+ String ssoSessionID = getSSOSessionID(request);
+
+ if (MiscUtil.isNotEmpty(ssoSessionID)) {
+
+ AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+
+ if (storedSession == null)
+ return false;
+
+ InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
+
+ if (selectedIDP != null) {
+ //no local SSO session exist -> request interfederated IDP
+ Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix()
+ + " from MOASession " + storedSession.getSessionid());
+ MOASessionDBUtils.delete(selectedIDP);
+
+ } else {
+ Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+
+ }
+
+ return true;
+
+ } else
+ return false;
+
+ }
+
+ private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
@@ -181,7 +277,7 @@ public class SSOManager {
// (firefox)
// if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
- if (cookie.getName().equals(SSOCOOKIE)) {
+ if (cookie.getName().equals(cookieName)) {
return cookie.getValue();
}
}
@@ -189,13 +285,21 @@ public class SSOManager {
return null;
}
- public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
- Cookie[] cookies = httpReq.getCookies();
+ private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ String cookieName, String cookieValue, int maxAge) {
- if (cookies != null) {
- for (Cookie cookie : cookies) {
- if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie);
- }
- }
+ Cookie cookie = new Cookie(cookieName, cookieValue);
+ cookie.setMaxAge(maxAge);
+ cookie.setSecure(true);
+
+ //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains
+ cookie.setPath(httpReq.getContextPath());
+
+ httpResp.addCookie(cookie);
+ }
+
+ private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+ setCookie(httpReq, httpResp, cookieName, "", 1);
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index b95c08044..6c2f3e75a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.monitoring;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.InputStream;
+import java.net.URL;
import java.util.List;
import org.w3c.dom.Element;
@@ -49,8 +48,9 @@ public class IdentityLinkTestModule implements TestModuleInterface {
public void initializeTest(long delayParam, String url) throws Exception{
if (MiscUtil.isNotEmpty(url)) {
- File idlfile = new File(url);
- InputStream idlstream = new FileInputStream(idlfile);
+
+ URL keystoreURL = new URL(url);
+ InputStream idlstream = keystoreURL.openStream();
identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index ccfa6d5d1..84581abe8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -30,6 +30,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
public class TestManager {
@@ -54,7 +55,7 @@ public class TestManager {
//add IdentityLink verification test
IdentityLinkTestModule test2 = new IdentityLinkTestModule();
- String idlurl = config.getMonitoringTestIdentityLinkURL();
+ String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
try {
test2.initializeTest(0, idlurl);
tests.put(test2.getName(), test2);;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index 8d45a5d86..93a2f7d6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -26,6 +26,7 @@ import java.util.Properties;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.util.FileUtils;
public class OAuth20Configuration {
@@ -44,10 +45,12 @@ public class OAuth20Configuration {
public static final String JWT_KEY_PASSWORD = "jwt.ks.key.password";
private Properties props;
+ private String rootDir = null;
private OAuth20Configuration() {
try {
props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig();
+ rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
}
catch (ConfigurationException e) {
e.printStackTrace();
@@ -55,7 +58,7 @@ public class OAuth20Configuration {
}
public String getJWTKeyStore() {
- return props.getProperty(JWT_KEYSTORE);
+ return FileUtils.makeAbsoluteURL(props.getProperty(JWT_KEYSTORE), rootDir);
}
public String getJWTKeyStorePassword() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index 677b5e7ab..75501d812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -28,6 +28,8 @@ public final class OAuth20Constants {
throw new InstantiationError();
}
+ public static final String ERRORPAGE = "moa_errorcodes.html";
+
// error parameters and error codes
public static final String PARAM_ERROR = "error";
public static final String PARAM_ERROR_DESCRIPTION = "error_description";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 394fd1430..3b0d07ce1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -27,9 +27,8 @@ import java.util.List;
import org.apache.commons.lang.StringUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
@@ -173,10 +172,10 @@ public final class OAuth20AttributeBuilder {
}
private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
- final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData) {
+ final OAAuthParameter oaParam, final IAuthData authData) {
for (IAttributeBuilder b : builders) {
try {
- Pair<String, JsonPrimitive> attribute = b.build(authSession, oaParam, authData, generator);
+ Pair<String, JsonPrimitive> attribute = b.build(oaParam, authData, generator);
if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) {
jsonObject.add(attribute.getFirst(), attribute.getSecond());
}
@@ -187,33 +186,70 @@ public final class OAuth20AttributeBuilder {
}
}
- public static void addScopeOpenId(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersOpenId, jsonObject, authSession, oaParam, authData);
+ public static void addScopeOpenId(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersOpenId, jsonObject, oaParam, authData);
}
- public static void addScopeProfile(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersProfile, jsonObject, authSession, oaParam, authData);
+ public static void addScopeProfile(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersProfile, jsonObject, oaParam, authData);
}
- public static void addScopeEID(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersEID, jsonObject, authSession, oaParam, authData);
+ public static void addScopeEID(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEID, jsonObject, oaParam, authData);
}
- public static void addScopeEIDGov(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersEIDGov, jsonObject, authSession, oaParam, authData);
+ public static void addScopeEIDGov(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersEIDGov, jsonObject, oaParam, authData);
}
- public static void addScopeMandate(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersMandate, jsonObject, authSession, oaParam, authData);
+ public static void addScopeMandate(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersMandate, jsonObject, oaParam, authData);
}
- public static void addScopeSTORK(final JsonObject jsonObject, final AuthenticationSession authSession,
- final OAAuthParameter oaParam, final AuthenticationData authData) {
- addAttibutes(buildersSTORK, jsonObject, authSession, oaParam, authData);
+ public static void addScopeSTORK(final JsonObject jsonObject,
+ final OAAuthParameter oaParam, final IAuthData authData) {
+ addAttibutes(buildersSTORK, jsonObject, oaParam, authData);
}
+
+ /**
+ * @return the buildersprofile
+ */
+ public static List<IAttributeBuilder> getBuildersprofile() {
+ return buildersProfile;
+ }
+
+ /**
+ * @return the builderseid
+ */
+ public static List<IAttributeBuilder> getBuilderseid() {
+ return buildersEID;
+ }
+
+ /**
+ * @return the builderseidgov
+ */
+ public static List<IAttributeBuilder> getBuilderseidgov() {
+ return buildersEIDGov;
+ }
+
+ /**
+ * @return the buildersmandate
+ */
+ public static List<IAttributeBuilder> getBuildersmandate() {
+ return buildersMandate;
+ }
+
+ /**
+ * @return the buildersstork
+ */
+ public static List<IAttributeBuilder> getBuildersstork() {
+ return buildersSTORK;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index da1980896..121648499 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
return "auth_time";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildLongAttribute(this.getName(), "", ((long) (authData.getTimestamp().getTime() / 1000)));
+ return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000)));
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index e7a85705a..9230c0105 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -39,7 +38,7 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
return "exp";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index a75dfd029..3bdda5c2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -37,7 +36,7 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
return "iat";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index d21f1a5bb..85c46d5b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder {
return "iss";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index bc48ce915..d5bda0dba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
return "sub";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getBPK());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index a92b0c12d..dd84536ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,9 +34,9 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
return "birthdate";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(this.getName(), "", authData.getDateOfBirth());
+ return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index 5ce22a6c6..02cc66e4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder {
return "family_name";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index 047bfa9a9..302ce8105 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
@@ -35,7 +34,7 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder {
return "given_name";
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
new file mode 100644
index 000000000..0edeb89bc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OAuth20OANotSupportedException extends OAuth20Exception {
+
+ private static final long serialVersionUID = -8713091674236329339L;
+
+ /**
+ * @param errorCode
+ * @param messageId
+ * @param parameters
+ */
+ public OAuth20OANotSupportedException() {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
index d560e46f0..470507f08 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
@@ -28,7 +28,7 @@ public class OAuth20ServerErrorException extends OAuth20Exception {
private static final long serialVersionUID = 1L;
public OAuth20ServerErrorException() {
- super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.10", new Object[] {});
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index d60b8c230..4c70ce995 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -30,13 +30,12 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
@@ -51,14 +50,13 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
- AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
String responseType = oAuthRequest.getResponseType();
@@ -76,7 +74,7 @@ class OAuth20AuthAction implements IAction {
o.setCode(code);
//generate idToken from MOASession
- Map<String, Object> idToken = generateIDToken(o, oAuthRequest, moasession, accessToken);
+ Map<String, Object> idToken = generateIDToken(o, oAuthRequest, authData, accessToken);
o.setAuthDataSession(idToken);
} else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
@@ -100,7 +98,11 @@ class OAuth20AuthAction implements IAction {
httpResp.addHeader("Location", finalUrl);
Logger.debug("REDIRECT TO: " + finalUrl.toString());
- return accessToken;
+
+ //TODO: maybe add bPK / wbPK to SLO information
+ SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule());
+
+ return sloInformation;
}
catch (Exception e) {
@@ -118,7 +120,7 @@ class OAuth20AuthAction implements IAction {
}
private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
- OAuth20AuthRequest oAuthRequest, AuthenticationSession moasession, String accessToken) throws SignatureException, MOAIDException {
+ OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
// create response
Map<String, Object> params = new HashMap<String, Object>();
@@ -128,7 +130,7 @@ class OAuth20AuthAction implements IAction {
// build id token and scope
Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
- moasession);
+ authData);
Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
@@ -138,34 +140,33 @@ class OAuth20AuthAction implements IAction {
}
- private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, AuthenticationSession session)
+ private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
throws MOAIDException, SignatureException {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
- AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget());
OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
OAuthJsonToken token = new OAuthJsonToken(signer);
StringBuilder resultScopes = new StringBuilder();
// always fill with open id
- OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append("openId");
for (String s : scope.split(" ")) {
if (s.equalsIgnoreCase("profile")) {
- OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" profile");
} else if (s.equalsIgnoreCase("eID")) {
- OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" eID");
} else if (s.equalsIgnoreCase("eID_gov")) {
- OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" eID_gov");
} else if (s.equalsIgnoreCase("mandate")) {
- OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" mandate");
} else if (s.equalsIgnoreCase("stork")) {
- OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
resultScopes.append(" stork");
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index dc3335631..c47e366a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -22,17 +22,29 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.core.Attribute;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthRequest extends OAuth20BaseRequest {
@@ -153,4 +165,48 @@ class OAuth20AuthRequest extends OAuth20BaseRequest {
}
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ Map<String, String> reqAttr = new HashMap<String, String>();
+ for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+ reqAttr.put(el, "");
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("mandate")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("stork")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+ reqAttr.put(el.getName(), "");
+
+ }
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index d0b43d25a..d08bd593a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -89,7 +90,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
}
if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId())
|| StringUtils.isEmpty(config.getOAuthRedirectUri())) {
- throw new OAuth20ServerErrorException();
+ throw new OAuth20OANotSupportedException();
}
}
catch (ConfigurationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 00b7a83f0..9dac8d5a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import java.net.URLEncoder;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
@@ -10,17 +11,22 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import com.google.gson.JsonObject;
+import edu.emory.mathcs.backport.java.util.Arrays;
+
public class OAuth20Protocol implements IModulInfo {
public static final String NAME = OAuth20Protocol.class.getName();
@@ -29,6 +35,13 @@ public class OAuth20Protocol implements IModulInfo {
public static final String AUTH_ACTION = "AUTH";
public static final String TOKEN_ACTION = "TOKEN";
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.BPK_NAME
+ });
+
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
@@ -87,20 +100,27 @@ public class OAuth20Protocol implements IModulInfo {
*/
public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
throws Throwable {
-
+
// get error code and description
String errorCode;
String errorDescription;
- // String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11";
+ String errorUri = AuthConfigurationProvider.getInstance().getPublicURLPrefix()
+ +"/" + OAuth20Constants.ERRORPAGE;
+ String moaError = null;
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
if (e instanceof OAuth20Exception) {
errorCode = ((OAuth20Exception) e).getErrorCode();
errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
+ moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+
} else {
errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
+ moaError = errorUtils.getResponseErrorCode(e);
}
-
+
String paramRedirect = null;
String state = null;
boolean isAuthRequest = false;
@@ -144,7 +164,8 @@ public class OAuth20Protocol implements IModulInfo {
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- // OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ if (MiscUtil.isNotEmpty(moaError))
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
response.setContentType("text/html");
@@ -159,7 +180,7 @@ public class OAuth20Protocol implements IModulInfo {
Map<String, Object> params = new HashMap<String, Object>();
params.put(OAuth20Constants.PARAM_ERROR, errorCode);
params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
- // params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
// create response
JsonObject jsonObject = new JsonObject();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 3f6c148eb..944da38d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -26,9 +26,10 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
@@ -42,8 +43,8 @@ import com.google.gson.JsonObject;
class OAuth20TokenAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
- AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
OAuth20SessionObject auth20SessionObject = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 0f1ba23b3..3c90a5773 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -22,8 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
+import org.opensaml.saml2.core.Attribute;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -137,4 +141,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE);
this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
new file mode 100644
index 000000000..71d1c26d4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import edu.emory.mathcs.backport.java.util.Arrays;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryAction implements IAction {
+
+ @SuppressWarnings("unchecked")
+ private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
+ new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
+
+ @SuppressWarnings("unchecked")
+ private final static List<String> DEFAULTMANDATEATTRIBUTES = Arrays.asList(
+ new String[]{ PVPConstants.MANDATE_FULL_MANDATE_NAME,
+ PVPConstants.MANDATE_PROF_REP_OID_NAME});
+
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ if (req instanceof PVPTargetConfiguration &&
+ ((PVPTargetConfiguration) req).getRequest() instanceof MOARequest &&
+ ((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+
+ AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest();
+
+ //load moaSession
+ String nameID = attrQuery.getSubject().getNameID().getValue();
+
+ AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID);
+ if (session == null) {
+ Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
+ throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null);
+
+ }
+
+ DateTime date = new DateTime();
+
+ //generate authData
+ authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
+
+ //add default attributes in case of mandates or STORK is in use
+ List<String> attrList = addDefaultAttributes(attrQuery, authData);
+
+ //build PVP 2.1 assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex());
+
+ //build PVP 2.1 response
+ Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion);
+
+ try {
+ SoapBinding decoder = new SoapBinding();
+ decoder.encodeRespone(httpReq, httpResp, authResponse, null, null);
+ return null;
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ } else {
+ Logger.error("Process AttributeQueryAction but request is NOT of type AttributQuery.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return PVP2XProtocol.ATTRIBUTEQUERY;
+ }
+
+ private List<String> addDefaultAttributes(AttributeQuery query, IAuthData authData) {
+
+ List<String> reqAttributs = new ArrayList<String>();
+
+ for (Attribute attr : query.getAttributes()) {
+ reqAttributs.add(attr.getName());
+
+ }
+
+ //add default STORK attributes if it is a STORK authentication
+ if (authData.isForeigner() && !reqAttributs.containsAll(DEFAULTSTORKATTRIBUTES)) {
+ for (String el : DEFAULTSTORKATTRIBUTES) {
+ if (!reqAttributs.contains(el))
+ reqAttributs.add(el);
+ }
+ }
+
+ //add default mandate attributes if it is a authentication with mandates
+ if (authData.isUseMandate() && !reqAttributs.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+ for (String el : DEFAULTMANDATEATTRIBUTES) {
+ if (!reqAttributs.contains(el))
+ reqAttributs.add(el);
+ }
+ }
+
+ return reqAttributs;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 10618071a..70db9cc23 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -25,19 +25,27 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
public class AuthenticationAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+
+ SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, authData);
+
+ //set protocol type
+ sloInformation.setProtocolType(req.requestedModule());
+
+ return sloInformation;
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 99cba3277..01f7e18ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -38,30 +38,42 @@ import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -69,8 +81,8 @@ public class MetadataAction implements IAction {
private static final int VALIDUNTIL_IN_HOURS = 24;
- public String processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
try {
EntitiesDescriptor idpEntitiesDescriptor =
@@ -110,6 +122,7 @@ public class MetadataAction implements IAction {
//keyInfoFactory.setEmitPublicKeyValue(true);
keyInfoFactory.setEmitEntityIDAsKeyName(true);
keyInfoFactory.setEmitEntityCertificate(true);
+
KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential();
@@ -120,106 +133,12 @@ public class MetadataAction implements IAction {
SecurityHelper.prepareSignatureParams(signature, metadataSigningCredential, null, null);
idpEntitiesDescriptor.setSignature(signature);
-
-// //set SignatureMethode
-// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
-//
-// //set DigestMethode
-// List<ContentReference> contentList = signature.getContentReferences();
-// for (ContentReference content : contentList) {
-//
-// if (content instanceof SAMLObjectContentReference) {
-//
-// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
-// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
-//
-// }
-// }
-
-
-// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
-// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
-// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
-// signature.setKeyInfo(metadataKeyInfo );
-
-
-
- IDPSSODescriptor idpSSODescriptor = SAML2Utils
- .createSAMLObject(IDPSSODescriptor.class);
- idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
- idpSSODescriptor.setWantAuthnRequestsSigned(true);
-
- if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
- SingleSignOnService postSingleSignOnService = SAML2Utils
- .createSAMLObject(SingleSignOnService.class);
-
- postSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSOPostService());
- postSingleSignOnService
- .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-
- idpSSODescriptor.getSingleSignOnServices().add(
- postSingleSignOnService);
- }
-
- if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
- SingleSignOnService redirectSingleSignOnService = SAML2Utils
- .createSAMLObject(SingleSignOnService.class);
-
- redirectSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSORedirectService());
- redirectSingleSignOnService
- .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-
- idpSSODescriptor.getSingleSignOnServices().add(
- redirectSingleSignOnService);
- }
-
- /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
- ArtifactResolutionService artifactResolutionService = SAML2Utils
- .createSAMLObject(ArtifactResolutionService.class);
-
- artifactResolutionService
- .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
- artifactResolutionService.setLocation(PVPConfiguration
- .getInstance().getIDPResolveSOAPService());
-
- artifactResolutionService.setIndex(0);
-
- idpSSODescriptor.getArtifactResolutionServices().add(
- artifactResolutionService);
- }*/
-
- //set assertion signing key
- Credential assertionSigingCredential = CredentialProvider
- .getIDPAssertionSigningCredential();
-
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential));
- idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
- idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
-
- NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
-
- idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
-
- NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+ //set IDP metadata
+ idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator));
- idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
-
- NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
-
- idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
-
- idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+ //set SP metadata for interfederation
+ idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator));
DocumentBuilder builder;
DocumentBuilderFactory factory = DocumentBuilderFactory
@@ -243,9 +162,8 @@ public class MetadataAction implements IAction {
sw.close();
String metadataXML = sw.toString();
-
- System.out.println("METADATA: " + metadataXML);
-
+ Logger.debug("METADATA: " + metadataXML);
+
httpResp.setContentType("text/xml");
httpResp.getOutputStream().write(metadataXML.getBytes());
@@ -268,4 +186,228 @@ public class MetadataAction implements IAction {
return (PVP2XProtocol.METADATA);
}
+ private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {
+
+ Logger.debug("Set SP Metadata key information");
+
+ SPSSODescriptor spSSODescriptor = SAML2Utils
+ .createSAMLObject(SPSSODescriptor.class);
+
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setWantAssertionsSigned(true);
+
+
+ //Set AuthRequest Signing certificate
+ X509Credential authcredential = CredentialProvider.getIDPAssertionSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+ spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+
+ //set AuthRequest encryption certificate
+
+ X509Credential authEncCredential = CredentialProvider.getIDPAssertionEncryptionCredential();
+
+ if (authEncCredential != null) {
+ KeyDescriptor encryKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
+ encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
+ spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
+
+ } else {
+ Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+
+ }
+
+ NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
+
+ NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
+
+ NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
+
+ //add assertion consumer services
+ AssertionConsumerService postassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postassertionConsumerService.setIsDefault(true);
+ spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ AssertionConsumerService redirectassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ redirectassertionConsumerService.setIndex(1);
+ redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ redirectassertionConsumerService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
+
+
+ //add SLO descriptor
+// SingleLogoutService postSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// postSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// postSLOService
+// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+// spSSODescriptor.getSingleLogoutServices().add(postSLOService);
+//
+// SingleLogoutService redirectSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// redirectSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// redirectSLOService
+// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+// spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
+
+
+ spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ AttributeConsumingService attributeService =
+ SAML2Utils.createSAMLObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "de"));
+ attributeService.getNames().add(serviceName);
+
+ return spSSODescriptor;
+ }
+
+ private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {
+
+
+// //set SignatureMethode
+// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE);
+//
+// //set DigestMethode
+// List<ContentReference> contentList = signature.getContentReferences();
+// for (ContentReference content : contentList) {
+//
+// if (content instanceof SAMLObjectContentReference) {
+//
+// SAMLObjectContentReference el = (SAMLObjectContentReference) content;
+// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE);
+//
+// }
+// }
+
+
+// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
+// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
+// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
+// signature.setKeyInfo(metadataKeyInfo );
+
+
+ IDPSSODescriptor idpSSODescriptor = SAML2Utils
+ .createSAMLObject(IDPSSODescriptor.class);
+
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
+ if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
+ //add SSO descriptor
+ SingleSignOnService postSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+ postSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ idpSSODescriptor.getSingleSignOnServices().add(
+ postSingleSignOnService);
+
+ //add SLO descriptor
+// SingleLogoutService postSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// postSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// postSLOService
+// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+// idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
+
+ }
+
+ if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
+ //add SSO descriptor
+ SingleSignOnService redirectSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+ redirectSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ redirectSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ idpSSODescriptor.getSingleSignOnServices().add(
+ redirectSingleSignOnService);
+
+ //add SLO descriptor
+// SingleLogoutService redirectSLOService =
+// SAML2Utils.createSAMLObject(SingleLogoutService.class);
+// redirectSLOService.setLocation(PVPConfiguration
+// .getInstance().getIDPSSOPostService());
+// redirectSLOService
+// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+// idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
+ }
+
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ ArtifactResolutionService artifactResolutionService = SAML2Utils
+ .createSAMLObject(ArtifactResolutionService.class);
+
+ artifactResolutionService
+ .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ artifactResolutionService.setLocation(PVPConfiguration
+ .getInstance().getIDPResolveSOAPService());
+
+ artifactResolutionService.setIndex(0);
+
+ idpSSODescriptor.getArtifactResolutionServices().add(
+ artifactResolutionService);
+ }*/
+
+ //set assertion signing key
+ Credential assertionSigingCredential = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential));
+ idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
+ return idpSSODescriptor;
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e81b23d41..863bfe501 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,8 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import iaik.pkcs.pkcs11.objects.Object;
-
+import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@@ -31,11 +30,17 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
@@ -45,32 +50,53 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.security.SecurityPolicyException;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.signature.SignableXMLObject;
+
+import edu.emory.mathcs.backport.java.util.Arrays;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
@@ -81,18 +107,29 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String POST = "Post";
public static final String SOAP = "Soap";
public static final String METADATA = "Metadata";
+ public static final String ATTRIBUTEQUERY = "AttributeQuery";
+ public static final String SINGLELOGOUT = "SingleLogOut";
private static List<IDecoder> decoder = new ArrayList<IDecoder>();
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
+ });
+
static {
decoder.add(new PostBinding());
decoder.add(new RedirectBinding());
+ decoder.add(new SoapBinding());
actions.put(REDIRECT, new AuthenticationAction());
actions.put(POST, new AuthenticationAction());
actions.put(METADATA, new MetadataAction());
+ actions.put(ATTRIBUTEQUERY, new AttributQueryAction());
+ actions.put(SINGLELOGOUT, new SingleLogOutAction());
//TODO: insert getArtifact action
@@ -133,7 +170,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public PVP2XProtocol() {
super();
}
-
+
public IRequest preProcess(HttpServletRequest request,
HttpServletResponse response, String action) throws MOAIDException {
@@ -147,6 +184,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if(METADATA.equals(action)) {
return new PVPTargetConfiguration();
+
}
IDecoder decoder = findDecoder(action, request);
@@ -154,103 +192,88 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
try {
- PVPTargetConfiguration config = new PVPTargetConfiguration();
-
-
- MOARequest moaRequest = decoder.decodeRequest(request, response);
-
- RequestAbstractType samlReq = moaRequest.getSamlRequest();
-
- //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
- //Logger.info("SAML : " + xml);
-
- if(!moaRequest.isVerified()) {
- SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
- moaRequest.setVerified(true);
- }
-
- if(!(samlReq instanceof AuthnRequest)) {
- throw new MOAIDException("Unsupported request", new Object[] {});
- }
-
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
- if(metadata == null) {
- throw new NoMetadataInformationException();
- }
- SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ InboundMessage msg = (InboundMessage) decoder.decode(request, response);
- AuthnRequest authnRequest = (AuthnRequest)samlReq;
-
- Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
- int assertionidx = 0;
-
- if(aIdx != null) {
- assertionidx = aIdx.intValue();
+ if (MiscUtil.isEmpty(msg.getEntityID())) {
+ throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
- } else {
- assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
}
- aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int attributeIdx = 0;
-
- if(aIdx != null) {
- attributeIdx = aIdx.intValue();
+ if(!msg.isVerified()) {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ msg.setVerified(true);
+
}
+
+ if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
+ return preProcessAuthRequest(request, response, (MOARequest) msg);
- AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
+ return preProcessAttributQueryRequest(request, response, (MOARequest) msg);
+
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
+ return preProcessLogOut(request, response, (MOARequest) msg);
- AttributeConsumingService attributeConsumer = null;
+ else if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof LogoutResponse)
+ return preProcessLogOut(request, response, (MOARequest) msg);
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
- attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- }
+ else if (msg instanceof MOAResponse) {
+ //load service provider AuthRequest from session
+
+ IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
+ if (obj instanceof RequestImpl) {
+ RequestImpl iReqSP = (RequestImpl) obj;
+
+ MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+
+ if ( processedMsg != null ) {
+ iReqSP.setInterfederationResponse(processedMsg);
+
+ } else {
+ Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."
