aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java207
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java37
4 files changed, 253 insertions, 34 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e86db4a5c..5ffff2787 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1508,6 +1508,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
boolean useUTC = oaParam.getUseUTC();
+ boolean useCondition = oaParam.getUseCondition();
+ int conditionLength = oaParam.getConditionLength();
// builds authentication data and stores it together with a SAML artifact
AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
@@ -1532,7 +1534,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
- session.getExtendedSAMLAttributesOA());
+ session.getExtendedSAMLAttributesOA(),
+ useCondition,
+ conditionLength);
authData.setSamlAssertion(samlAssertion);
String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
@@ -1661,11 +1665,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// e.printStackTrace();
// }
String mandateData = null;
+ boolean useCondition = false;
+ int conditionLength = -1;
try {
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
boolean provideStammzahl = oaParam.getProvideStammzahl();
+ useCondition = oaParam.getUseCondition();
+ conditionLength = oaParam.getConditionLength();
if (!provideStammzahl) {
String isPrPerson = mandatePerson.getAttribute("xsi:type");
@@ -1686,6 +1694,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
}
+
String samlAssertion =
new AuthenticationDataAssertionBuilder().buildMandate(
authData,
@@ -1697,7 +1706,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
session.getSourceID(),
- session.getExtendedSAMLAttributesOA());
+ session.getExtendedSAMLAttributesOA(),
+ useCondition,
+ conditionLength);
authData.setSamlAssertion(samlAssertion);
String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
@@ -1799,6 +1810,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
boolean useUTC = oaParam.getUseUTC();
+ boolean useCondition = oaParam.getUseCondition();
+ int conditionLength = oaParam.getConditionLength();
AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
@@ -1811,7 +1824,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
- session.getExtendedSAMLAttributesOA());
+ session.getExtendedSAMLAttributesOA(),
+ useCondition,
+ conditionLength);
authData.setSamlAssertion(samlAssertion);
String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index b9e44544d..0742261a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
+import java.util.Calendar;
import java.util.List;
import at.gv.egovernment.moa.id.BuildException;
@@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -42,6 +44,10 @@ import at.gv.egovernment.moa.util.StringUtils;
* @version $Id$
*/
public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+
+ /** 5 minutes (=300 seconds) default length of the assertion */
+ private static int DEFAULT_CONDITIONS_LENGTH = 300;
+
/** private static String NL contains the NewLine representation in Java*/
private static final String NL = "\n";
/**
@@ -76,6 +82,38 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
"</saml:Assertion>";
/**
+ * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built (with Conditions)
+ */
+ private static final String AUTH_DATA_WITH_CONDITIONS =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+ " xmlns:si=''" + XSI_NS_URI + "''" +
+ " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL +
+ " <saml:SubjectConfirmation>" + NL +
+ " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+ " <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL +
+ " </saml:SubjectConfirmation>" + NL +
+ " </saml:Subject>" + NL +
+ " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{11}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{12}" +
+ "{13}" +
+ "{14}" +
+ " </saml:AttributeStatement>" + NL +
+ "</saml:Assertion>";
+
+ /**
* XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
*/
private static final String AUTH_DATA_MANDATE =
@@ -108,6 +146,41 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
"{13}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
+
+ /**
+ * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
+ */
+ private static final String AUTH_DATA_MANDATE_WITH_CONDITIONS =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+ " xmlns:si=''" + XSI_NS_URI + "''" +
+ " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ "<saml:Conditions NotBefore=''{3}'' NotOnOrAfter=''{4}''/>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier NameQualifier=''{5}''>{6}</saml:NameIdentifier>" + NL +
+ " <saml:SubjectConfirmation>" + NL +
+ " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+ " <saml:SubjectConfirmationData>{7}{8}</saml:SubjectConfirmationData>" + NL +
+ " </saml:SubjectConfirmation>" + NL +
+ " </saml:Subject>" + NL +
+ " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''MandateData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{11}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{12}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{13}" +
+ "{14}" +
+ "{15}" +
+ " </saml:AttributeStatement>" + NL +
+ "</saml:Assertion>";
/**
* XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
* to be inserted into the <code>&lt;saml:Assertion&gt;</code>
@@ -156,7 +229,9 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- List extendedSAMLAttributes)
+ List extendedSAMLAttributes,
+ boolean useCondition,
+ int conditionLength)
throws BuildException
{
@@ -195,21 +270,51 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String assertion;
try {
+ if (!useCondition) {
+ assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
+ else {
+ Calendar cal = Calendar.getInstance();
+ String notBefore = DateTimeUtils.buildDateTimeUTC(cal);
+ if (conditionLength <= 0)
+ cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH);
+ else
+ cal.add(Calendar.SECOND, conditionLength);
+
+ String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal);
+
+ assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ notBefore,
+ notOnOrAfter,
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
- assertion = MessageFormat.format(AUTH_DATA, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- pkType,
- pkValue,
- StringUtils.removeXMLDeclaration(xmlAuthBlock),
- StringUtils.removeXMLDeclaration(xmlIdentityLink),
- StringUtils.removeXMLDeclaration(xmlPersonData),
- isQualifiedCertificate,
- bkuURL,
- publicAuthorityAttribute,
- signerCertificateAttribute,
- buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+
} catch (ParseException e) {
Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
@@ -246,7 +351,9 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String signerCertificateBase64,
boolean businessService,
String sourceID,
- List extendedSAMLAttributes)
+ List extendedSAMLAttributes,
+ boolean useCondition,
+ int conditionLength)
throws BuildException
{
@@ -285,21 +392,59 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String assertion;
try {
- assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
- authData.getAssertionID(),
- authData.getIssuer(),
- authData.getIssueInstant(),
- pkType,
- pkValue,
- StringUtils.removeXMLDeclaration(xmlAuthBlock),
- StringUtils.removeXMLDeclaration(xmlIdentityLink),
- StringUtils.removeXMLDeclaration(xmlPersonData),
- StringUtils.removeXMLDeclaration(xmlMandateData),
- isQualifiedCertificate,
- bkuURL,
- publicAuthorityAttribute,
- signerCertificateAttribute,
- buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+
+
+ if (!useCondition) {
+ assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ StringUtils.removeXMLDeclaration(xmlMandateData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
+ else {
+ Calendar cal = Calendar.getInstance();
+ String notBefore = DateTimeUtils.buildDateTimeUTC(cal);
+ if (conditionLength <= 0)
+ cal.add(Calendar.SECOND, DEFAULT_CONDITIONS_LENGTH);
+ else
+ cal.add(Calendar.SECOND, conditionLength);
+
+ String notOnOrAfter = DateTimeUtils.buildDateTimeUTC(cal);
+
+ assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ notBefore,
+ notOnOrAfter,
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ StringUtils.removeXMLDeclaration(xmlMandateData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ }
+
+
+
+
+
+
} catch (ParseException e) {
Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 8cc51bf93..b7b5bcce6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -24,6 +24,7 @@
package at.gv.egovernment.moa.id.config;
+import iaik.ixsil.util.Utils;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
@@ -44,6 +45,8 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
+import com.sun.xml.internal.fastinfoset.stax.events.Util;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.Schema;
import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
@@ -580,9 +583,15 @@ public class ConfigurationBuilder {
oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData")));
oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC")));
+ oap.setUseCondition(BoolUtils.valueOf(authComponent.getAttribute("useCondition")));
+ oap.setConditionLength(buildConditionLength(authComponent.getAttribute("conditionLength")));
oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));
+ System.out.println(publicURLPrefix);
+ System.out.println("useCondition: " + oap.getUseCondition());
+ System.out.println("conditionLength: " + oap.getConditionLength());
+
oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL));
// load OA specific transforms if present
String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);
@@ -616,6 +625,19 @@ public class ConfigurationBuilder {
return result;
}
+
+ /**
+ * Returns the condition length as int
+ * @param length the condition length as int
+ * @return
+ */
+ private int buildConditionLength(String length) {
+
+ if (Util.isEmptyString(length))
+ return -1;
+ else
+ return new Integer(length).intValue();
+ }
/**
* Builds the URL for a BKUSelectionTemplate or a Template. The method selects
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 65e21cbce..2959d9208 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -87,6 +87,12 @@ public class OAAuthParameter extends OAParameter {
/** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
private boolean useUTC;
+
+ /** determines wheter a saml:Condition is added to the SAML assertion or not */
+ private boolean useCondition;
+
+ /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */
+ private int conditionLength;
/**
* url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
*/
@@ -202,6 +208,22 @@ public class OAAuthParameter extends OAParameter {
return useUTC;
}
+ /**
+ * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>.
+ */
+ public boolean getUseCondition() {
+ return useCondition;
+ }
+
+ /**
+ * Returns the validity time of the SAML assertion (if useCondition is true) in seconds
+ * @return the validity time of the SAML assertion (if useCondition is true) in seconds
+ */
+ public int getConditionLength() {
+ return conditionLength;
+ }
+
/**
* Returns the key box identifier.
@@ -325,6 +347,21 @@ public class OAAuthParameter extends OAParameter {
this.useUTC = useUTC;
}
+ /**
+ * Sets the useCondition variable
+ * @param useCondition The useCondition value to set
+ */
+ public void setUseCondition(boolean useCondition) {
+ this.useCondition = useCondition;
+ }
+
+ /**
+ * Sets the conditionLength variable
+ * @param conditionLength the conditionLength value to set
+ */
+ public void setConditionLength(int conditionLength) {
+ this.conditionLength = conditionLength;
+ }
/**