+ +". Switch back local authentication process ...");
- String oaURL = moaRequest.getEntityMetadata().getEntityID();
- String binding = consumerService.getBinding();
-// String entityID = moaRequest.getEntityMetadata().getEntityID();
-
- Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
-
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- config.setOAURL(oaURL);
- config.setBinding(binding);
- config.setRequest(moaRequest);
- config.setConsumerURL(consumerService.getLocation());
+ SSOManager ssomanager = SSOManager.getInstance();
+ ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+
+ iReqSP.setRequestedIDP(null);
- String useMandate = request.getParameter(PARAM_USEMANDATE);
- if(useMandate != null) {
- if(useMandate.equals("true") && attributeConsumer != null) {
- if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
- throw new MandateAttributesNotHandleAbleException();
}
+
+ return iReqSP;
+
}
- }
- //validate AuthnRequest
- try {
- AuthnRequestValidator.validate((AuthnRequestImpl) samlReq);
-
- } catch (AuthnRequestValidatorException e) {
- if (generateErrorMessage(e, request, response, config)) {
- throw new AuthnRequestValidatorException(e.getMessage(),
- new Object[] {}, config);
-
- } else {
- throw new MOAIDException(e.getMessage(), new Object[] {});
-
- }
+ Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type.");
+ return null;
+
+ } else {
+ Logger.error("Receive unsupported PVP21 message");
+ throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
}
-
- //request.getSession().setAttribute(PARAM_OA, oaURL);
- return config;
-
} catch (PVP2Exception e) {
throw e;
+
+ } catch (SecurityPolicyException e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (SecurityException e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
+ } catch (InvalidProtocolRequestException e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw e;
} catch (Throwable e) {
String samlRequest = request.getParameter("SAMLRequest");
@@ -278,6 +301,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
Status status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+ String moaError = null;
+
if(e instanceof NoPassivAuthenticationException) {
statusCode.setValue(StatusCode.NO_PASSIVE_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
@@ -285,6 +312,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
} else if (e instanceof NameIDFormatNotSupportedException) {
statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+
+ } else if (e instanceof SLOException) {
+ //SLOExecpetions only occurs if session information is lost
+ return false;
} else if(e instanceof PVP2Exception) {
PVP2Exception ex = (PVP2Exception) e;
@@ -292,11 +323,20 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
String statusMessageValue = ex.getStatusMessageValue();
if(statusMessageValue != null) {
statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
- }
+ }
+ moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
} else {
statusCode.setValue(StatusCode.RESPONDER_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+ moaError = errorUtils.getResponseErrorCode(e);
+ }
+
+
+ if (MiscUtil.isNotEmpty(moaError)) {
+ StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ moaStatusCode.setValue(moaError);
+ statusCode.setStatusCode(moaStatusCode);
}
status.setStatusCode(statusCode);
@@ -306,16 +346,27 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
samlResponse.setStatus(status);
String remoteSessionID = SAML2Utils.getSecureIdentifier();
samlResponse.setID(remoteSessionID);
-
+
+ samlResponse.setIssueInstant(new DateTime());
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ samlResponse.setIssuer(nissuer);
+
IEncoder encoder = null;
- if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
encoder = new RedirectBinding();
- } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
// TODO: not supported YET!!
//binding = new ArtifactBinding();
+
} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
encoder = new PostBinding();
+
+ } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
+ encoder = new SoapBinding();
}
if(encoder == null) {
@@ -340,8 +391,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
HttpServletResponse response) {
if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
return getAction(REDIRECT);
+
} else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
return getAction(POST);
+
}
if(METADATA.equals(request.getParameter("action"))) {
@@ -352,8 +405,240 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public boolean validate(HttpServletRequest request,
HttpServletResponse response, IRequest pending) {
- // TODO implement validation!
+
return true;
}
+
+ /**
+ * PreProcess Single LogOut request
+ * @param request
+ * @param response
+ * @param msg
+ * @return
+ * @throws MOAIDException
+ */
+ private IRequest preProcessLogOut(HttpServletRequest request,
+ HttpServletResponse response, MOARequest msg) throws MOAIDException {
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+ if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) {
+ //preProcess single logout request from service provider
+
+ EntityDescriptor metadata = msg.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+
+
+
+ String oaURL = metadata.getEntityID();
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
+
+ config.setOAURL(oaURL);
+ config.setBinding(msg.getRequestBinding());
+
+
+ } else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) {
+ //preProcess single logour response from service provider
+
+ LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest());
+
+ Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
+
+ if (!resp.getDestination().startsWith(
+ PVPConfiguration.getInstance().getIDPPublicPath())) {
+ Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
+ throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
+
+ }
+
+ //TODO: check if relayState exists
+ msg.getRelayState();
+
+
+ } else
+ throw new MOAIDException("Unsupported request", new Object[] {});
+
+
+ config.setRequest(msg);
+ config.setAction(SINGLELOGOUT);
+ return config;
+ }
+
+ /**
+ * PreProcess AttributeQuery request
+ * @param request
+ * @param response
+ * @param moaRequest
+ * @return
+ * @throws Throwable
+ */
+ private IRequest preProcessAttributQueryRequest(HttpServletRequest request,
+ HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+
+ AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
+ moaRequest.setEntityID(attrQuery.getIssuer().getValue());
+
+ //validate destination
+ String destinaten = attrQuery.getDestination();
+ if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) {
+ Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
+ throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
+
+ }
+
+ //check if Issuer is an interfederation IDP
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID());
+ if (!oa.isInderfederationIDP()) {
+ Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
+ throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
+
+ }
+
+ if (!oa.isOutboundSSOInterfederationAllowed()) {
+ Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
+ throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
+
+ }
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+ config.setRequest(moaRequest);
+ config.setOAURL(moaRequest.getEntityID());
+ config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+
+ return config;
+ }
+
+ /**
+ * PreProcess Authn request
+ * @param request
+ * @param response
+ * @param moaRequest
+ * @return
+ * @throws Throwable
+ */
+ private IRequest preProcessAuthRequest(HttpServletRequest request,
+ HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+
+ SignableXMLObject samlReq = moaRequest.getSamlRequest();
+
+ if(!(samlReq instanceof AuthnRequest)) {
+ throw new MOAIDException("Unsupported request", new Object[] {});
+ }
+
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+ SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ AuthnRequest authnRequest = (AuthnRequest)samlReq;
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int assertionidx = 0;
+
+ if(aIdx != null) {
+ assertionidx = aIdx.intValue();
+
+ } else {
+ assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+ }
+
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
+
+ if(aIdx != null) {
+ attributeIdx = aIdx.intValue();
+ }
+
+ AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+
+ AttributeConsumingService attributeConsumer = null;
+
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+ attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+ }
+
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+ String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String binding = consumerService.getBinding();
+
+ Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding);
+
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ config.setOAURL(oaURL);
+ config.setBinding(binding);
+ config.setRequest(moaRequest);
+ config.setConsumerURL(consumerService.getLocation());
+
+ //parse AuthRequest
+ AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
+ config.setPassiv(authReq.isPassive());
+ config.setForce(authReq.isForceAuthn());
+
+ //validate AuthnRequest
+ AuthnRequestValidator.validate(authReq);
+
+ String useMandate = request.getParameter(PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true") && attributeConsumer != null) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ throw new MandateAttributesNotHandleAbleException();
+ }
+ }
+ }
+
+ return config;
+ }
+
+ /**
+ * PreProcess AuthResponse and Assertion
+ * @param msg
+ */
+ private MOAResponse preProcessAuthResponse(MOAResponse msg) {
+ Logger.debug("Start PVP21 assertion processing... ");
+ Response samlResp = msg.getResponse();
+
+ try {
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ //validate PVP 2.1 assertion
+ SAMLVerificationEngine.validateAssertion(samlResp, true);
+
+ msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+ return msg;
+
+ } else {
+ Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
+ + " from interfederated IDP.");
+
+ }
+
+ } catch (IOException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (MarshallingException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (TransformerException e) {
+ Logger.warn("Interfederation response marshaling FAILED.", e);
+
+ } catch (AssertionValidationExeption e) {
+ //error is already logged, to nothing
+ }
+
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 7946c7596..47c297914 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -27,6 +27,8 @@ import org.opensaml.xml.signature.SignatureConstants;
public interface PVPConstants {
+ public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
+
public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
@@ -39,6 +41,8 @@ public interface PVPConstants {
public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3";
public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+ public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/";
+
public static final String URN_OID_PREFIX = "urn:oid:";
public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index b3887a444..65da23565 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,22 +22,41 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.AuthnRequestImpl;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.logging.Logger;
public class PVPTargetConfiguration extends RequestImpl {
private static final long serialVersionUID = 4889919265919638188L;
- MOARequest request;
+ InboundMessage request;
String binding;
String consumerURL;
-
- public MOARequest getRequest() {
+
+ public InboundMessage getRequest() {
return request;
}
- public void setRequest(MOARequest request) {
+ public void setRequest(InboundMessage request) {
this.request = request;
}
@@ -55,6 +74,67 @@ public class PVPTargetConfiguration extends RequestImpl {
public void setConsumerURL(String consumerURL) {
this.consumerURL = consumerURL;
+
}
-
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+
+ Map<String, String> reqAttr = new HashMap<String, String>();
+ for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+ reqAttr.put(el, "");
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+
+ SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+
+ Integer aIdx = null;
+ if (getRequest() instanceof MOARequest &&
+ ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
+ AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+
+ } else {
+ Logger.error("MOARequest is NOT of type AuthnRequest");
+ }
+
+ int idx = 0;
+
+ AttributeConsumingService attributeConsumingService = null;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ } else {
+ List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+ for (AttributeConsumingService el : attrConsumingServiceList) {
+ if (el.isDefault())
+ attributeConsumingService = el;
+ }
+ }
+
+ for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+ reqAttr.put(attr.getName(), "");
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+
+ } catch (NoMetadataInformationException e) {
+ Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+ return null;
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
new file mode 100644
index 000000000..c67d10ab7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -0,0 +1,361 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationContainer;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutAction implements IAction {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
+
+ if (pvpReq.getRequest() instanceof MOARequest) {
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ if (samlReq.getSamlRequest() instanceof LogoutRequest) {
+ Logger.debug("Process Single LogOut request");
+ LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+
+ AuthenticationSession session =
+ AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID(
+ logOutReq.getIssuer().getValue(),
+ logOutReq.getNameID().getValue());
+
+ if (session == null) {
+ Logger.warn("Can not find active SSO session with nameID "
+ + logOutReq.getNameID().getValue() + " and OA "
+ + logOutReq.getIssuer().getValue());
+ Logger.info("Search active SSO session with SSO session cookie");
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoID = ssomanager.getSSOSessionID(httpReq);
+ if (MiscUtil.isEmpty(ssoID)) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ } else {
+ String moasession = ssomanager.getMOASession(ssoID);
+ try {
+ session = AuthenticationSessionStoreage.getSession(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+ }
+ }
+
+ //store active OAs to SLOContaine
+ List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session);
+ SLOInformationContainer sloContainer = new SLOInformationContainer();
+ sloContainer.setSloRequest(pvpReq);
+ sloContainer.parseActiveOAs(dbOAs, logOutReq.getIssuer().getValue());
+
+ //terminate MOASession
+ try {
+ AuthenticationSessionStoreage.destroySession(session.getSessionID());
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Delete MOASession FAILED.");
+ sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix());
+
+ }
+
+ //start service provider back channel logout process
+ Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
+ while (nextOAInterator.hasNext()) {
+ SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+
+ try {
+ List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+
+ LogoutResponse sloResp = null;
+ for (XMLObject el : soapResp) {
+ if (el instanceof LogoutResponse)
+ sloResp = (LogoutResponse) el;
+ }
+
+ if (sloResp == null) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED. NO LogOut response received.");
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+
+ checkStatusCode(sloContainer, sloResp);
+
+ } catch (SOAPException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ } catch (SecurityException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+ }
+
+ //start service provider front channel logout process
+ try {
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+
+ } else if (samlReq.getSamlRequest() instanceof LogoutResponse) {
+ Logger.debug("Process Single LogOut response");
+ LogoutResponse logOutResp = (LogoutResponse) samlReq.getSamlRequest();
+
+ try {
+ if (MiscUtil.isEmpty(samlReq.getRelayState())) {
+ Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
+ + " has no SAML2 RelayState.");
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ SLOInformationContainer sloContainer =
+ AssertionStorage.getInstance().get(samlReq.getRelayState(), SLOInformationContainer.class);
+ checkStatusCode(sloContainer, logOutResp);
+ sloContainer.removeFrontChannelOA(logOutResp.getIssuer().getValue());
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type MOARequest.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return PVP2XProtocol.SINGLELOGOUT;
+ }
+
+ private void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) {
+ Status status = logOutResp.getStatus();
+ if (!status.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+ Logger.warn("Single LogOut for OA " + logOutResp.getIssuer().getValue()
+ + " FAILED. (ResponseCode: " + status.getStatusCode().getValue()
+ + " Message: " + status.getStatusMessage().getMessage() + ")");
+ sloContainer.putFailedOA(logOutResp.getIssuer().getValue());
+
+ } else
+ Logger.debug("Single LogOut for OA " + logOutResp.getIssuer().getValue() + " SUCCESS");
+
+ }
+
+ private void doFrontChannelLogOut(SLOInformationContainer sloContainer,
+ HttpServletRequest httpReq, HttpServletResponse httpResp
+ ) throws MOAIDException, MOADatabaseException {
+ String nextOA = sloContainer.getNextFrontChannelOA();
+ if (MiscUtil.isNotEmpty(nextOA)) {
+ SLOInformationImpl sloDescr = sloContainer.getFrontChannelOASessionDescripten(nextOA);
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+ String relayState = Random.nextRandom();
+
+ AssertionStorage.getInstance().put(relayState, sloContainer);
+
+ sendFrontChannelSLOMessage(sloDescr.getServiceURL(), sloDescr.getBinding(),
+ sloReq, httpReq, httpResp, relayState);
+
+ } else {
+ //send SLO response to SLO request issuer
+ PVPTargetConfiguration pvpReq = sloContainer.getSloRequest();
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+
+ }
+ }
+
+ /**
+ * @param serviceURL
+ * @param binding
+ * @param sloReq
+ * @param httpReq
+ * @param httpResp
+ * @param relayState
+ */
+ private void sendFrontChannelSLOMessage(String serviceURL, String bindingType,
+ RequestAbstractType sloReq, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (bindingType.equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (bindingType.equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(bindingType);
+ }
+
+ try {
+ binding.encodeRequest(httpReq, httpResp, sloReq,
+ serviceURL, relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+
+ private void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
+ LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
+ String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ try {
+ binding.encodeRespone(req, resp, sloResp,
+ consumerService.getLocation(), relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index 43a17af23..8691667f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -43,13 +43,14 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
public class ArtifactBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
}
@@ -100,23 +101,21 @@ public class ArtifactBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
return null;
}
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- return null;
- }
public boolean handleDecode(String action, HttpServletRequest req) {
return false;
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_ARTIFACT_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index b64b28de8..fb17c02b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -29,15 +29,14 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
public interface IDecoder {
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp)
throws MessageDecodingException, SecurityException, PVP2Exception;
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp)
- throws MessageDecodingException, SecurityException, PVP2Exception;
-
+
public boolean handleDecode(String action, HttpServletRequest req);
+
+ public String getSAML2BindingName();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index f7dfd055c..de5548a44 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -34,7 +34,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
public interface IEncoder {
public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation)
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException, PVP2Exception;
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
index 1d6b227d6..6080f8a33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -26,9 +26,22 @@ import org.opensaml.common.binding.decoding.URIComparator;
public class MOAURICompare implements URIComparator {
- public boolean compare(String uri1, String uri2) {
- // TODO: implement proper equalizer for rewritten URLS
- return true;
+ /**
+ * @param idpssoPostService
+ */
+
+ private String serviceURL = "";
+
+ public MOAURICompare(String serviceURL) {
+ this.serviceURL = serviceURL;
+ }
+
+ public boolean compare(String uri1, String uri2) {
+ if (this.serviceURL.equals(uri1))
+ return true;
+
+ else
+ return false;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 11e280d8f..a2fe5c01b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -34,7 +34,9 @@ import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -47,6 +49,14 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -56,10 +66,38 @@ import at.gv.egovernment.moa.logging.Logger;
public class PostBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
- // TODO Auto-generated method stub
+
+ try {
+ X509Credential credentials = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html");
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(targetLocation);;
+
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+ encoder.encode(context);
+
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -100,63 +138,63 @@ public class PostBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
- decode.setURIComparator(new MOAURICompare());
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+ try {
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+
+ } catch (ConfigurationException e) {
+ throw new SecurityException(e);
+ }
+
+ decode.decode(messageContext);
+
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- decode.decode(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
-
+ InboundMessage msg = null;
+
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new MOARequest(inboundMessage, getSAML2BindingName());
+
+ } else if (messageContext.getInboundMessage() instanceof Response){
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+ msg = new MOAResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
- request.setVerified(false);
+ msg.setVerified(false);
+ decode.decode(messageContext);
if (messageContext.getPeerEntityMetadata() != null)
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
else
- Logger.info("No Metadata found for OA with EntityID " + inboundMessage.getIssuer().getValue());
+ Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
- request.setRelayState(messageContext.getRelayState());
- return request;
-
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- decode.decode(messageContext);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
-
- MOAResponse moaResponse = new MOAResponse(inboundMessage);
- moaResponse.setVerified(false);
- moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
- return moaResponse;
-
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
}
public boolean handleDecode(String action, HttpServletRequest req) {
- return (req.getMethod().equals("POST"));
+ return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
+ }
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_POST_BINDING_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index dc6a1f637..8fba6cde0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -50,7 +51,13 @@ import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.X509Credential;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -61,9 +68,34 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
- // TODO: implement
+
+ try {
+ X509Credential credentials = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ Logger.debug("create SAML RedirectBinding response");
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -85,10 +117,10 @@ public class RedirectBinding implements IDecoder, IEncoder {
service.setLocation(targetLocation);
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
- // context.setOutboundMessage(authReq);
context.setOutboundSAMLMessage(response);
context.setOutboundMessageTransport(responseAdapter);
-
+ context.setRelayState(relayState);
+
encoder.encode(context);
} catch (CredentialsNotAvailableException e) {
e.printStackTrace();
@@ -96,84 +128,80 @@ public class RedirectBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
- decode.setURIComparator(new MOAURICompare());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
-
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
+ try {
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- messageContext.setSecurityPolicyResolver(resolver);
+ } catch (ConfigurationException e) {
+ throw new SecurityException(e);
+
+ }
- decode.decode(messageContext);
-
- signatureRule.evaluate(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
- request.setVerified(true);
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
- return request;
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ decode.decode(messageContext);
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- // signatureRule.evaluate(messageContext);
+ SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
BasicSecurityPolicy policy = new BasicSecurityPolicy();
policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ policy);
messageContext.setSecurityPolicyResolver(resolver);
- MOAMetadataProvider provider = null;
-
- provider = MOAMetadataProvider.getInstance();
+
+ InboundMessage msg = null;
+
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new MOARequest(inboundMessage, getSAML2BindingName());
+
+
+ } else if (messageContext.getInboundMessage() instanceof Response){
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+ msg = new MOAResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
- messageContext.setMetadataProvider(provider);
+ signatureRule.evaluate(messageContext);
+ msg.setVerified(true);
decode.decode(messageContext);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
-
- MOAResponse moaResponse = new MOAResponse(inboundMessage);
- moaResponse.setVerified(true);
- moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
- return moaResponse;
+ if (messageContext.getPeerEntityMetadata() != null)
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else
+ Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
}
public boolean handleDecode(String action, HttpServletRequest req) {
return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
.equals("GET"));
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 1d41654eb..75332cfea 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -22,6 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -33,51 +35,68 @@ import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
+import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignableXMLObject;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
public class SoapBinding implements IDecoder, IEncoder {
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException, PVP2Exception {
- HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
- new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(
req));
+
soapDecoder.decode(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+
+ Envelope inboundMessage = (Envelope) messageContext
.getInboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
+ if (inboundMessage.getBody() != null) {
+ List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
- return request;
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException, PVP2Exception {
- throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response");
+ if (!xmlElemList.isEmpty()) {
+ SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
+ MOARequest request = new MOARequest(attrReq, getSAML2BindingName());
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ request.setVerified(false);
+ return request;
+
+ }
+ }
+
+ Logger.error("Receive empty PVP 2.1 attributequery request.");
+ throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
}
public boolean handleDecode(String action, HttpServletRequest req) {
- return (action.equals(PVP2XProtocol.SOAP));
+ return (req.getMethod().equals("POST") &&
+ (action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
}
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException, PVP2Exception {
}
@@ -103,5 +122,9 @@ public class SoapBinding implements IDecoder, IEncoder {
throw new SecurityException(e);
}
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_SOAP11_BINDING_URI;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
new file mode 100644
index 000000000..6296d102f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.impl.AttributeQueryBuilder;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryBuilder {
+
+ public static List<Attribute> buildSAML2AttributeList(OAAuthParameter oa, Iterator<String> iterator) {
+
+ Logger.debug("Build OA specific Attributes for AttributQuery request");
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+
+ SamlAttributeGenerator generator = new SamlAttributeGenerator();
+
+ while(iterator.hasNext()) {
+ String rA = iterator.next();
+ Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(rA);
+ if (attr == null) {
+ Logger.warn("Attribut " + rA + " has no valid Name");
+
+ } else {
+ //add OA specific information
+ if (rA.equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ if (oa.getBusinessService())
+ attr = generator.buildStringAttribute(attr.getFriendlyName(),
+ attr.getName(), oa.getIdentityLinkDomainIdentifier());
+ else
+ attr = generator.buildStringAttribute(attr.getFriendlyName(),
+ attr.getName(), Constants.URN_PREFIX_CDID + "+" + oa.getTarget());
+ }
+
+ //TODO: add attribute values for SSO with mandates (ProfileList)
+
+
+ attrList.add(attr);
+ }
+ }
+
+ return attrList;
+ }
+
+
+ public static AttributeQuery buildAttributQueryRequest(String nameID,
+ String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
+
+
+ try {
+
+ AttributeQuery query = new AttributeQueryBuilder().buildObject();
+
+ //set user nameID
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setValue(nameID);
+ subjectNameID.setFormat(NameID.TRANSIENT);
+ subject.setNameID(subjectNameID);
+ query.setSubject(subject);
+
+ //set attributes
+ query.getAttributes().addAll(requestedAttributes);
+
+ //set general request parameters
+ DateTime now = new DateTime();
+ query.setIssueInstant(now);
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ query.setIssuer(nissuer);
+
+ String sessionID = SAML2Utils.getSecureIdentifier();
+ query.setID(sessionID);
+
+ query.setDestination(endpoint);
+
+ X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential();
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(idpSigningCredential);
+ query.setSignature(signer);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(query);
+ out.marshall(query, document);
+
+ Signer.signObject(signer);
+
+ return query;
+
+ } catch (ConfigurationException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (CredentialsNotAvailableException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (ParserConfigurationException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (MarshallingException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ } catch (SignatureException e) {
+ Logger.error("Build AttributQuery Request FAILED.", e);
+ throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
+
+ }
+
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
new file mode 100644
index 000000000..4ef09184d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.encryption.Encrypter;
+import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.xml.encryption.EncryptionException;
+import org.opensaml.xml.encryption.EncryptionParameters;
+import org.opensaml.xml.encryption.KeyEncryptionParameters;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.x509.X509Credential;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthResponseBuilder {
+
+ public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException {
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ //change to entity value from entity name to IDP EntityID (URL)
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ authResponse.setIssuer(nissuer);
+ authResponse.setInResponseTo(req.getID());
+
+ //set responseID
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
+ authResponse.setID(remoteSessionID);
+
+
+ //SAML2 response required IssueInstant
+ authResponse.setIssueInstant(date);
+
+ authResponse.setStatus(SAML2Utils.getSuccessStatus());
+
+ //check, if metadata includes an encryption key
+ MetadataCredentialResolver mdCredResolver =
+ new MetadataCredentialResolver(MOAMetadataProvider.getInstance());
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
+
+ X509Credential encryptionCredentials = null;
+ try {
+ encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
+
+ } catch (SecurityException e2) {
+ Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
+ throw new InvalidAssertionEncryptionException();
+
+ }
+
+ boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive();
+ if (encryptionCredentials != null && isEncryptionActive) {
+ //encrypt SAML2 assertion
+
+ try {
+
+ EncryptionParameters dataEncParams = new EncryptionParameters();
+ dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
+
+ List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
+ KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
+
+ keyEncParam.setEncryptionCredential(encryptionCredentials);
+ keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
+ KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
+ .getKeyInfoGeneratorManager().getDefaultManager()
+ .getFactory(encryptionCredentials);
+ keyEncParam.setKeyInfoGenerator(kigf.newInstance());
+ keyEncParamList.add(keyEncParam);
+
+ Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
+ //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
+ samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
+
+ EncryptedAssertion encryptAssertion = null;
+
+ encryptAssertion = samlEncrypter.encrypt(assertion);
+
+ authResponse.getEncryptedAssertions().add(encryptAssertion);
+
+ } catch (EncryptionException e1) {
+ Logger.warn("Can not encrypt the PVP2 assertion", e1);
+ throw new InvalidAssertionEncryptionException();
+
+ }
+
+ } else {
+ authResponse.getAssertions().add(assertion);
+
+ }
+
+ return authResponse;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 39e35120c..8b6e71e6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -29,9 +29,8 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
@@ -150,11 +149,11 @@ public class PVPAttributeBuilder {
addBuilder(new STORKTitleAttributBuilder());
}
- public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam,
- AuthenticationData authData) throws PVP2Exception {
+ public static Attribute buildAttribute(String name, OAAuthParameter oaParam,
+ IAuthData authData) throws PVP2Exception {
if (builders.containsKey(name)) {
try {
- return builders.get(name).build(authSession, oaParam, authData, generator);
+ return builders.get(name).build(oaParam, authData, generator);
}
catch (AttributeException e) {
if (e instanceof UnavailableAttributeException) {
@@ -171,6 +170,22 @@ public class PVPAttributeBuilder {
return null;
}
+ public static Attribute buildEmptyAttribute(String name) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+ public static Attribute buildAttribute(String name, String value) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+
+
public static List<Attribute> buildSupportedEmptyAttributes() {
List<Attribute> attributes = new ArrayList<Attribute>();
Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
new file mode 100644
index 000000000..04d374e93
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutBuilder {
+
+ public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException {
+ LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloReq.setIssuer(issuer);
+ sloReq.setIssueInstant(new DateTime());
+
+ sloReq.setDestination(sloInfo.getServiceURL());
+
+ NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
+ nameID.setFormat(sloInfo.getUserNameIDFormat());
+ nameID.setValue(sloInfo.getUserNameIdentifier());
+ sloReq.setNameID(nameID );
+
+ return sloReq;
+ }
+
+ public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+ sloResp.setStatus(status);
+ return sloResp;
+ }
+
+ public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+
+ Status status;
+ if (failedOAs == null || failedOAs.size() == 0) {
+ status = SAML2Utils.getSuccessStatus();
+
+ } else {
+ status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+
+ }
+ sloResp.setStatus(status);
+ return sloResp;
+
+ }
+
+ public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
+ try {
+ EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
+ && (
+ (sloService != null && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)
+ && (
+ (sloService != null
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+ }
+
+ if (sloService == null) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+
+ }
+ return sloService;
+
+ } catch (MetadataProviderException e) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+
+ }
+
+ public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+ MOARequest moaReq = (MOARequest) spRequest.getRequest();
+ EntityDescriptor metadata = moaReq.getEntityMetadata();
+ SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(spRequest.getBinding()))
+ sloService = el;
+ }
+ if (sloService == null && spsso.getSingleLogoutServices().size() != 0)
+ sloService = spsso.getSingleLogoutServices().get(0);
+
+ else {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+ return sloService;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 9def5d22c..4d6343fce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
import java.security.MessageDigest;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -30,6 +31,7 @@ import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
@@ -53,29 +55,28 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.w3c.dom.Element;
-import edu.emory.mathcs.backport.java.util.Arrays;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.id.util.QAALevelVerifier;
@@ -83,12 +84,65 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
+
+ public static Assertion buildAssertion(AttributeQuery attrQuery,
+ List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
+
+
+ AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+ if (reqAttributes != null) {
+ Iterator<String> it = reqAttributes.iterator();
+ while (it.hasNext()) {
+ String reqAttributName = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttributName, null, authData);
+ if (attr == null) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } else {
+ attrList.add(attr);
+
+ }
+
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttributName);
+
+ }
+ }
+ }
+
+
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
+ subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
+
+ SubjectConfirmationData subjectConfirmationData = null;
+
+ return buildGenericAssertion(attrQuery.getIssuer().getValue(), date,
+ authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
public static Assertion buildAssertion(AuthnRequest authnRequest,
- AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService)
+ IAuthData authData, EntityDescriptor peerEntity, DateTime date,
+ AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
RequestedAuthnContext reqAuthnContext = authnRequest
.getRequestedAuthnContext();
@@ -101,7 +155,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
peerEntity.getEntityID());
if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
@@ -112,7 +166,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (reqAuthnContextClassRefIt.size() == 0) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_1_4);
stork_qaa_1_4_found = true;
@@ -126,20 +180,20 @@ public class PVP2AssertionBuilder implements PVPConstants {
|| qaa_uri.trim().equals(STORK_QAA_1_2)
|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
- if (authSession.isForeigner()) {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ if (authData.isForeigner()) {
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
STORK_QAA_PREFIX + oaParam.getQaaLevel());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
} else {
- QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ QAALevelVerifier.verifyQAALevel(authData.getQAALevel(),
qaa_uri.trim());
stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
}
break;
@@ -152,33 +206,13 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- AuthnContext authnContext = SAML2Utils
- .createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
-
- AuthnStatement authnStatement = SAML2Utils
- .createSAMLObject(AuthnStatement.class);
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authnStatement.setAuthnInstant(date);
- // currently dummy id ...
- authnStatement.setSessionIndex(remoteSessionID);
- authnStatement.setAuthnContext(authnContext);
- assertion.getAuthnStatements().add(authnStatement);
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AttributeStatement attributeStatement = SAML2Utils
- .createSAMLObject(AttributeStatement.class);
-
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-
- AuthenticationData authData = AuthenticationServer
- .buildAuthenticationData(authSession, oaParam,
- oaParam.getTarget());
-
+
//add Attributes to Assertion
+ List<Attribute> attrList = new ArrayList<Attribute>();
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -199,22 +233,22 @@ public class PVP2AssertionBuilder implements PVPConstants {
attributeConsumingService = el;
}
}
-
- if (attributeConsumingService != null) {
+
+ if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
while (it.hasNext()) {
RequestedAttribute reqAttribut = it.next();
try {
Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), authSession, oaParam, authData);
+ reqAttribut.getName(), oaParam, authData);
if (attr == null) {
if (reqAttribut.isRequired()) {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
} else {
- attributeStatement.getAttributes().add(attr);
+ attrList.add(attr);
}
} catch (PVP2Exception e) {
Logger.error(
@@ -224,19 +258,26 @@ public class PVP2AssertionBuilder implements PVPConstants {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+
}
}
}
}
- if (attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- //TLenz: set correct bPK Type and Value from AuthData
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ //build nameID and nameID Format from moasession
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAvailableException();
}
@@ -265,7 +306,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
@@ -334,21 +375,68 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
} else
- subjectNameID.setFormat(nameIDFormat);
-
-
- subject.setNameID(subjectNameID);
+ subjectNameID.setFormat(nameIDFormat);
+
- SubjectConfirmation subjectConfirmation = SAML2Utils
- .createSAMLObject(SubjectConfirmation.class);
- subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ String sessionIndex = null;
+
+ //if request is a reauthentication and NameIDFormat match reuse old session information
+ if (MiscUtil.isNotEmpty(authData.getNameID()) &&
+ MiscUtil.isNotEmpty(authData.getNameIDFormat()) &&
+ nameIDFormat.equals(authData.getNameIDFormat())) {
+ subjectNameID.setValue(authData.getNameID());
+ sessionIndex = authData.getSessionIndex();
+
+ } else
+ sessionIndex = SAML2Utils.getSecureIdentifier();
+
SubjectConfirmationData subjectConfirmationData = SAML2Utils
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+
+ //set SLO information
+ sloInformation.setUserNameIdentifier(subjectNameID.getValue());
+ sloInformation.setNameIDFormat(subjectNameID.getFormat());
+ sloInformation.setSessionIndex(sessionIndex);
+
+ return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
+ private static Assertion buildGenericAssertion(String entityID, DateTime date,
+ AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
+ NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
+ String sessionIndex) throws ConfigurationException {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+
+ authnStatement.setAuthnInstant(date);
+ authnStatement.setSessionIndex(sessionIndex);
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getAuthnStatements().add(authnStatement);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+ attributeStatement.getAttributes().addAll(attrList);
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
subject.getSubjectConfirmations().add(subjectConfirmation);
@@ -358,7 +446,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(AudienceRestriction.class);
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
- audience.setAudienceURI(peerEntity.getEntityID());
+ audience.setAudienceURI(entityID);
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(date);
@@ -377,7 +465,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(date);
-
- return assertion;
+
+ return assertion;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
index 648651350..3dd1dd064 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -35,7 +34,7 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder {
return BPK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
String bpk = authData.getBPK();
String type = authData.getBPKType();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
index f3d815e7d..89ec383ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -23,47 +23,31 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.text.DateFormat;
-import java.text.ParseException;
import java.text.SimpleDateFormat;
-import java.util.Date;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
-
- public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-
+
public String getName() {
return BIRTHDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- try {
- DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+
+ if (authData.getDateOfBirth() != null) {
+ DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(authData.getDateOfBirth());
+
+ return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
- if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) {
- Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
- DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
- String dateString = pvpDateFormat.format(date);
+ } else {
+ //build empty attribute if no Birthday date is found (STORK2)
+ return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
- return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
-
- } else {
- //build empty attribute if no Birthday date is found (STORK2)
- return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
-
- }
-
- //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
- }
- catch (ParseException e) {
- e.printStackTrace();
- return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
index 56972248b..ded9e7166 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
@@ -26,9 +26,8 @@ import iaik.util.logging.Log;
import java.io.IOException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -40,11 +39,11 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
return EID_AUTH_BLOCK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
- String authblock = authSession.getAuthBlock();
+ String authblock = authData.getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
Base64Utils.encode(authblock.getBytes()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
index 7179dd090..2df5ec22e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -35,10 +34,10 @@ public class EIDCcsURL implements IPVPAttributeBuilder {
return EID_CCS_URL_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- String bkuurl = authSession.getBkuURL();
+ String bkuurl = authData.getBkuURL();
if (MiscUtil.isNotEmpty(bkuurl))
return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
else
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 02088eea1..365f36594 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,10 +32,17 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder
return EID_CITIZEN_QAA_LEVEL_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
+
+ String qaaLevel = null;
+ if (authData.getQAALevel().startsWith(STORK_QAA_PREFIX))
+ qaaLevel = authData.getQAALevel().substring(STORK_QAA_PREFIX.length());
+ else
+ qaaLevel = authData.getQAALevel();
+
return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
- EID_CITIZEN_QAA_LEVEL_NAME, 4);
+ EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
index 2d86586d2..531369e9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
@@ -24,19 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.io.IOException;
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
@@ -44,36 +36,15 @@ public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
return EID_IDENTITY_LINK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
String ilAssertion = null;
- if (oaParam.getBusinessService()) {
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-
- Element resignedilAssertion;
-
- resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
- .getSamlAssertion());
-
- ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
-
- } else
- ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-
-
return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes()));
- } catch (MOAIDException e) {
- Logger.warn("IdentityLink serialization error.", e);
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
- } catch (TransformerException e) {
- Logger.warn("IdentityLink serialization error.", e);
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
} catch (IOException e) {
Logger.warn("IdentityLink serialization error.", e);
return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
index 39d4d29e7..9b85af9f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -22,16 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import iaik.x509.X509Certificate;
-
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.logging.Logger;
public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,35 +32,9 @@ public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
return EID_ISSUING_NATION_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- String countryCode = "AT";
-
-
- if (authSession.getStorkAuthnRequest() != null) {
- countryCode = authSession.getStorkAuthnRequest()
- .getCitizenCountryCode();
- } else {
-
- //TODO: replace with TSL lookup when TSL is ready!
- X509Certificate certificate = authSession.getSignerCertificate();
-
- if (certificate != null) {
- try {
- LdapName ln = new LdapName(certificate.getIssuerDN()
- .getName());
- for (Rdn rdn : ln.getRdns()) {
- if (rdn.getType().equalsIgnoreCase("C")) {
- Logger.info("C is: " + rdn.getValue());
- countryCode = rdn.getValue().toString();
- break;
- }
- }
- } catch (Exception e) {
- Logger.error("Failed to extract country code from certificate", e);
- }
- }
- }
+ String countryCode = authData.getCcc();
return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
EID_ISSUING_NATION_NAME, countryCode);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
index e8fba6af2..04cc59b10 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
@@ -22,11 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.io.IOException;
+
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
@@ -35,21 +38,28 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
return EID_STORK_TOKEN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (!authSession.isForeigner()) {
+ if (!authData.isForeigner()) {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
} else {
- String storkResponse = authSession.getStorkAuthnResponse();
+ String storkResponse = authData.getStorkAuthnResponse();
if ( MiscUtil.isEmpty(storkResponse) ) {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
} else {
- return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, storkResponse);
+ try {
+ return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME,
+ Base64Utils.encode(storkResponse.getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Encode AuthBlock BASE64 failed.", e);
+ throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
index 807d59050..7f52e1d47 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,7 +32,7 @@ public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
return EID_SECTOR_FOR_IDENTIFIER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
String bpktype = authData.getBPKType();
return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
index 7cd415ada..df1bc1860 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
@@ -26,9 +26,8 @@ import iaik.util.logging.Log;
import java.io.IOException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -39,11 +38,11 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
return EID_SIGNER_CERTIFICATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
try {
- byte[] signerCertificate = authSession.getEncodedSignerCertificate();
+ byte[] signerCertificate = authData.getSignerCertificate();
if (signerCertificate != null) {
return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils
.encode(signerCertificate));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
index 5bf65da04..a8b703fc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -22,10 +22,10 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
public class EIDSourcePIN implements IPVPAttributeBuilder {
@@ -34,11 +34,11 @@ public class EIDSourcePIN implements IPVPAttributeBuilder {
return EID_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (oaParam.getBusinessService())
- throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME);
+ throw new AttributePolicyException(EID_SOURCE_PIN_NAME);
else {
return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
index ec509f74b..0681419fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
@@ -34,7 +33,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder {
return EID_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (oaParam.getBusinessService())
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
index 7bd5e2db5..fcde1e9bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,9 +32,9 @@ public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
return GIVEN_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName());
+ return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
index 55b16edfb..d66b0ab02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
@@ -22,15 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public interface IAttributeBuilder {
public String getName();
- public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData,
+ public <ATT> ATT build(final OAAuthParameter oaParam, final IAuthData authData,
final IAttributeGenerator<ATT> g) throws AttributeException;
public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
index 4528aa1fe..670398ff6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -29,6 +29,7 @@ import javax.xml.transform.TransformerException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -40,13 +41,13 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
return MANDATE_FULL_MANDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- if (authSession.getMandate() != null) {
+ if (authData.isUseMandate()) {
+ if (authData.getMandate() != null) {
String fullMandate;
try {
- fullMandate = DOMUtils.serializeNode(authSession
+ fullMandate = DOMUtils.serializeNode(authData
.getMandate());
return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index 9ab1de50d..9230e47fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -26,9 +26,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -40,10 +39,10 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
return MANDATE_LEG_PER_FULL_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index ca68704c9..04103f28a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu
return MANDATE_LEG_PER_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 5656d1769..02e1d7ce0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index 039fc8af8..38456302c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -28,10 +28,9 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -44,10 +43,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
return MANDATE_NAT_PER_BPK_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -62,11 +61,6 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
}
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- // if(authSession.getBusinessService()) {
- // id = MandateBuilder.getWBPKIdentification(physicalPerson);
- // } else {
- // id = MandateBuilder.getBPKIdentification(physicalPerson);
- // }
if (id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
@@ -76,7 +70,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
try {
if (id.getType().equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index f5dc277bd..4fcfd4650 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -31,9 +31,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -46,10 +45,10 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
return MANDATE_NAT_PER_BIRTHDATE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 2a7bafdbc..3452d7ed0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -29,9 +29,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -43,10 +42,10 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr
return MANDATE_NAT_PER_FAMILY_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index 4707c385a..59d5c65fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -28,9 +28,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -42,10 +41,10 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
return MANDATE_NAT_PER_GIVEN_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 7fbbce9bc..444312759 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -30,7 +30,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
@@ -41,10 +43,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
return MANDATE_NAT_PER_SOURCE_PIN_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -61,12 +63,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- if(authSession.getBusinessService()) {
- id = MandateBuilder.getWBPKIdentification(physicalPerson);
-
-// } else {
-// id = MandateBuilder.getBPKIdentification(physicalPerson);
+ if(oaParam.getBusinessService()) {
+ throw new AttributePolicyException(this.getName());
}
+
if(id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 538cee048..6adc9b532 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -27,9 +27,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -41,10 +40,10 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
@@ -60,11 +59,6 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
}
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- /*if(authSession.getBusinessService()) {
- id = MandateBuilder.getWBPKIdentification(physicalPerson);
- } else {
- id = MandateBuilder.getBPKIdentification(physicalPerson);
- }*/
if(id == null) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
index 814211b24..4c981cb24 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -22,14 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -37,24 +35,24 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
return MANDATE_PROF_REP_DESC_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if(authData.isUseMandate()) {
+ MISMandate mandate = authData.getMISMandate();
+
+
if(mandate == null) {
throw new NoMandateDataAttributeException();
}
- String text = AttributeExtractor.extractSAMLAttributeOA(
- EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
- authSession);
+ String text = mandate.getTextualDescriptionOfOID();
- if(text == null) {
+ if(MiscUtil.isEmpty(text)) {
return null;
- }
-
- return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
- MANDATE_PROF_REP_DESC_NAME, text);
+
+ } else
+ return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, text);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index b040072a6..1a3311c8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -22,14 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -37,21 +35,21 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
return MANDATE_PROF_REP_OID_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+
+ MISMandate mandate = authData.getMISMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
- String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession);
-
- if (oid == null) {
- return null;
- }
-
- return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid);
+ String oid = mandate.getProfRep();
+
+ if(MiscUtil.isEmpty(oid))
+ return null;
+ else
+ return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid);
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 7e7b57e4f..7b41e9bb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,12 +32,12 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
return MANDATE_REFERENCE_VALUE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
+ if (authData.isUseMandate()) {
return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
- authSession.getMandateReferenceValue());
+ authData.getMandateReferenceValue());
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
index 4842141fc..63165f52a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
@@ -25,9 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -38,10 +37,10 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
return MANDATE_TYPE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
+ if (authData.isUseMandate()) {
+ Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
index e8c410555..674efa0d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,7 +32,7 @@ public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
return PVP_VERSION_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
index c687b2bff..11fdeb232 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,9 +32,9 @@ public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
return PRINCIPAL_NAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName());
+ return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName());
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
index b81b30e5b..aff0fc0ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuild
return STORKConstants.ADOPTEDFAMILYNAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.ADOPTEDFAMILYNAME_FRIENDLYNAME, STORKConstants.ADOPTEDFAMILYNAME_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
index 98fe853ff..fb7c60a95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKAgeAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKAgeAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.AGE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.AGE_FRIENDLYNAME, STORKConstants.AGE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
index 6d2b031a5..387e49d25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java
@@ -26,6 +26,7 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.logging.Logger;
@@ -36,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class STORKAttributHelper {
public static String getAttribut(String attributName,
- AuthenticationSession authSession) throws UnavailableAttributeException {
+ IAuthData authSession) throws UnavailableAttributeException {
if (!authSession.isForeigner()) {
throw new UnavailableAttributeException(attributName);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
index c3d6f070d..ddfa63b51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttrib
return STORKConstants.CANONICALRESIDENCEADDRESS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.CANONICALRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.CANONICALRESIDENCEADDRESS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
index c873a86ea..08cd65a6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuil
return STORKConstants.CONTRYCODEOFBIRTH_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.CONTRYCODEOFBIRTH_FRIENDLYNAME, STORKConstants.CONTRYCODEOFBIRTH_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
index 394bffa31..f3a77708b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.FISCALNUMBER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.FISCALNUMBER_FRIENDLYNAME, STORKConstants.FISCALNUMBER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
index 9209e73c4..6f62dbf89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKGenderAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKGenderAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.GENDER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.GENDER_FRIENDLYNAME, STORKConstants.GENDER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
index 59f345bd3..65bf9ff6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuil
return STORKConstants.INHERITEDFAMILYNAME_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.INHERITEDFAMILYNAME_FRIENDLYNAME, STORKConstants.INHERITEDFAMILYNAME_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
index d99833f13..a7a77d7b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.ISAGEOVER_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.ISAGEOVER_FRIENDLYNAME, STORKConstants.ISAGEOVER_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
index 1e627e723..c6ce4e32a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.MARITALSTATUS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.MARITALSTATUS_FRIENDLYNAME, STORKConstants.MARITALSTATUS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
index d46219996..8db5ceeb8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.NATIONALITYCODE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.NATIONALITYCODE_FRIENDLYNAME, STORKConstants.NATIONALITYCODE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
index 7bf6716ec..421f8c28d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.PSEUDONYM_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.PSEUDONYM_FRIENDLYNAME, STORKConstants.PSEUDONYM_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
index d47de1ff9..ceff4cf4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder
return STORKConstants.RESIDENCEPERMIT_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.RESIDENCEPERMIT_FRIENDLYNAME, STORKConstants.RESIDENCEPERMIT_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
index c75d6b0fb..1344883bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBu
return STORKConstants.TEXTRESIDENCEADDRESS_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.TEXTRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.TEXTRESIDENCEADDRESS_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
index 357b2fe0d..5209697d6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java
@@ -22,10 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public class STORKTitleAttributBuilder implements IPVPAttributeBuilder {
@@ -34,11 +33,11 @@ public class STORKTitleAttributBuilder implements IPVPAttributeBuilder {
return STORKConstants.TITLE_NAME;
}
- public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
return g.buildStringAttribute(STORKConstants.TITLE_FRIENDLYNAME, STORKConstants.TITLE_NAME,
- STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authSession));
+ STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authData));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
index 60fe47364..1e0e2ee51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
@@ -20,21 +20,21 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-public class PVP2EncodingException extends PVP2Exception {
-
- public PVP2EncodingException() {
- super("pvp2.01", null);
+public class AttributePolicyException extends AttributeException {
+
+ private static final long serialVersionUID = 1L;
+
+ private String attributeName;
+
+ public AttributePolicyException(String attributeName) {
+ super("Attribute " + attributeName + " is restricted by IDP policy.");
+ this.attributeName = attributeName;
}
- public PVP2EncodingException(Throwable wrapped) {
- super("pvp2.01", null, wrapped);
+ public String getAttributeName() {
+ return attributeName;
}
-
- /**
- *
- */
- private static final long serialVersionUID = -1348774139990071020L;
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index ebfffb648..255fba093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -52,9 +52,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class PVPConfiguration {
@@ -68,9 +70,11 @@ public class PVPConfiguration {
return instance;
}
- public static final String PVP2_METADATA = "/pvp2/metadata";
- public static final String PVP2_REDIRECT = "/pvp2/redirect";
- public static final String PVP2_POST = "/pvp2/post";
+ public static final String PVP2_METADATA = "/pvp2/metadata";
+ public static final String PVP2_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_POST = "/pvp2/post";
+ public static final String PVP2_SOAP = "/pvp2/soap";
+ public static final String PVP2_ATTRIBUTEQUERY = "/pvp2/attributequery";
public static final String PVP_CONFIG_FILE = "pvp2config.properties";
@@ -83,6 +87,9 @@ public class PVPConfiguration {
public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias";
public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword";
+ public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias";
+ public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword";
+
public static final String IDP_ISSUER_NAME = "idp.issuer.name";
public static final String METADATA_FILE = "md.dir";
@@ -112,12 +119,14 @@ public class PVPConfiguration {
//PVP2 generalpvpconfigdb;
Properties props;
+ String rootDir = null;
private PVPConfiguration() {
try {
//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
-
+ rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
} catch (ConfigurationException e) {
e.printStackTrace();
}
@@ -138,6 +147,14 @@ public class PVPConfiguration {
return getIDPPublicPath() + PVP2_POST;
}
+ public String getIDPSSOSOAPService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_SOAP;
+ }
+
+ public String getIDPAttributeQueryService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_ATTRIBUTEQUERY;
+ }
+
public String getIDPSSORedirectService() throws ConfigurationException {
return getIDPPublicPath() + PVP2_REDIRECT;
}
@@ -147,7 +164,7 @@ public class PVPConfiguration {
}
public String getIDPKeyStoreFilename() {
- return props.getProperty(IDP_JAVAKEYSTORE);
+ return FileUtils.makeAbsoluteURL(props.getProperty(IDP_JAVAKEYSTORE), rootDir);
}
public String getIDPKeyStorePassword() {
@@ -170,6 +187,14 @@ public class PVPConfiguration {
return props.getProperty(IDP_KEY_PASSASSERTION);
}
+ public String getIDPKeyAliasAssertionEncryption() {
+ return props.getProperty(IDP_KEYALIASASSERTION);
+ }
+
+ public String getIDPKeyPasswordAssertionEncryption() {
+ return props.getProperty(IDP_KEY_PASSASSERTION);
+ }
+
public String getIDPIssuerName() throws ConfigurationException {
if (moaIDVersion == null) {
@@ -223,7 +248,7 @@ public class PVPConfiguration {
public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
try {
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
+ IOAAuthParameters oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
if (oaParam == null) {
Logger.warn("Online Application with ID " + entityID + " not found!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
new file mode 100644
index 000000000..69ca4e8f5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AssertionAttributeExtractorExeption extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6459000942830951492L;
+
+ public AssertionAttributeExtractorExeption(String attributeName) {
+ super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName
+ + " can not extract.", null);
+ }
+
+ public AssertionAttributeExtractorExeption(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public AssertionAttributeExtractorExeption() {
+ super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
new file mode 100644
index 000000000..fcd8472b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AssertionValidationExeption extends PVP2Exception {
+
+ private static final long serialVersionUID = -3987805399122286259L;
+
+ public AssertionValidationExeption(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param string
+ * @param object
+ * @param e
+ */
+ public AssertionValidationExeption(String string, Object[] parameters,
+ Throwable e) {
+ super(string, parameters, e);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
index fdc8c8d39..9008a7183 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,21 +19,26 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
+ */
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoAuthContextException extends PVP2Exception {
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryException extends PVP2Exception {
/**
*
*/
- private static final long serialVersionUID = 7040652043174500992L;
+ private static final long serialVersionUID = -4302422507173728748L;
- public NoAuthContextException() {
- super("pvp2.04", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ public AttributQueryException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
index 69da5c09c..b49070bd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
@@ -30,7 +30,7 @@ public class InvalidAssertionEncryptionException extends PVP2Exception {
public InvalidAssertionEncryptionException() {
super("pvp2.16", new Object[]{});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
new file mode 100644
index 000000000..204e1c2a5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class NOSLOServiceDescriptorException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3073730570511152661L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public NOSLOServiceDescriptorException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b5facde34..87e443930 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -22,10 +22,14 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
public NameIDFormatNotSupportedException(String nameIDFormat) {
super("pvp2.12", new Object[] {nameIDFormat});
+ statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
new file mode 100644
index 000000000..9f1b6168e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOException extends PVP2Exception {
+ private static final long serialVersionUID = -5284624715788385022L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SLOException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
index 11054fd57..332caf967 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,106 +19,96 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
import java.io.Serializable;
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.logging.Logger;
-public class MOARequest implements Serializable{
+/**
+ * @author tlenz
+ *
+ */
+public class InboundMessage implements InboundMessageInterface, Serializable{
private static final long serialVersionUID = 2395131650841669663L;
- private Element samlRequest;
+ private Element samlMessage = null;
private boolean verified = false;
private String entityID = null;
private String relayState = null;
- public MOARequest(RequestAbstractType request) {
- samlRequest = request.getDOM();
- }
-
- public RequestAbstractType getSamlRequest() {
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest);
+
+ public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
try {
- return (RequestAbstractType) unmashaller.unmarshall(samlRequest);
+ return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
- } catch (UnmarshallingException e) {
- Logger.warn("AuthnRequest Unmarshaller error", e);
- return null;
- }
-
+ } catch (MetadataProviderException e) {
+ Logger.warn("No Metadata for EntitiyID " + entityID);
+ throw new NoMetadataInformationException();
+ }
}
-
-
/**
- * @return the relayState
+ * @param entitiyID the entitiyID to set
*/
- public String getRelayState() {
- return relayState;
+ public void setEntityID(String entitiyID) {
+ this.entityID = entitiyID;
}
-
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
/**
* @param relayState the relayState to set
*/
public void setRelayState(String relayState) {
this.relayState = relayState;
}
-
- public void setSamlRequest(RequestAbstractType request) {
- this.samlRequest = request.getDOM();
- }
-
- public boolean isVerified() {
- return verified;
- }
-
- public void setVerified(boolean verified) {
- this.verified = verified;
+
+ public void setSAMLMessage(Element msg) {
+ this.samlMessage = msg;
}
-
- public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
-
- try {
- return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
-
- } catch (MetadataProviderException e) {
- Logger.warn("No Metadata for EntitiyID " + entityID);
- throw new NoMetadataInformationException();
- }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
+ */
+ @Override
+ public String getRelayState() {
+ return relayState;
}
- /**
- * @return the entitiyID
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
*/
+ @Override
public String getEntityID() {
return entityID;
}
- /**
- * @param entitiyID the entitiyID to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
*/
- public void setEntityID(String entitiyID) {
- this.entityID = entitiyID;
+ @Override
+ public boolean isVerified() {
+ return verified;
}
-
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
+ */
+ @Override
+ public Element getInboundMessage() {
+ return samlMessage;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
new file mode 100644
index 000000000..60a6f069a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface InboundMessageInterface {
+
+ public String getRelayState();
+ public String getEntityID();
+ public boolean isVerified();
+ public Element getInboundMessage();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
new file mode 100644
index 000000000..7679e74a6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
@@ -0,0 +1,66 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.SignableXMLObject;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOARequest extends InboundMessage{
+
+ private static final long serialVersionUID = 8613921176727607896L;
+
+ private String binding = null;
+
+ public MOARequest(SignableXMLObject inboundMessage, String binding) {
+ setSAMLMessage(inboundMessage.getDOM());
+ this.binding = binding;
+
+ }
+
+ public String getRequestBinding() {
+ return binding;
+ }
+
+ public SignableXMLObject getSamlRequest() {
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnRequest Unmarshaller error", e);
+ return null;
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
index 3d21d95c4..870273cf3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
@@ -20,41 +20,37 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+import org.opensaml.Configuration;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
-public class MOAResponse {
- private Response samlResponse;
- private EntityDescriptor entityMetadata;
- private boolean verified = false;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
- public MOAResponse(Response response) {
- samlResponse = response;
- }
-
- public Response getSamlResponse() {
- return samlResponse;
- }
-
- public void setSamlResponse(Response samlResponse) {
- this.samlResponse = samlResponse;
- }
+public class MOAResponse extends InboundMessage {
+
+ private static final long serialVersionUID = -1133012928130138501L;
- public boolean isVerified() {
- return verified;
+ public MOAResponse(Response response) {
+ setSAMLMessage(response.getDOM());
}
- public void setVerified(boolean verified) {
- this.verified = verified;
+ public Response getResponse() {
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (Response) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnResponse Unmarshaller error", e);
+ return null;
+ }
+
}
- public EntityDescriptor getEntityMetadata() {
- return entityMetadata;
- }
-
- public void setEntityMetadata(EntityDescriptor entityMetadata) {
- this.entityMetadata = entityMetadata;
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 6d9022bd9..a57fb5717 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -22,6 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
@@ -31,9 +32,10 @@ import java.util.List;
import java.util.Map;
import java.util.Timer;
+import javax.net.ssl.SSLHandshakeException;
import javax.xml.namespace.QName;
-import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -46,9 +48,15 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -118,14 +126,15 @@ public class MOAMetadataProvider implements MetadataProvider {
}
}
+ //set Timestamp
+ Date oldTimeStamp = timestamp;
+ timestamp = new Date();
+
//load all PVP2 OAs form ConfigurationDatabase and
//compare actually loaded Providers with configured PVP2 OAs
List<OnlineApplication> oaList = ConfigurationDBRead
.getAllActiveOnlineApplications();
-
- //set Timestamp
- timestamp = new Date();
-
+
Iterator<OnlineApplication> oaIt = oaList.iterator();
while (oaIt.hasNext()) {
HTTPMetadataProvider httpProvider = null;
@@ -138,7 +147,16 @@ public class MOAMetadataProvider implements MetadataProvider {
String metadataurl = pvp2Config.getMetadataURL();
if (loadedproviders.containsKey(metadataurl)) {
- //PVP2 OA is actually loaded, to nothing
+
+ if (pvp2Config.getUpdateRequiredItem() != null &&
+ pvp2Config.getUpdateRequiredItem().after(oldTimeStamp)) {
+ //PVP2 OA is actually loaded, but update is requested
+ Logger.info("Reload metadata for: " + oa.getFriendlyName());
+ loadedproviders.get(metadataurl).refresh();
+
+ }
+
+ // PVP2 OA is actually loaded, to nothing
providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
@@ -146,11 +164,14 @@ public class MOAMetadataProvider implements MetadataProvider {
} else if ( MiscUtil.isNotEmpty(metadataurl) &&
!providersinuse.containsKey(metadataurl) ) {
//PVP2 OA is new, add it to MOAMetadataProvider
+
Logger.info("Loading metadata for: " + oa.getFriendlyName());
httpProvider = createNewHTTPMetaDataProvider(
pvp2Config.getMetadataURL(),
pvp2Config.getCertificate(),
- oa.getFriendlyName());
+ oa.getFriendlyName(),
+ buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(),
+ pvp2Config.getCertificate()));
if (httpProvider != null)
providersinuse.put(metadataurl, httpProvider);
@@ -256,7 +277,9 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider = createNewHTTPMetaDataProvider(
metadataURL,
pvp2Config.getCertificate(),
- oa.getFriendlyName());
+ oa.getFriendlyName(),
+ buildMetadataFilterChain(oa, metadataURL,
+ pvp2Config.getCertificate()));
if (httpProvider != null)
providersinuse.put(metadataURL, httpProvider);
@@ -295,13 +318,45 @@ public class MOAMetadataProvider implements MetadataProvider {
timestamp = new Date();
}
- private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) {
+ private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException {
+ MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+
+ if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) {
+ Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
+ filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType()));
+
+ }
+
+ return filterChain;
+ }
+
+ private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
HTTPMetadataProvider httpProvider = null;
Timer timer= null;
-
- try {
+ MOAHttpClient httpClient = null;
+ try {
+ httpClient = new MOAHttpClient();
+
+ if (metadataURL.startsWith("https:")) {
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+
+ httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
timer = new Timer();
- httpProvider = new HTTPMetadataProvider(timer, new HttpClient(),
+ httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
httpProvider.setParserPool(new BasicParserPool());
httpProvider.setRequireValidMetadata(true);
@@ -309,17 +364,20 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
//httpProvider.setRefreshDelayFactor(0.1F);
- // TODO: use proper SSL checking
-
- MetadataFilter filter = new MetadataSignatureFilter(
- metadataURL, certificate);
+ if (filter == null) {
+ filter = new MetadataFilterChain(metadataURL, certificate);
+ }
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
return httpProvider;
-
-
+
} catch (Throwable e) {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ Logger.warn("SSL-Server certificate for metadata "
+ + metadataURL + " not trusted.", e);
+ }
+
Logger.error(
"Failed to add Metadata file for "
+ oaName + "[ "
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index 04ef4cdbf..303fc2924 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -30,10 +30,12 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -41,18 +43,18 @@ import at.gv.egovernment.moa.logging.Logger;
public class ArtifactResolution implements IRequestHandler {
- public boolean handleObject(MOARequest obj) {
- return (obj.getSamlRequest() instanceof ArtifactResolve);
+ public boolean handleObject(InboundMessage obj) {
+ return (obj instanceof MOARequest &&
+ ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve);
}
- public String process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
-
- ArtifactResolve artifactResolve = (ArtifactResolve) obj
- .getSamlRequest();
+
+ ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj).getSamlRequest();
String artifactID = artifactResolve.getArtifact().getArtifact();
PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index fd7ff9885..ca5210d21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -22,72 +22,55 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-import java.util.ArrayList;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
-import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
- public boolean handleObject(MOARequest obj) {
- return (obj.getSamlRequest() instanceof AuthnRequest);
+ public boolean handleObject(InboundMessage obj) {
+
+ return (obj instanceof MOARequest &&
+ ((MOARequest)obj).getSamlRequest() instanceof AuthnRequest);
}
- public String process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
-
+
//get basic information
- AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
+ MOARequest moaRequest = (MOARequest) obj;
+ AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
EntityDescriptor peerEntity = obj.getEntityMetadata();
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
@@ -113,91 +96,14 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
DateTime date = new DateTime();
- //build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService);
-
- Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
- Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- //change to entity value from entity name to IDP EntityID (URL)
- nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
- nissuer.setFormat(NameID.ENTITY);
- authResponse.setIssuer(nissuer);
- authResponse.setInResponseTo(authnRequest.getID());
-
- //set responseID
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authResponse.setID(remoteSessionID);
-
+ SLOInformationImpl sloInformation = new SLOInformationImpl();
- //SAML2 response required IssueInstant
- authResponse.setIssueInstant(date);
+ //build Assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData,
+ peerEntity, date, consumerService, sloInformation);
- authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
- String oaURL = consumerService.getLocation();
-
- //check, if metadata includes an encryption key
- MetadataCredentialResolver mdCredResolver =
- new MetadataCredentialResolver(MOAMetadataProvider.getInstance());
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(obj.getSamlRequest().getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-
- X509Credential encryptionCredentials = null;
- try {
- encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-
- } catch (SecurityException e2) {
- Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive();
- if (encryptionCredentials != null && isEncryptionActive) {
- //encrypt SAML2 assertion
-
- try {
-
- EncryptionParameters dataEncParams = new EncryptionParameters();
- dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-
- List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
- KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
-
- keyEncParam.setEncryptionCredential(encryptionCredentials);
- keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
- KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
- .getKeyInfoGeneratorManager().getDefaultManager()
- .getFactory(encryptionCredentials);
- keyEncParam.setKeyInfoGenerator(kigf.newInstance());
- keyEncParamList.add(keyEncParam);
-
- Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
- //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
- samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-
- EncryptedAssertion encryptAssertion = null;
-
- encryptAssertion = samlEncrypter.encrypt(assertion);
-
- authResponse.getEncryptedAssertions().add(encryptAssertion);
-
- } catch (EncryptionException e1) {
- Logger.warn("Can not encrypt the PVP2 assertion", e1);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- } else {
- authResponse.getAssertions().add(assertion);
-
- }
-
+ Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion);
+
IEncoder binding = null;
if (consumerService.getBinding().equals(
@@ -218,32 +124,21 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
if (binding == null) {
throw new BindingNotSupportedException(consumerService.getBinding());
}
-
+
try {
- binding.encodeRespone(req, resp, authResponse, oaURL, obj.getRelayState());
- // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
-
-// Logger logger = new Logger();
-// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse)));
-
-
- return assertion.getID();
+ binding.encodeRespone(req, resp, authResponse,
+ consumerService.getLocation(), obj.getRelayState());
+
+ return sloInformation;
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);
throw new MOAIDException("pvp2.01", null, e);
+
} catch (SecurityException e) {
Logger.error("Security exception", e);
throw new MOAIDException("pvp2.01", null, e);
-// } catch (TransformerException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
-// } catch (IOException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
-// } catch (MarshallingException e) {
-// Logger.error("Security exception", e);
-// throw new MOAIDException("pvp2.01", null, e);
+
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 92a47adb3..d1ae0b202 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -25,13 +25,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
public interface IRequestHandler {
- public boolean handleObject(MOARequest obj);
+ public boolean handleObject(InboundMessage obj);
- public String process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
+ public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req,
+ HttpServletResponse resp, IAuthData authData) throws MOAIDException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a4f43a97a..5b9bf940d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -29,9 +29,12 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
public class RequestManager {
@@ -53,13 +56,13 @@ public class RequestManager {
handler.add(new ArtifactResolution());
}
- public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ public SLOInformationInterface handle(InboundMessage obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData)
throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
IRequestHandler handler = it.next();
if(handler.handleObject(obj)) {
- return handler.process(obj, req, resp, moasession);
+ return handler.process(obj, req, resp, authData);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index d95e21a0e..48e435777 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
public class CredentialProvider {
@@ -86,7 +87,32 @@ public class CredentialProvider {
throw new CredentialsNotAvailableException(e.getMessage(), null);
}
}
-
+
+ public static X509Credential getIDPAssertionEncryptionCredential()
+ throws CredentialsNotAvailableException {
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ if (keyStore == null)
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
+
+ //if no encryption key is configured return null
+ if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption()))
+ return null;
+
+ MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
+ keyStore, config.getIDPKeyAliasAssertionEncryption(), config
+ .getIDPKeyPasswordAssertionEncryption().toCharArray());
+
+ credentials.setUsageType(UsageType.ENCRYPTION);
+ return (X509Credential) credentials;
+ } catch (Exception e) {
+ Logger.error("Failed to generate IDP Assertion Encryption credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
+
public static Signature getIDPSignature(Credential credentials) {
PrivateKey privatekey = credentials.getPrivateKey();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
new file mode 100644
index 000000000..61b481447
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Subject;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionAttributeExtractor {
+
+ private Assertion assertion = null;
+
+ public AssertionAttributeExtractor(Response samlResponse) throws AssertionAttributeExtractorExeption {
+ if (samlResponse != null) {
+ if (samlResponse.getAssertions().size() == 0)
+ throw new AssertionAttributeExtractorExeption("Assertion");
+
+ else if (samlResponse.getAssertions().size() > 1)
+ Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
+
+ assertion = samlResponse.getAssertions().get(0);
+
+ } else
+ throw new AssertionAttributeExtractorExeption();
+ }
+
+ public String getNameID() throws AssertionAttributeExtractorExeption {
+ if (assertion.getSubject() != null) {
+ Subject subject = assertion.getSubject();
+
+ if (subject.getNameID() != null) {
+ if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))
+ return subject.getNameID().getValue();
+
+ else
+ Logger.error("SAML2 NameID Element is empty.");
+ }
+ }
+
+ throw new AssertionAttributeExtractorExeption("nameID");
+ }
+
+ public String getSessionIndex() throws AssertionAttributeExtractorExeption {
+ AuthnStatement authn = getAuthnStatement();
+
+ if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
+ return authn.getSessionIndex();
+
+ else
+ throw new AssertionAttributeExtractorExeption("SessionIndex");
+ }
+
+ /**
+ * @return
+ * @throws AssertionAttributeExtractorExeption
+ */
+ public String getQAALevel() throws AssertionAttributeExtractorExeption {
+ AuthnStatement authn = getAuthnStatement();
+ if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
+ AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
+
+ if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
+ return qaaClass.getAuthnContextClassRef();
+
+ else
+ throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");
+ }
+
+ throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");
+ }
+
+ private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
+ List<AuthnStatement> authnList = assertion.getAuthnStatements();
+ if (authnList.size() == 0)
+ throw new AssertionAttributeExtractorExeption("AuthnStatement");
+
+ else if (authnList.size() > 1)
+ Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
+
+ return authnList.get(0);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
deleted file mode 100644
index 666bfab3c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.Iterator;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-
-public class AttributeExtractor {
-
- public static String extractSAMLAttributeOA(String name,
- AuthenticationSession authSession) {
- List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA();
- if(extAttributes == null) {
- return null;
- }
- Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
- while(extAttributesIt.hasNext()) {
- Object attr = extAttributesIt.next();
- if(attr instanceof ExtendedSAMLAttribute) {
- ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
- if(extAttribute.getName().equals(name)) {
- if(extAttribute.getValue() instanceof String) {
- return extAttribute.getValue().toString();
- }
- break;
- }
- }
- }
- return null;
- }
-
- public static String extractSAMLAttributeAUTH(String name,
- AuthenticationSession authSession) {
- List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH();
- if(extAttributes == null) {
- return null;
- }
- Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
- while(extAttributesIt.hasNext()) {
- Object attr = extAttributesIt.next();
- if(attr instanceof ExtendedSAMLAttribute) {
- ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
- if(extAttribute.getName().equals(name)) {
- if(extAttribute.getValue() instanceof String) {
- return extAttribute.getValue().toString();
- }
- break;
- }
- }
- }
- return null;
- }
-
- public static String extractSAMLAttributeBOTH(String name,
- AuthenticationSession authSession) {
- String value = extractSAMLAttributeOA(name, authSession);
- if(value == null) {
- value = extractSAMLAttributeAUTH(name, authSession);
- }
- return value;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
new file mode 100644
index 000000000..12de97a3f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
+import org.opensaml.ws.soap.client.http.HttpClientBuilder;
+import org.opensaml.ws.soap.client.http.HttpSOAPClient;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOASAMLSOAPClient {
+
+ public static List<XMLObject> send(String destination, XMLObject payLoad) throws ConfigurationException, SOAPException, SecurityException {
+ //build SOAP request
+ BasicParserPool parserPool = new BasicParserPool();
+ parserPool.setNamespaceAware(true);
+
+ Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(payLoad);
+
+ BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
+ soapContext.setOutboundMessage(soapRequest);
+
+ HttpClientBuilder clientBuilder = new HttpClientBuilder();
+ if (destination.startsWith("https")) {
+ try {
+ SecureProtocolSocketFactory sslprotocolsocketfactory =
+ new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+ clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
+ HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
+
+ //send request to IDP
+ soapClient.send(destination, soapContext);
+
+ //parse response
+ Envelope soapResponse = (Envelope) soapContext.getInboundMessage();
+ Body soapBody = soapResponse.getBody();
+
+ return soapBody.getUnknownXMLObjects();
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index b52e37e06..9d57c2bae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -38,6 +38,8 @@ import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.Marshaller;
@@ -115,4 +117,15 @@ public class SAML2Utils {
return 0;
}
+
+ public static Envelope buildSOAP11Envelope(XMLObject payload) {
+ XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
+ Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
+ Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
+
+ body.getUnknownXMLObjects().add(payload);
+ envelope.setBody(body);
+
+ return envelope;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index ac222ee54..6388042d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -22,21 +22,60 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.encryption.Decrypter;
+import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;
+import org.opensaml.xml.encryption.DecryptionException;
+import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
+import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
+import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.logging.Logger;
+
public class SAMLVerificationEngine {
+
+ public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+ if (msg instanceof MOARequest &&
+ ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
+ verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
+
+ else
+ verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
+
+ }
+
+
public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
try {
@@ -48,16 +87,16 @@ public class SAMLVerificationEngine {
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
} catch (SecurityException e) {
- // Indicates processing error evaluating the signature
e.printStackTrace();
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
}
@@ -78,12 +117,96 @@ public class SAMLVerificationEngine {
try {
if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new Exception("Signature was either invalid or signing key could not be established as trusted");
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
} catch (SecurityException e) {
- // Indicates processing error evaluating the signature
- e.printStackTrace();
+ e.printStackTrace();
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
}
}
+ public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption {
+ try {
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+ List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
+
+ if (validateDestination && !samlResp.getDestination().startsWith(
+ PVPConfiguration.getInstance().getIDPPublicPath())) {
+ Logger.warn("PVP 2.1 assertion destination does not match to IDP URL");
+ throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null);
+
+ }
+
+ //check encrypted Assertion
+ List<EncryptedAssertion> encryAssertionList = samlResp.getEncryptedAssertions();
+ if (encryAssertionList != null && encryAssertionList.size() > 0) {
+ //decrypt assertions
+
+ Logger.debug("Found encryped assertion. Start decryption ...");
+
+ X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential();
+
+ StaticKeyInfoCredentialResolver skicr =
+ new StaticKeyInfoCredentialResolver(authDecCredential);
+
+ ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
+ encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
+
+ Decrypter samlDecrypter =
+ new Decrypter(null, skicr, encryptedKeyResolver);
+
+ for (EncryptedAssertion encAssertion : encryAssertionList) {
+ saml2assertions.add(samlDecrypter.decrypt(encAssertion));
+
+ }
+
+ Logger.debug("Assertion decryption finished. ");
+
+ } else {
+ saml2assertions.addAll(samlResp.getAssertions());
+
+ }
+
+ for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+
+ Conditions conditions = saml2assertion.getConditions();
+ DateTime notbefore = conditions.getNotBefore();
+ DateTime notafter = conditions.getNotOnOrAfter();
+ if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+ Logger.warn("PVP2 Assertion is out of Date");
+ saml2assertions.remove(saml2assertion);
+
+ }
+ }
+
+ if (saml2assertions.isEmpty()) {
+ Logger.info("No valid PVP 2.1 assertion received.");
+ throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null);
+ }
+
+ samlResp.getAssertions().clear();
+ samlResp.getEncryptedAssertions().clear();
+ samlResp.getAssertions().addAll(saml2assertions);
+
+ } else {
+ Logger.info("PVP 2.1 assertion includes an error. Receive errorcode "
+ + samlResp.getStatus().getStatusCode().getValue());
+ throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode "
+ + samlResp.getStatus().getStatusCode().getValue(), null);
+ }
+
+ } catch (CredentialsNotAvailableException e) {
+ Logger.warn("Assertion decrypt FAILED - No Credentials", e);
+ throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e);
+
+ } catch (DecryptionException e) {
+ Logger.warn("Assertion decrypt FAILED.", e);
+ throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e);
+
+ } catch (ConfigurationException e) {
+ throw new AssertionValidationExeption("pvp.12", null, e);
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
new file mode 100644
index 000000000..3d608fd6d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InterfederatedIDPPublicServiceFilter implements MetadataFilter {
+
+ private String metadataURL;
+ private boolean isPublicService = false;
+
+ /**
+ *
+ */
+ public InterfederatedIDPPublicServiceFilter(String metadataURL, String oaType) {
+ Logger.debug("Add " + this.getClass().getName() + " to metadata policy");
+ this.metadataURL = metadataURL;
+
+ if (oaType.equals("businessService"))
+ this.isPublicService = false;
+ else
+ this.isPublicService = true;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+
+ boolean metadatacheck = ValidationHelper.isPublicServiceAllowed(this.metadataURL);
+
+ if (isPublicService && isPublicService != metadatacheck) {
+ Logger.warn("Interfederated IDP " + metadataURL + " is configured " +
+ "as Public-Servic IDP but PublicService policy check FAILED.");
+ throw new FilterException("Interfederated IDP " + metadataURL + " is configured " +
+ "as Public-Servic IDP but PublicService policy check FAILED.");
+
+ }
+
+ Logger.info("Metadata PublicService policy check done OK");
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
new file mode 100644
index 000000000..4e1d939ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MetadataFilterChain implements MetadataFilter {
+
+ private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
+
+ /**
+ * @throws CertificateException
+ *
+ */
+ public MetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+ addDefaultFilters(url, certificate);
+ }
+
+ public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+ filters.add(new MetadataSignatureFilter(url, certificate));
+
+ }
+
+ /**
+ * @return the filter
+ */
+ public List<MetadataFilter> getFilters() {
+ return filters;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+ for (MetadataFilter filter : filters) {
+ Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName());
+ filter.doFilter(arg0);
+ }
+
+ }
+
+
+
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index ed0cf9c62..0405fa114 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
import iaik.x509.X509Certificate;
@@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
public class MetadataSignatureFilter implements MetadataFilter {
@@ -151,9 +152,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
ConfigurationDBUtils.closeSession();
- Logger.info("Metadata Filter done OK");
+ Logger.info("Metadata signature policy check done OK");
} catch (MOAIDException e) {
- e.printStackTrace();
+ Logger.warn("Metadata signature policy check FAILED.", e);
throw new FilterException(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c337433b6..67f780b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,30 +27,26 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException {
String oaURL = (String) req.getOAURL();
- String target = (String) req.getTarget();
String sourceID = null;
if (req instanceof SAML1RequestImpl) {
@@ -59,42 +55,32 @@ public class GetArtifactAction implements IAction {
}
- try {
-
-
- if (oaURL == null) {
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
- }
+ SAML1AuthenticationData authData;
+ if (obj instanceof SAML1AuthenticationData) {
+ authData = (SAML1AuthenticationData) obj;
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
-
- // TODO: Support Mandate MODE!
+ } else {
+ Logger.error("AuthDate is NOT of type SAML1AuthenticationData.");
+ throw new AuthenticationException("AuthDate is NOT of type SAML1AuthenticationData.", new Object[]{});
+ }
+
+ try {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
-
- AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
- oaParam,
- target);
+ .getOnlineApplicationParameter(oaURL);
+ SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
// add other stork attributes to MOA assertion if available
- if(null != session.getStorkAttributes()) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes());
- session.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
- //produce MOA-Assertion and artifact
- AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+ if(null != authData.getStorkAttributes()) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(authData.getStorkAttributes());
+ authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
- String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID);
+ String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
- if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
- String url = "RedirectServlet";
+ if (authData.isSsoSession()) {
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
if (!oaParam.getBusinessService())
url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
@@ -122,7 +108,10 @@ public class GetArtifactAction implements IAction {
Logger.debug("REDIRECT TO: " + redirectURL);
}
- return authData.getAssertionID();
+ SLOInformationInterface sloInformation =
+ new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule());
+
+ return sloInformation;
} catch (Exception ex) {
Logger.error("SAML1 Assertion build error", ex);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 0f5e9ee68..2b4aaf458 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -56,7 +56,7 @@ import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.Constants;
@@ -138,12 +138,9 @@ public class GetAuthenticationDataService implements Constants {
try {
- AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
+ samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact);
-// useUTC = authData.getUseUTC();
-
// success
- samlAssertion = authData.getSamlAssertion();
statusCode = "samlp:Success";
statusMessageCode = "1200";
}
@@ -153,18 +150,18 @@ public class GetAuthenticationDataService implements Constants {
try {
Throwable error = saml1server.getErrorResponse(samlArtifact);
statusCode = "samlp:Responder";
- subStatusCode = "samlp:RequestDenied";
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
if (error instanceof MOAIDException) {
- statusMessageCode = ((MOAIDException)error).getMessageId();
+ statusMessageCode = ((MOAIDException)error).getMessageId();
statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
} else {
- statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
- }
-
-
-
+ statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
+ }
+ subStatusCode = errorUtils.getResponseErrorCode(error);
+
} catch (Exception e) {
//no authentication data for given SAML artifact
statusCode = "samlp:Requester";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
new file mode 100644
index 000000000..d48c0a9bb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -0,0 +1,177 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.text.ParseException;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+
+public class SAML1AuthenticationData extends AuthenticationData {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1042697056735596866L;
+/**
+ * major version number of the SAML assertion
+ */
+ private int majorVersion;
+ /**
+ * minor version number of the SAML assertion
+ */
+ private int minorVersion;
+ /**
+ * identifier for this assertion
+ */
+ private String assertionID;
+/**
+ * @return the majorVersion
+ */
+
+ private String samlAssertion = null;
+
+ private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
+
+
+ public SAML1AuthenticationData() {
+ this.setMajorVersion(1);
+ this.setMinorVersion(0);
+ this.setAssertionID(Random.nextRandom());
+ }
+
+
+ //this method is only required for MOA-ID Proxy 2.0 Release.
+ //TODO: remove it, if MOA-ID Proxy is not supported anymore.
+ public String getWBPK() {
+ return getBPK();
+ }
+
+public int getMajorVersion() {
+ return majorVersion;
+}
+/**
+ * @param majorVersion the majorVersion to set
+ */
+public void setMajorVersion(int majorVersion) {
+ this.majorVersion = majorVersion;
+}
+/**
+ * @return the minorVersion
+ */
+public int getMinorVersion() {
+ return minorVersion;
+}
+/**
+ * @param minorVersion the minorVersion to set
+ */
+public void setMinorVersion(int minorVersion) {
+ this.minorVersion = minorVersion;
+}
+/**
+ * @return the assertionID
+ */
+public String getAssertionID() {
+ return assertionID;
+}
+/**
+ * @param assertionID the assertionID to set
+ */
+public void setAssertionID(String assertionID) {
+ this.assertionID = assertionID;
+}
+
+public void setIssueInstant(String date) {
+ try {
+ setIssueInstant(DateTimeUtils.parseDateTime(date));
+
+ } catch (ParseException e) {
+ Logger.error("Parse IssueInstant element FAILED.", e);
+
+ }
+}
+
+/**
+ * @return the samlAssertion
+ */
+public String getSamlAssertion() {
+ return samlAssertion;
+}
+
+/**
+ * @param samlAssertion the samlAssertion to set
+ */
+public void setSamlAssertion(String samlAssertion) {
+ this.samlAssertion = samlAssertion;
+}
+
+/**
+ * @return the extendedSAMLAttributesOA
+ */
+public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
+ return extendedSAMLAttributesOA;
+}
+
+/**
+ * @param extendedSAMLAttributesOA the extendedSAMLAttributesOA to set
+ */
+public void setExtendedSAMLAttributesOA(
+ List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
+ this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
+}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 6391860ff..52b9b40ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.IOException;
-import java.util.Date;
import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
@@ -116,7 +115,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
*
* @return <code>AuthenticationData</code>
*/
- public AuthenticationData getSaml1AuthenticationData(String samlArtifact)
+ public String getSaml1AuthenticationData(String samlArtifact)
throws AuthenticationException {
try {
new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
@@ -125,13 +124,13 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
}
- AuthenticationData authData = null;
+ String authData = null;
synchronized (authenticationDataStore) {
// System.out.println("assertionHandle: " + assertionHandle);
try {
authData = authenticationDataStore
- .get(samlArtifact, AuthenticationData.class);
+ .get(samlArtifact, String.class, authDataTimeOut);
} catch (MOADatabaseException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
@@ -140,12 +139,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
authenticationDataStore.remove(samlArtifact);
-
- long now = new Date().getTime();
-
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207", new Object[] { samlArtifact });
-
+
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
return authData;
@@ -163,9 +157,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return samlArtifact;
}
- public String BuildSAMLArtifact(AuthenticationSession session,
- OAAuthParameter oaParam,
- AuthenticationData authData, String sourceID)
+ public String BuildSAMLArtifact(OAAuthParameter oaParam,
+ SAML1AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
//Load SAML1 Parameter from OA config
@@ -179,7 +172,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set BASE64 encoded signer certificate
String signerCertificateBase64 = "";
if (saml1parameter.isProvideCertificate()) {
- byte[] signerCertificate = session.getEncodedSignerCertificate();
+ byte[] signerCertificate = authData.getSignerCertificate();
if (signerCertificate != null) {
signerCertificateBase64 = Base64Utils
@@ -195,41 +188,31 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
provideStammzahl);
//set Authblock
- String authBlock = saml1parameter.isProvideAUTHBlock() ? session
+ String authBlock = saml1parameter.isProvideAUTHBlock() ? authData
.getAuthBlock() : "";
//set IdentityLink for assortion
String ilAssertion = "";
if (saml1parameter.isProvideIdentityLink()) {
- if (oaParam.getBusinessService()) {
- //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-
-// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
-// .getSamlAssertion());
-//
-// ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
- } else {
- ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-
- if (!saml1parameter.isProvideStammzahl())
- ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
- .getIdentificationValue(), "");
-
- }
+ if (!saml1parameter.isProvideStammzahl())
+ ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
+ .getIdentificationValue(), "");
}
+
String samlAssertion;
- if (session.getUseMandate()) {
- List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA();
+ if (authData.isUseMandate()) {
+ List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
if (saml1parameter.isProvideFullMandatorData()) {
try {
ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
- session.getMISMandate(), oaParam.getBusinessService(),
+ authData.getMISMandate(), oaParam.getBusinessService(),
saml1parameter.isProvideStammzahl());
if (extendedSAMLAttributes != null) {
@@ -293,7 +276,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
- String mandateDate = generateMandateDate(session, oaParam, authData);
+ String mandateDate = generateMandateDate(oaParam, authData);
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
@@ -301,7 +284,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
mandateDate,
authBlock,
ilAssertion,
- session.getBkuURL(),
+ authData.getBkuURL(),
signerCertificateBase64,
oaParam.getBusinessService(),
oaAttributes,
@@ -314,24 +297,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
prPerson,
authBlock,
ilAssertion,
- session.getBkuURL(),
+ authData.getBkuURL(),
signerCertificateBase64,
oaParam.getBusinessService(),
- session.getExtendedSAMLAttributesOA(),
+ authData.getExtendedSAMLAttributesOA(),
useCondition,
conditionLength);
}
- authData.setSamlAssertion(samlAssertion);
+ //authData.setSamlAssertion(samlAssertion);
String samlArtifact = new SAMLArtifactBuilder().build(
- session.getAuthURL(), Random.nextRandom(),
+ authData.getIssuer(), Random.nextRandom(),
sourceID);
- storeAuthenticationData(samlArtifact, authData);
+ storeAuthenticationData(samlArtifact, samlAssertion);
- Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
- + " angelegt, SAML Artifakt " + samlArtifact);
+ Logger.info("Anmeldedaten angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
} catch (Throwable ex) {
@@ -341,21 +323,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(AuthenticationSession session,
- OAAuthParameter oaParam, AuthenticationData authData
+ private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
- if (session == null)
+ if (authData == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
IdentityLink tempIdentityLink = null;
- Element mandate = session.getMandate();
+ Element mandate = authData.getMandate();
- if (session.getUseMandate()) {
+ if (authData.isUseMandate()) {
tempIdentityLink = new IdentityLink();
Element mandator = ParepUtils.extractMandator(mandate);
String dateOfBirth = "";
@@ -432,7 +413,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String oatargetType;
if(oaParam.getBusinessService()) {
- oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ oatargetType = oaParam.getIdentityLinkDomainIdentifier();
+ else
+ oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier();
} else {
oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
@@ -509,7 +493,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* when SAML artifact is invalid
*/
private void storeAuthenticationData(String samlArtifact,
- AuthenticationData authData) throws AuthenticationException {
+ String samlAssertion) throws AuthenticationException {
try {
SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
@@ -523,7 +507,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
- authenticationDataStore.put(samlArtifact, authData);
+ authenticationDataStore.put(samlArtifact, samlAssertion);
}
} catch (AuthenticationException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index b6a2ac0b6..dafcb9987 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -23,12 +23,15 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.HashMap;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import edu.emory.mathcs.backport.java.util.Arrays;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -41,7 +44,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -54,8 +57,23 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
public static final String GETARTIFACT = "GetArtifact";
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ @SuppressWarnings("unchecked")
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.BPK_NAME,
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.GIVEN_NAME_NAME,
+ PVPConstants.PRINCIPAL_NAME_NAME,
+ PVPConstants.BIRTHDATE_NAME,
+ PVPConstants.EID_CCS_URL_NAME,
+ PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME,
+ PVPConstants.EID_IDENTITY_LINK_NAME,
+ PVPConstants.EID_SOURCE_PIN_NAME,
+ PVPConstants.EID_SOURCE_PIN_TYPE_NAME
+ });
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
static {
actions.put(GETARTIFACT, new GetArtifactAction());
@@ -139,12 +157,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
new Object[] { oaURL });
}
- config.setSourceID(sourceID);
-
+ config.setSourceID(sourceID);
config.setTarget(oaParam.getTarget());
-
-// request.getSession().setAttribute(PARAM_OA, oaURL);
-// request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
+
return config;
}
@@ -157,7 +172,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
- String url = "RedirectServlet";
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = response.encodeRedirectURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 72adfe0e7..9bf88534f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -22,7 +22,19 @@
*/
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -48,4 +60,37 @@ public class SAML1RequestImpl extends RequestImpl {
this.sourceID = sourceID;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+
+ List<String> reqAttr = new ArrayList<String>();
+ reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
+
+ try {
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL());
+ OASAML1 saml1 = oa.getSAML1Parameter();
+ if (saml1 != null) {
+ if (saml1.isProvideAUTHBlock())
+ reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
+
+ if (saml1.isProvideCertificate())
+ reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+
+ if (saml1.isProvideFullMandatorData())
+ reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+ }
+
+ return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+
+ } catch (ConfigurationException e) {
+ Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+ return null;
+ }
+
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 2f6dfe555..307715324 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;
@@ -13,17 +12,17 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
+
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
@@ -47,7 +46,7 @@ public class AttributeCollector implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -108,7 +107,7 @@ public class AttributeCollector implements IAction {
// read configuration parameters of OA
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()});
// find the attribute provider plugin that can handle the response
IPersonalAttributeList newAttributes = null;
@@ -134,7 +133,14 @@ public class AttributeCollector implements IAction {
addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
// see if we need some more attributes
- return processRequest(container, httpReq, httpResp, moasession, oaParam);
+ SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
+
+ if (sloInfo == null) {
+ sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule());
+ }
+
+ return sloInfo;
+
}
/**
@@ -145,7 +151,7 @@ public class AttributeCollector implements IAction {
* @return the string
* @throws MOAIDException
*/
- public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
+ public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
// check if there are attributes we need to fetch
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
@@ -193,7 +199,7 @@ public class AttributeCollector implements IAction {
//aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession);
//aquiredAttributes = currentProvider.acquire(missingAttributes, container.getRequest().getSpCountry(), moasession);
- aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), moasession);
+ aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), authData);
Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'");
break;
@@ -222,7 +228,7 @@ public class AttributeCollector implements IAction {
else
new ConsentEvaluator().generateSTORKResponse(response, container);
- return "12345"; // AssertionId
+ return null; // AssertionId
// TODO
} catch (ExternalAttributeRequestRequiredException e) {
@@ -250,7 +256,8 @@ public class AttributeCollector implements IAction {
throw new MOAIDException("stork.11", null);
}
- return "12345"; // TODO what to do here?
+ //TODO: in case of Single LogOut -> SLO information has to be stored
+ return null; // TODO what to do here?
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
index d7a4bfcc2..7647c8e89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java
@@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -25,15 +26,15 @@ public interface AttributeProvider {
*
* @param attributes the list of attributes to be acquired
* @param spCountyCode the sp county code
- * @param moasession the moasession
+ * @param authData the moasession
* @return the personal attribute
* @throws UnsupportedAttributeException the unsupported attribute exception
* @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done
* @throws MOAIDException the mOAID exception
*/
- public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
+ public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
- public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException;
/**
* Perform redirect.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 51ec1fff3..0312f776b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -5,7 +5,11 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -41,13 +45,13 @@ public class AuthenticationRequest implements IAction {
private VelocityEngine velocityEngine;
- private AuthenticationSession moaSession = null;
+ private IAuthData authData = null;
private MOASTORKRequest moaStorkRequest = null;
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
- this.moaSession = moasession;
+ this.authData = authData;
if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) {
@@ -56,9 +60,10 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Entering MOASTORKRequest");
httpResp.reset();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
@@ -84,7 +89,7 @@ public class AuthenticationRequest implements IAction {
// }
// Get personal attributtes from MOA/IdentityLink
- moaStorkResponse.setPersonalAttributeList(populateAttributes());
+ moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam));
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -105,7 +110,7 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
}
// check if we are getting request for citizen of some other country
else if (req instanceof MOASTORKRequest) {
@@ -125,7 +130,7 @@ public class AuthenticationRequest implements IAction {
/*
Handles STORKAuthnRequeste received for citizens of other countries
*/
- private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
+ private SLOInformationInterface handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest();
STORKAuthnRequest storkAuthnRequest = null;
@@ -140,7 +145,7 @@ public class AuthenticationRequest implements IAction {
throw new MOAIDException("stork.05", null); // TODO
}
-
+ //TODO: in case of Single LogOut -> SLO information has to be stored
// check if citizen country is configured in the system
if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) {
Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode);
@@ -205,15 +210,18 @@ public class AuthenticationRequest implements IAction {
e.printStackTrace();
}
- // preparing redirection for the client
+ // preparing redirection for the client
performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp);
- return "xxxx";// TODO
+
+ SLOInformationImpl sloInfo = new SLOInformationImpl();
+ sloInfo.setProtocolType(moastorkRequest.requestedModule());
+ return sloInfo;
}
/*
Handles STORKAuthnResponse received from PEPS (return to SP)
*/
- private String handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
+ private SLOInformationInterface handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
STORKAuthnResponse authnResponse = null;
@@ -257,7 +265,8 @@ public class AuthenticationRequest implements IAction {
// preparing redirection for the client
performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp);
- return "yyyyy"; // TODO
+
+ return null;
}
/*
@@ -392,16 +401,16 @@ public class AuthenticationRequest implements IAction {
// does nothing
- public void mandate(AuthenticationSession moasession) {
+ public void mandate(IAuthData authData) {
- if (moasession.getUseMandate()) {
+ if (authData.isUseMandate()) {
try {
- MISMandate mandate = moasession.getMISMandate();
+ MISMandate mandate = authData.getMISMandate();
String owbpk = mandate.getOWbPK();
byte[] mand = mandate.getMandate();
String profprep = mandate.getProfRep();
//String textdesc = mandate.getTextualDescriptionOfOID();
- Element mndt = moasession.getMandate();
+ Element mndt = authData.getMandate();
iterate(mndt.getAttributes());
Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
@@ -413,14 +422,14 @@ public class AuthenticationRequest implements IAction {
}
- public PersonalAttributeList populateAttributes() {
+ public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) {
IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
- MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
+ MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest);
try {
for (PersonalAttribute personalAttribute : attrLst) {
@@ -431,10 +440,8 @@ public class AuthenticationRequest implements IAction {
Logger.error("Exception, attributes: " + e.getMessage());
}
- Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock());
- Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName());
- Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier());
- Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken());
+ Logger.debug("AUTHBLOCK " + authData.getAuthBlock());
+ Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier());
return attributeList;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 9a3376e4c..d827e73cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -7,7 +7,9 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -40,7 +42,7 @@ public class ConsentEvaluator implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -64,7 +66,7 @@ public class ConsentEvaluator implements IAction {
// build and send response
generateSTORKResponse(httpResp, container);
- return "12345"; // AssertionId
+ return null; // AssertionId
}
/**
@@ -76,7 +78,7 @@ public class ConsentEvaluator implements IAction {
* @return the string
* @throws MOAIDException the mOAID exception
*/
- public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException {
+ public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
// prepare redirect
String newArtifactId;
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
index c132d5640..2c4793f8f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
@@ -19,6 +19,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -51,7 +52,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession)
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData)
throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException, MOAIDException {
@@ -94,7 +95,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
requestBodyElem.addAttribute(envelope.createName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService");
SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK");
- requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH"));
+
+ //TODO: CHECK: IdentificationValue containts wbPK if MOA-ID is used as VIDP
+ requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(authData.getIdentificationValue(), "GH"));
requestMessage.saveChanges();
@@ -190,7 +193,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
// add stork id for verification
ArrayList<String> value = new ArrayList<String>();
- value.add(new BPKBuilder().buildStorkeIdentifier(moasession.getIdentityLink(), spCountryCode));
+ value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode));
result.add(new PersonalAttribute("eIdentifier", false, value, "Available"));
return result;
@@ -200,9 +203,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
}
@Override
- public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
if (attributes.size() == 1) {
- return acquire(attributes.get(0), spCountyCode, moasession);
+ return acquire(attributes.get(0), spCountyCode, authData);
} else {
throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index a5a91fa55..d7927a917 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,8 +1,11 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.Serializable;
+import java.util.List;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
@@ -14,7 +17,7 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse;
*
* @author bsuzic
*/
-public class MOASTORKRequest implements IRequest, Serializable {
+public class MOASTORKRequest extends RequestImpl {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 4581953368724501376L;
@@ -22,15 +25,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
/** The request id. */
private String requestID;
- /** The target. */
- private String target = null;
-
- /** The module. */
- String module = null;
-
- /** The action. */
- String action = null;
-
/** The stork authn request. */
private STORKAuthnRequest storkAuthnRequest;
@@ -128,41 +122,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
- */
- public String requestedModule() {
- return this.module;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
- */
- public String requestedAction() {
- return action;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String)
- */
- public void setModule(String module) {
- this.module = module;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String)
- */
- public void setAction(String action) {
- this.action = action;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget()
- */
- public String getTarget() {
- return this.target;
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String)
*/
public void setRequestID(String id) {
@@ -211,4 +170,31 @@ public class MOASTORKRequest implements IRequest, Serializable {
else
return this.storkAuthnRequest.getAssertionConsumerServiceURL();
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+ */
+ @Override
+ public String getRequestedIDP() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse()
+ */
+ @Override
+ public MOAResponse getInterfederationResponse() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index 7d9e20cd0..2cd0e1d57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttributeList;
@@ -8,13 +9,16 @@ import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.auth.commons.STORKAuthnResponse;
import java.io.Serializable;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
/**
* Implements MOA request and stores StorkAuthn/Attr-Request related data.
*
* @author bsuzic
*/
-public class MOASTORKResponse implements IRequest, Serializable {
+public class MOASTORKResponse extends RequestImpl {
/**
* The Constant serialVersionUID.
@@ -257,5 +261,14 @@ public class MOASTORKResponse implements IRequest, Serializable {
this.action = action;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+ */
+ @Override
+ public List<Attribute> getRequestedAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
index d4f7066d0..edba7b754 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
@@ -4,6 +4,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -48,7 +49,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
return "MandateAttributeRequestProvider";
}
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName());
this.spCountryCode = spCountryCode;
requestedAttributes = new PersonalAttributeList(1);
@@ -69,7 +70,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
}
@Override
- public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountryCode, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
Logger.info("Acquiring " + attributes.size() + " attributes, by: " + getAttrProviderName());
this.spCountryCode = spCountryCode;
requestedAttributes = new PersonalAttributeList(attributes.size());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 9c7f45146..811d828e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -28,28 +30,26 @@ import javax.xml.namespace.QName;
import java.io.StringWriter;
import java.math.BigInteger;
import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
/**
*
*/
public class MandateRetrievalRequest implements IAction {
- private AuthenticationSession moaSession;
+ private IAuthData authData;
private MOASTORKRequest moaStorkRequest;
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
Logger.debug("Entering AttributeRequest for MandateProvider");
httpResp.reset();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
- this.moaSession = moasession;
+ this.authData = authData;
if ((req instanceof MOASTORKRequest)) {
this.moaStorkRequest = (MOASTORKRequest) req;
@@ -63,10 +63,10 @@ public class MandateRetrievalRequest implements IAction {
MandateContainer mandateContainer = null;
try {
- mandateContainer = new CorporateBodyMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex) {
try {
- mandateContainer = new PhyPersonMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8"));
+ mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex2) {
Logger.error("Could not extract data and create mandate container.");
throw new MOAIDException("stork.16", new Object[] {}); // TODO
@@ -285,6 +285,4 @@ public class MandateRetrievalRequest implements IAction {
public String getDefaultActionName() {
return STORKProtocol.MANDATERETRIEVALREQUEST;
}
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index e93a7ec87..ed9c45126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -147,6 +147,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORK2Request.setSTORKAuthnRequest(authnRequest);
STORK2Request.setSTORKAttrRequest(attrRequest);
+
return STORK2Request;
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
index 89eb07815..553063ae8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
@@ -16,6 +16,7 @@ import org.apache.velocity.app.VelocityEngine;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
@@ -56,7 +57,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider {
* at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java
* .lang.String)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException,
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException,
ExternalAttributeRequestRequiredException {
if(!attributes.contains(attribute.getName())) {
throw new UnsupportedAttributeException();
@@ -126,4 +127,24 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider {
}
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes,
+ String spCountyCode, IAuthData authData)
+ throws UnsupportedAttributeException,
+ ExternalAttributeRequestRequiredException, MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames()
+ */
+ @Override
+ public List<String> getSupportedAttributeNames() throws MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
index c0e613b82..3a73dafae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java
@@ -1,6 +1,8 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import java.io.StringWriter;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -11,6 +13,7 @@ import org.apache.velocity.app.VelocityEngine;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -55,7 +58,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
*/
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession)
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData)
throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
if (!attributes.contains(attribute.getName()))
@@ -158,5 +161,26 @@ public class StorkAttributeRequestProvider implements AttributeProvider {
Logger.info("STORK AttrRequest successfully rendered!");
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public IPersonalAttributeList acquire(List<PersonalAttribute> attributes,
+ String spCountyCode, IAuthData authData)
+ throws UnsupportedAttributeException,
+ ExternalAttributeRequestRequiredException, MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames()
+ */
+ @Override
+ public List<String> getSupportedAttributeNames() throws MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 34add9895..f094dfabf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -54,6 +54,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -78,7 +79,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) {
@@ -116,7 +117,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) {
@@ -149,13 +150,13 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
* @param clientIPAddress client IP address
* @return header or parameter value resolved; <code>null</code> if unknown name is given
*/
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
+ private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) {
if (predicate.equals(MOAGivenName))
return authData.getGivenName();
if (predicate.equals(MOAFamilyName))
return authData.getFamilyName();
if (predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if (predicate.equals(MOABPK))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index cd751b7ee..d432f8c41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -50,6 +50,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
/**
* Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
@@ -102,7 +103,7 @@ public interface LoginParameterResolver {
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
@@ -122,7 +123,7 @@ public interface LoginParameterResolver {
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 9f3de08aa..a5c632077 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -77,6 +77,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -373,7 +374,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
@@ -447,7 +448,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
public Map getAuthenticationParameters(
OAConfiguration oaConf,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress,
boolean businessService,
String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
@@ -511,14 +512,14 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
*/
private static String resolveValue(
String predicate,
- AuthenticationData authData,
+ SAML1AuthenticationData authData,
String clientIPAddress) {
if (predicate.equals("MOAGivenName"))
return authData.getGivenName();
if (predicate.equals("MOAFamilyName"))
return authData.getFamilyName();
if (predicate.equals("MOADateOfBirth"))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if (predicate.equals("MOABPK"))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index 2760a736b..740421024 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -48,10 +48,12 @@ package at.gv.egovernment.moa.id.proxy;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import java.io.IOException;
import java.util.*;
+
import org.apache.xerces.parsers.DOMParser;
import org.w3c.dom.*;
@@ -196,7 +198,7 @@ public class XMLLoginParameterResolverPlainData
}
//TODO document
- public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
+ public Map getAuthenticationHeaders(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("basic"))
@@ -318,7 +320,7 @@ public class XMLLoginParameterResolverPlainData
return result;
}
- public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
+ public Map getAuthenticationParameters(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
{
Map result = new HashMap();
if(oaConf.getAuthType().equals("param"))
@@ -336,14 +338,14 @@ public class XMLLoginParameterResolverPlainData
return result;
}
- private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress)
+ private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress)
{
if(predicate.equals(MOAGivenName))
return authData.getGivenName();
if(predicate.equals(MOAFamilyName))
return authData.getFamilyName();
if(predicate.equals(MOADateOfBirth))
- return authData.getDateOfBirth();
+ return authData.getFormatedDateOfBirth();
if(predicate.equals(MOABPK))
return authData.getBPK();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index 0ef2077a3..26da33e34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
@@ -107,7 +108,7 @@ public class GetAuthenticationDataInvoker {
* @return AuthenticationData
* @throws MOAIDException
*/
- public AuthenticationData getAuthenticationData(String samlArtifact)
+ public SAML1AuthenticationData getAuthenticationData(String samlArtifact)
throws MOAIDException {
ConnectionParameter authConnParam =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 35f72d36d..ebda8dae0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -50,6 +50,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -147,11 +148,11 @@ public class AuthenticationDataAssertionParser implements Constants {
* @return <code>AuthenticationData</code> object
* @throws ParseException on any error
*/
- public AuthenticationData parseAuthenticationData()
+ public SAML1AuthenticationData parseAuthenticationData()
throws ParseException {
try {
- AuthenticationData authData = new AuthenticationData();
+ SAML1AuthenticationData authData = new SAML1AuthenticationData();
//ÄNDERN: NUR der Identification-Teil
authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
authData.setMajorVersion(new Integer(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
index 9835c554d..cec8dbe6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
@@ -51,6 +51,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -130,7 +131,7 @@ public class SAMLResponseParser implements Constants {
* @return <code>AuthenticationData</code> object
* @throws ParseException on any parsing error
*/
- public AuthenticationData parseAuthenticationData()
+ public SAML1AuthenticationData parseAuthenticationData()
throws ParseException {
Element samlAssertion;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 52f72f577..9447f2e35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -84,6 +84,7 @@ import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
@@ -232,7 +233,7 @@ public class ProxyServlet extends HttpServlet {
// boolean targetprovided = req.getParameter(PARAM_TARGET) != null;
// get authentication data from the MOA-ID Auth component
- AuthenticationData authData;
+ SAML1AuthenticationData authData;
try {
authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index 6d8979da3..890ec9f0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -31,9 +31,11 @@ import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -82,10 +84,41 @@ public class AssertionStorage {
}
- public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException {
+
+ /**
+ * @param samlArtifact
+ * @param class1
+ * @param authdatatimeout
+ * @return
+ * @throws MOADatabaseException
+ * @throws AuthenticationException
+ */
+ public <T> T get(String samlArtifact,
+ final Class<T> clazz) throws MOADatabaseException {
+
+ try {
+ return get(samlArtifact, clazz, -1);
+
+ } catch (AuthenticationException e) {
+ //this execption only occurs if an additional timeOut is used
+ Logger.error("This exeption should not occur!!!!", e);
+ return null;
+ }
+ }
+
+ public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException {
AssertionStore element = searchInDatabase(artifact);
+ if (authdatatimeout > -1) {
+ //check timeout
+ long now = new Date().getTime();
+
+ if (now - element.getDatatime().getTime() > authdatatimeout)
+ throw new AuthenticationException("1207", new Object[] { artifact });
+ }
+
+
//Deserialize Assertion
Object data = SerializationUtils.deserialize(element.getAssertion());
@@ -118,7 +151,7 @@ public class AssertionStorage {
if (results.size() != 0) {
for(AssertionStore result : results) {
try {
- MOASessionDBUtils.delete(result);
+ cleanDelete(result);
Logger.info("Remove sessioninformation with ID=" + result.getArtifact()
+ " after timeout.");
@@ -135,7 +168,7 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
- MOASessionDBUtils.delete(element);
+ cleanDelete(element);
Logger.info("Remove sessioninformation with ID" + artifact);
@@ -148,6 +181,23 @@ public class AssertionStorage {
}
}
+ private void cleanDelete(AssertionStore element) {
+ try {
+ element.setAssertion(new byte[]{});
+ MOASessionDBUtils.saveOrUpdate(element);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e);
+
+ } finally {
+ if (!MOASessionDBUtils.delete(element))
+ Logger.error("ShortTime session with artifact=" + element.getArtifact()
+ + " not removed! (Error during Database communication)");
+
+ }
+
+ }
+
@SuppressWarnings("rawtypes")
private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
MiscUtil.assertNotNull(artifact, "artifact");
@@ -158,7 +208,7 @@ public class AssertionStorage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setString("artifact", artifact);
+ query.setParameter("artifact", artifact);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index e6efa0256..26922a13b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -22,10 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.storage;
+import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang.SerializationUtils;
+import org.apache.commons.lang.StringEscapeUtils;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
@@ -36,10 +38,15 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
@@ -62,21 +69,6 @@ public class AuthenticationSessionStoreage {
}
}
- public static void setAuthenticated(String moaSessionID, boolean value) {
-
- AuthenticatedSessionStore session;
-
- try {
- session = searchInDatabase(moaSessionID);
- session.setAuthenticated(value);
- MOASessionDBUtils.saveOrUpdate(session);
-
-
- } catch (MOADatabaseException e) {
- Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
- }
- }
-
public static AuthenticationSession createSession() throws MOADatabaseException {
String id = Random.nextRandom();
AuthenticationSession session = new AuthenticationSession(id);
@@ -103,44 +95,39 @@ public class AuthenticationSessionStoreage {
return session;
}
-
- public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+
+ public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- MOASessionDBUtils.saveOrUpdate(dbsession);
- Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
-
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return decryptSession(dbsession);
+
} catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
- }
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
+ }
+
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
+ storeSession(session, null);
}
public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setPendingRequestID(pendingRequestID);
-
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
+ if (MiscUtil.isNotEmpty(pendingRequestID))
+ dbsession.setPendingRequestID(pendingRequestID);
+
+ encryptSession(session, dbsession);
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setAuthenticated(session.isAuthenticated());
dbsession.setUpdated(new Date());
MOASessionDBUtils.saveOrUpdate(dbsession);
@@ -152,10 +139,9 @@ public class AuthenticationSessionStoreage {
}
}
-
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = MOASessionDBUtils.getCurrentSession();
+ Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
@@ -163,7 +149,7 @@ public class AuthenticationSessionStoreage {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", moaSessionID);
+ query.setParameter("sessionid", moaSessionID);
result = query.list();
@@ -175,11 +161,9 @@ public class AuthenticationSessionStoreage {
throw new MOADatabaseException("No session found with this sessionID");
}
- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
-
- //delete MOA Session
- session.delete(dbsession);
- session.getTransaction().commit();
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
+ session.getTransaction().commit();
+ cleanDelete(dbsession);
}
}
@@ -196,16 +180,11 @@ public class AuthenticationSessionStoreage {
+ "to " + id);
session.setSessionID(id);
+ encryptSession(session, dbsession);
dbsession.setSessionid(id);
dbsession.setAuthenticated(session.isAuthenticated());
-
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
+
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -219,9 +198,94 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("TODO!", null);
}
}
+
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
+
+ public static String getMOASessionSSOID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+ }
+
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.isSSOSession();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ }
+ }
+
+ public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0);
+ }
+ }
+
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
- String assertionID, String OAUrl) throws AuthenticationException {
+ SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException {
AuthenticatedSessionStore dbsession;
Transaction tx = null;
@@ -237,7 +301,7 @@ public class AuthenticationSessionStoreage {
tx = session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", moaSessionID);
+ query.setParameter("sessionid", moaSessionID);
result = query.list();
@@ -251,13 +315,34 @@ public class AuthenticationSessionStoreage {
}
dbsession = (AuthenticatedSessionStore) result.get(0);
-
+
+ OASessionStore activeOA = null;
+ //check if OA already has an active OA session
+ if (dbsession.getActiveOAsessions() != null) {
+ for (OASessionStore el : dbsession.getActiveOAsessions()) {
+ if (el.getOaurlprefix().equals(OAUrl))
+ activeOA = el;
+ }
+ }
+
+ if (activeOA == null)
+ activeOA = new OASessionStore();
+
//set active OA applications
- OASessionStore activeOA = new OASessionStore();
activeOA.setOaurlprefix(OAUrl);
activeOA.setMoasession(dbsession);
activeOA.setCreated(new Date());
- activeOA.setAssertionSessionID(assertionID);
+
+ //set additional information for SLO
+ if (SLOInfo != null) {
+ activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
+ activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
+ activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
+ activeOA.setProtocolType(SLOInfo.getProtocolType());
+ activeOA.setAttributeQueryUsed(false);
+
+
+ }
List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
activeOAs.add(activeOA);
@@ -286,7 +371,7 @@ public class AuthenticationSessionStoreage {
tx.commit();
Logger.debug("Add SSO-Session login information for OA: " + OAUrl
- + " and AssertionID: " + assertionID);
+ + " and AssertionID: " + SLOInfo.getSessionIndex());
}
} catch (MOADatabaseException e) {
@@ -298,56 +383,75 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
}
}
-
-
- public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID());
+ return dbsession.getActiveOAsessions();
- //decrypt Session
- EncryptedData encdata = new EncryptedData(dbsession.getSession(),
- dbsession.getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
-
- AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
- return session;
-
} catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
- } catch (Throwable e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
- throw new MOADatabaseException("MOASession deserialization-exception");
}
+
+ return null;
}
- public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.isSSOSession();
+ public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(userNameID, "userNameID");
+ Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ + oaID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
+ query.setParameter("oaID", oaID);
+ query.setParameter("nameID", userNameID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No unique entry found.");
+ return null;
+
+ }
+ try {
+ return decryptSession(result.get(0));
- } catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ } catch (BuildException e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
+ return null;
}
-
-
}
- public static String getMOASessionID(String SSOSessionID) {
- MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(protocolType, "usedProtocol");
+ Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ + oaID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setString("sessionid", SSOSessionID);
+ Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("oaID", oaID);
+ query.setParameter("protocol", protocolType);
result = query.list();
//send transaction
@@ -357,29 +461,71 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
- return null;
-
- } else {
- return result.get(0).getSessionid();
-
+ return null;
+
}
+ return result.get(0).getActiveOAsessions().get(0);
}
- public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
-
- MiscUtil.assertNotNull(SSOId, "SSOSessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ public static String getPendingRequestID(String sessionID) {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.getPendingRequestID();
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession with ID " + sessionID + " not found");
+ return "";
+ }
+ }
+
+ public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ try {
+ MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
+ Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", pedingRequestID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
+ return null;
+ }
+ }
+
+ public static boolean deleteSessionWithPendingRequestID(String id) {
+ MiscUtil.assertNotNull(id, "PendingRequestID");
+ Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setString("sessionid", SSOId);
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", id);
result = query.list();
//send transaction
@@ -394,22 +540,91 @@ public class AuthenticationSessionStoreage {
return false;
} else {
+ cleanDelete(result.get(0));
return true;
}
+
+ }
+
+ public static AuthenticationSession getSessionWithUserNameID(String nameID) {
+
+ try {
+ MiscUtil.assertNotNull(nameID, "nameID");
+ Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionWithUserNameID");
+ query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
+ return null;
+ }
+
+ }
+
+ public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
+ MiscUtil.assertNotNull(sessionID, "MOASession");
+ Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
+ query.setParameter("sessionID", sessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
+
+ return result.get(0).getInderfederation().get(0);
}
- public static boolean deleteSessionWithPendingRequestID(String id) {
- MiscUtil.assertNotNull(id, "PendingRequestID");
- Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
+ public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
+ MiscUtil.assertNotNull(sessionID, "MOASession");
+ MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
+ Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setString("sessionid", id);
+ Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
+ query.setParameter("sessionID", sessionID);
+ query.setParameter("idpID", idpID);
result = query.list();
//send transaction
@@ -419,33 +634,138 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
- return false;
-
- } else {
- MOASessionDBUtils.delete(result.get(0));
- return true;
+ return null;
+
}
-
-
+
+ return result.get(0).getInderfederation().get(0);
}
- public static String getPendingRequestID(String sessionID) {
+ public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption {
+ AuthenticatedSessionStore dbsession = null;
+
+ //search for active SSO session
+ if (MiscUtil.isNotEmpty(ssoID)) {
+ String moaSession = getMOASessionSSOID(ssoID);
+ if (MiscUtil.isNotEmpty(moaSession)) {
+ try {
+ dbsession = searchInDatabase(moaSession);
+
+ }catch (MOADatabaseException e) {
+
+ }
+ }
+ }
+
+ String id = null;
+ Date now = new Date();
+
+ //create new MOASession if any exists
+ if (dbsession == null) {
+ id = Random.nextRandom();
+ dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setCreated(now);
+
+ } else {
+ id = dbsession.getSessionid();
+
+ }
+
+ dbsession.setInterfederatedSSOSession(true);
+ dbsession.setAuthenticated(isAuthenticated);
+ dbsession.setUpdated(now);
+
+ AuthenticationSession session = new AuthenticationSession(id);
+ session.setAuthenticated(true);
+ session.setAuthenticatedUsed(false);
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //add interfederation information
+ List<InterfederationSessionStore> idpList = dbsession.getInderfederation();
+ InterfederationSessionStore idp = null;
+ if (idpList == null) {
+ idpList = new ArrayList<InterfederationSessionStore>();
+ dbsession.setInderfederation(idpList);
+
+ } else {
+ for (InterfederationSessionStore el : idpList) {
+ //resue old entry if interfederation IDP is reused for authentication
+ if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID()))
+ idp = el;
+
+ }
+ }
+
+ //create new interfederation IDP entry
+ if (idp == null) {
+ idp = new InterfederationSessionStore();
+ idp.setCreated(now);
+ idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
+ idp.setMoasession(dbsession);
+ idpList.add(idp);
+
+ }
+ AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());
+ idp.setSessionIndex(extract.getSessionIndex());
+ idp.setUserNameID(extract.getNameID());
+ idp.setAttributesRequested(false);
+ idp.setQAALevel(extract.getQAALevel());
+
+ //store AssertionStore element to Database
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.getPendingRequestID();
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Logger.info("MOASession with sessionID=" + id + " is stored in Database");
} catch (MOADatabaseException e) {
- Logger.warn("MOASession with ID " + sessionID + " not found");
- return "";
+ Logger.warn("MOASession could not be created.");
+ throw new MOADatabaseException(e);
}
+ return id;
}
- public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+ Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
+
+ return result.get(0).getInderfederation().get(0);
+ }
+
+ /**
+ * @param entityID
+ * @param requestID
+ */
+ public static boolean removeInterfederetedSession(String entityID,
+ String pedingRequestID) {
try {
+ Logger.debug("Remove interfederated IDP from local SSO session ...");
+
MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -455,7 +775,7 @@ public class AuthenticationSessionStoreage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setString("sessionid", pedingRequestID);
+ query.setParameter("sessionid", pedingRequestID);
result = query.list();
//send transaction
@@ -467,20 +787,27 @@ public class AuthenticationSessionStoreage {
//Assertion requires an unique artifact
if (result.size() != 1) {
Logger.trace("No entries found.");
- return null;
+ return false;
}
- //decrypt Session
- EncryptedData encdata = new EncryptedData(result.get(0).getSession(),
- result.get(0).getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
- return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
+ AuthenticatedSessionStore authsession = result.get(0);
+
+ List<InterfederationSessionStore> idpSessions = authsession.getInderfederation();
+ if (idpSessions != null) {
+ for (InterfederationSessionStore idp : idpSessions) {
+ if (idp.getIdpurlprefix().equals(entityID))
+ idpSessions.remove(idp);
+
+ }
+ }
+
+ MOASessionDBUtils.saveOrUpdate(authsession);
+ return true;
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
- return null;
- }
+ return false;
+ }
}
public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
@@ -502,7 +829,7 @@ public class AuthenticationSessionStoreage {
if (results.size() != 0) {
for(AuthenticatedSessionStore result : results) {
try {
- MOASessionDBUtils.delete(result);
+ cleanDelete(result);
Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ " after session timeout.");
@@ -510,11 +837,43 @@ public class AuthenticationSessionStoreage {
Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ " not removed after timeout! (Error during Database communication)", e);
}
-
}
}
}
+ private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ dbsession.setSession(encdata.getEncData());
+ dbsession.setIv(encdata.getIv());
+ }
+
+ private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException {
+ EncryptedData encdata = new EncryptedData(dbsession.getSession(),
+ dbsession.getIv());
+ byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
+
+ return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+
+ }
+
+ private static void cleanDelete(AuthenticatedSessionStore result) {
+ try {
+ result.setSession(new byte[] {});
+ MOASessionDBUtils.saveOrUpdate(result);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
+
+ } finally {
+ if (!MOASessionDBUtils.delete(result))
+ Logger.error("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed! (Error during Database communication)");
+
+ }
+ }
+
@SuppressWarnings("rawtypes")
private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
@@ -526,7 +885,7 @@ public class AuthenticationSessionStoreage {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithID");
- query.setString("sessionid", sessionID);
+ query.setParameter("sessionid", sessionID);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
index ae8e5ee27..054ad1014 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
@@ -154,7 +154,7 @@ public class DBExceptionStoreImpl implements IExceptionStore {
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getExceptionWithID");
- query.setString("id", id);
+ query.setParameter("id", id);
result = query.list();
//send transaction
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
new file mode 100644
index 000000000..aff7e5057
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.util.Messages;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ErrorResponseUtils {
+
+ public static final String INTERNALERRORCODE = "9199";
+
+ private static ErrorResponseUtils instance = null;
+ private static final String[] DEFAULT_MESSAGE_RESOURCES =
+ { "resources/properties/protocol_response_statuscodes" };
+ private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+ new Locale[] { new Locale("de", "AT") };
+ private Messages messages = null;
+
+
+ public static ErrorResponseUtils getInstance() {
+ if (instance == null) {
+ instance = new ErrorResponseUtils(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+
+ }
+ return instance;
+ }
+
+ private ErrorResponseUtils(String[] resourceNames, Locale[] locales) {
+ this.messages = new Messages(resourceNames, locales);
+ }
+
+ public String getResponseErrorCode(Throwable throwable) {
+ String errorCode = null;
+
+ if (throwable instanceof BKUException) {
+ BKUException error = (BKUException) throwable;
+ errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
+ error.getBkuErrorCode();
+
+ } else if (throwable instanceof MISSimpleClientException) {
+ MISSimpleClientException error = (MISSimpleClientException) throwable;
+
+ if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
+ errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
+ error.getMISErrorCode();
+ else
+ errorCode = mapInternalErrorToExternalError(error.getMessageId());
+
+ } else if (throwable instanceof MOAIDException) {
+ MOAIDException error = (MOAIDException) throwable;
+ errorCode = mapInternalErrorToExternalError(error.getMessageId());
+
+ } else {
+ errorCode = INTERNALERRORCODE;
+
+ }
+
+ return errorCode;
+
+ }
+
+ public String mapInternalErrorToExternalError(String intErrorCode) {
+ String extErrorCode = messages.getMessage(intErrorCode, null);
+
+ if (MiscUtil.isEmpty(extErrorCode))
+ extErrorCode = INTERNALERRORCODE;
+
+ return extErrorCode;
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index ed3f297c7..81abe3f5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,11 +46,7 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIConfiguration;
import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.provider.IAIK;
import java.io.BufferedInputStream;
@@ -62,26 +58,19 @@ import java.io.Reader;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
/**
@@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class SSLUtils {
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
public static void initialize() {
- sslSocketFactories = new HashMap<String, SSLSocketFactory>();
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
@@ -132,61 +114,38 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
-
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
-
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
-
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
-
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+
+ String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
+ try {
+ SSLSocketFactory ssf =
+ at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ connParam.getUrl(),
+ conf.getCertstoreDirectory(),
+ trustStoreURL,
+ acceptedServerCertURL,
+ AuthConfigurationProvider.getInstance().getDefaultChainingMode(),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(),
+ connParam.getClientKeyStore(),
+ connParam.getClientKeyStorePassword(),
+ "pkcs12");
+
+ return ssf;
+
+ } catch (SSLConfigurationException e) {
+ throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+
+ }
}
-
- /**
- * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
/**
* Reads a file, given by URL, into a byte array,
* securing the connection by IAIKX509TrustManager.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 385dd753c..f7785d2c2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
import java.io.Serializable;
+import at.gv.egovernment.moa.util.MiscUtil;
+
public class MISMandate implements Serializable{
private static final long serialVersionUID = 1L;
@@ -90,16 +92,21 @@ public class MISMandate implements Serializable{
}
public String getTextualDescriptionOfOID() {
- if (this.oid.equalsIgnoreCase(OID_NOTAR))
- return TEXT_NOTAR;
- if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
- return TEXT_RECHTSANWALT;
- if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
- return TEXT_ZIVILTECHNIKER;
- if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
- return TEXT_ORGANWALTER;
+ if (MiscUtil.isNotEmpty(this.oid)) {
+ if (this.oid.equalsIgnoreCase(OID_NOTAR))
+ return TEXT_NOTAR;
+ if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
+ return TEXT_RECHTSANWALT;
+ if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
+ return TEXT_ZIVILTECHNIKER;
+ if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
+ return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
+
+ } else {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index b9c4e88b7..aaf793987 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -149,17 +149,17 @@ public class MISSimpleClient {
}
return foundMandates;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, byte[] authBlock, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
- throw new NullPointerException("Argument webServiceURL must not be null.");
+ throw new MISSimpleClientException("service.04");
}
if (idl == null) {
throw new NullPointerException("Argument idl must not be null.");
@@ -224,8 +224,11 @@ public class MISSimpleClient {
targetElement.appendChild(targetTypeElement);
mirElement.appendChild(targetElement);
-
-
+ //add AuthBlock element
+ Element authBlockElement = doc.createElementNS(MIS_NS, "authBlock");
+ authBlockElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(authBlock))));
+ mirElement.appendChild(authBlockElement);
+
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
@@ -253,11 +256,11 @@ public class MISSimpleClient {
return msid;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -271,9 +274,10 @@ public class MISSimpleClient {
if (errorElement != null) {
String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
- throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text, code, text); }
+ throw new MISSimpleClientException("service.05", code, text); }
+
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("auth.15", e);
}
}
@@ -308,19 +312,19 @@ public class MISSimpleClient {
return unpackFromSOAP(doc.getDocumentElement());
} catch(IOException e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.04", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (SAXException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (Exception e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.06", e);
}
@@ -336,7 +340,7 @@ public class MISSimpleClient {
soapBody.appendChild(doc.importNode(element, true));
return soapEnvelope;
} catch(ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -344,7 +348,7 @@ public class MISSimpleClient {
try {
return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);
} catch(TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 3cd8ee24a..c8cca157d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -24,7 +24,6 @@ auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung
auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
-#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
auth.08=In der B\u00FCrgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
auth.09=Zur Auswahlseite der B\u00FCrgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
@@ -33,7 +32,7 @@ auth.11=Die zentral gespeicherte Auswahlseite f\u00FCr B\u00FCrgerkartenumgebung
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
auth.13=Vollmachtenmodus f\u00FCr ausl\u00E4ndische B\u00FCrger wird nicht unterst\u00FCtzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
-auth.15=Fehler bei Anfrage an Vollmachten Service.
+auth.15=Fehler beim validieren der Online-Vollmacht.
auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
auth.17=Vollmachtenmodus f\u00FCr nicht-\u00F6ffentlichen Bereich wird nicht unterst\u00FCtzt.
auth.18=Keine MOASessionID vorhanden
@@ -43,6 +42,7 @@ auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen.
auth.22=Das Protokoll {0} ist deaktiviert.
auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
+auth.25=Fehler beim validieren der SZR-Gateway Response.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -70,7 +70,8 @@ config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionPar
config.17=Fehler beim initialisieren von Hibernate
config.18=Keine MOA-ID 2.x Konfiguration gefunden.
config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.
-config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -87,11 +88,19 @@ builder.02=Fehler beim Ausblenden von Stammzahlen
builder.03=Fehler beim Aufbau des HTML Codes f\u00FCr Vollmachten
builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen.
+builder.07=Fehlerhaftes SecurityLayer Template.
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
service.03=Fehler beim Aufruf des SPSS-API: {0}
+service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar.
+service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1}
+service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service
+service.07=Der SZR-Gateway ist unter {0} nicht erreichbar.
+service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen.
+service.09=Der SZR-Gateway Client konnte nicht initialisiert werden.
cleaner.00=AuthenticationSessionCleaner wurde gestartet
cleaner.01=Fehler im AuthenticationSessionCleaner
@@ -129,7 +138,7 @@ validator.08=Das Manifest ist ung\u00FCltig
validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
validator.10=Anzahl der URLs zur Authentisierungskomponente ung\u00FCltig {0}
-validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.11="Gesch\\u00E4ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
validator.12=Der Namespace des SAML-Attributs "Gesch\\u00E4ftsbereich" ist ung\u00FCltig {0}
validator.13=Das Target des 'Gesch\u00E4ftsbereichs' ist ung\u00FCltig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
@@ -137,7 +146,6 @@ validator.15=Der Namespace des SAML-Attributs "OA" ist ung\u00FCltig {0}
validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung\u00FCltig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul\u00E4ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth?lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
validator.19=Das verwendete Zertifikat zum Signieren ist ung\u00FCltig.<br>{0}
@@ -152,7 +160,7 @@ validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SA
validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
-validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung\u00FCltig {0}
validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
@@ -212,7 +220,7 @@ stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin
stork.14=Es wurde weder Authentifizierungs/ noch Attributerequest empfangen
stork.15=Unbekannte request.
stork.16=Ein Attribute aus zwei verschiedenen Quellen unterscheidet sich\: {0}
-stork.17=Fehler beim Einholen der Zustimmung für Attribut\u00FCbertragung durch den Benutzer
+stork.17=Fehler beim Einholen der Zustimmung f\uFFFDr Attribut\u00FCbertragung durch den Benutzer
stork.18=STORK-SAML Engine konnte nicht initialisiert werden.
pvp2.00={0} ist kein gueltiger consumer service index
@@ -233,6 +241,11 @@ pvp2.14=SAML Anfrage verweigert
pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
+pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abgebrochen werden.
+pvp2.20=Für die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
+pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
+pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler={0}).
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
@@ -241,5 +254,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt
oauth20.05=Der angegebene Benutzer ist nicht berechtigt
oauth20.06=Die angegebene OA kann nicht verwendet werden
oauth20.07=Angeforderter grant_type ist nicht erlaubt
-oauth20.08=Nicht berechtigt f�r Token-Request
+oauth20.08=Nicht berechtigt f\u00FCr Token-Request
oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
new file mode 100644
index 000000000..2a55ea64c
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -0,0 +1,187 @@
+auth.00=1000
+auth.01=1001
+auth.02=1100
+auth.03=9000
+auth.04=9100
+auth.05=1002
+auth.06=6200
+auth.07=1003
+auth.08=40
+auth.09=9100
+auth.10=1002
+auth.11=9100
+auth.12=1002
+auth.13=1007
+auth.14=1004
+auth.15=1108
+auth.16=9102
+auth.17=1006
+auth.18=1100
+auth.20=1100
+auth.21=1005
+auth.22=6000
+auth.23=9000
+auth.24=9001
+auth.25=1109
+
+init.00=9199
+init.01=9199
+init.02=9199
+init.04=9101
+
+config.00=9199
+config.01=9199
+config.02=9199
+config.03=9199
+config.04=9199
+config.05=9199
+config.06=9199
+config.07=9199
+config.08=9199
+config.09=9199
+config.10=9199
+config.11=9199
+config.12=9199
+config.13=9199
+config.14=9199
+config.15=9199
+config.16=9199
+config.17=9199
+config.18=9199
+config.19=9199
+config.20=9199
+config.21=9006
+
+parser.00=1101
+parser.01=1101
+parser.02=1101
+parser.03=1101
+parser.04=1101
+parser.05=1101
+parser.06=1101
+parser.07=1101
+
+builder.00=9102
+builder.01=9103
+builder.02=9102
+builder.03=9102
+builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
+builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=4400
+builder.07=9002
+
+service.00=4300
+service.03=4300
+service.04=41000
+service.05=411
+service.06=41001
+service.07=4200
+service.08=4201
+service.09=9007
+
+validator.00=1102
+validator.01=1102
+validator.02=1102
+validator.03=1102
+validator.04=1102
+validator.05=1102
+
+validator.06=1103
+validator.07=1104
+validator.08=1103
+validator.09=1106
+
+validator.10=1106
+validator.11=1106
+validator.12=1106
+validator.13=1106
+validator.14=1106
+validator.15=1106
+validator.16=1106
+
+validator.17=1104
+validator.18=1104
+
+validator.19=1105
+
+validator.21=1103
+validator.22=1103
+validator.23=1103
+validator.24=1103
+validator.25=1103
+
+validator.26=1106
+validator.27=1106
+validator.28=1106
+validator.29=1106
+validator.30=1106
+validator.31=1106
+
+validator.32=1106
+validator.33=1106
+validator.34=1106
+validator.35=1106
+validator.36=1106
+validator.37=1106
+validator.38=1106
+validator.39=1106
+
+validator.40=9199
+validator.41=9199
+validator.42=9199
+validator.43=9199
+validator.44=9199
+validator.45=9102
+validator.46=9102
+validator.47=9102
+validator.48=9199
+
+validator.49=1104
+validator.50=1106
+
+validator.64=9102
+
+validator.67=1106
+validator.68=1106
+validator.69=1106
+validator.70=1106
+validator.71=1105
+
+ssl.01=1107
+
+stork.00=1200
+stork.01=1200
+stork.02=1200
+stork.04=1201
+stork.05=1201
+stork.06=1202
+stork.07=1201
+stork.08=1201
+stork.09=1201
+stork.10=4200
+stork.11=1203
+stork.12=9003
+stork.13=1203
+stork.14=6001
+stork.15=6001
+stork.16=1203
+stork.17=1203
+stork.18=9004
+
+pvp2.01=6100
+pvp2.06=6100
+pvp2.13=9199
+pvp2.16=6101
+pvp2.17=6102
+pvp2.20=6103
+pvp2.21=6104
+pvp2.22=6105
+
+oauth20.01=6200
+oauth20.06=1000
+oauth20.09=9005
+oauth20.10=9102
+
+##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes
+mis.301=1005
+bku.6001=1005 \ No newline at end of file