aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java265
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java125
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java94
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java221
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java91
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java106
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java140
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java77
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties5
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginForm.html64
33 files changed, 1086 insertions, 559 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 214a1df7d..a127dc6b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -57,6 +57,7 @@ import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
@@ -87,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
@@ -104,6 +106,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -131,7 +134,9 @@ import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
@@ -419,10 +424,29 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- //build ReadInfobox request
- String infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam
+ String infoboxReadRequest = "";
+
+ if (session.isSsoRequested()) {
+ //load identityLink with SSO Target
+ boolean isbuisness = false;
+ String domainIdentifier = "";
+ IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService();
+ if (ssobusiness != null) {
+ isbuisness = true;
+ domainIdentifier = ssobusiness.getValue();
+ }
+
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ oaParam.isSlVersion12(), isbuisness, domainIdentifier);
+
+ } else {
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam
.getIdentityLinkDomainIdentifier());
+ }
+
String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
@@ -798,12 +822,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
identityLink.setIdentificationType(null);
}
else {
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
- identityLink.setIdentificationValue(bpkBase64);
-
- //TODO: insert correct Type!!!!
- identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
+
+ //TODO: check correctness!!! bpk calcultion is done during Assertion generation
+// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+// .getIdentificationValue(), session.getTarget());
+// identityLink.setIdentificationValue(bpkBase64);
+//
+// //TODO: insert correct Type!!!!
+// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
}
}
// ..BZ
@@ -1022,11 +1048,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Constants.URN_PREFIX_BASEID)) {
// only compute bPK if online application is a public service and we
// have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
- identificationValue = bpkBase64;
- identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+
+ if (session.isSsoRequested()) {
+ identificationType = "";
+ identificationValue = "";
+
+ } else {
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+ .getIdentificationValue(), session.getTarget());
+ identificationValue = bpkBase64;
+ identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+ }
// identityLink.setIdentificationValue(bpkBase64);
// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
@@ -1045,17 +1078,41 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
// String oaURL = session.getPublicOAURLPrefix();
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&");
+
List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- String authBlock = new AuthenticationBlockAssertionBuilder()
+
+
+ if (session.isSsoRequested()) {
+ String oaURL =new String();
+ try {
+ oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+
+ if (MiscUtil.isNotEmpty(oaURL))
+ oaURL = oaURL.replaceAll("&", "&");
+
+ } catch (ConfigurationException e) {
+ }
+ String authBlock = new AuthenticationBlockAssertionBuilder()
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
+ targetFriendlyName, identificationValue,
+ identificationType, oaURL, gebDat,
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+
+ } else {
+ String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&");
+ String authBlock = new AuthenticationBlockAssertionBuilder()
.buildAuthBlock(issuer, issueInstant, authURL, target,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session);
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+ }
+
- return authBlock;
+
}
/**
@@ -1107,7 +1164,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.buildAuthBlock(issuer, issueInstant, authURL, target,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session);
+ extendedSAMLAttributes, session, oaParam);
return authBlock;
}
@@ -1807,7 +1864,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
}
// validates <CreateXMLSignatureResponse>
- new CreateXMLSignatureResponseValidator().validate(csresp, session);
+ if (session.isSsoRequested())
+ new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
+ else
+ new CreateXMLSignatureResponseValidator().validate(csresp, session);
+
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
@@ -2191,13 +2252,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
IdentityLink identityLink = session.getIdentityLink();
AuthenticationData authData = new AuthenticationData();
-
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
- boolean useUTC = oaParam.getUseUTC();
- boolean isForeigner = session.isForeigner();
+ boolean useUTC = oaParam.getUseUTC();
boolean businessService = oaParam.getBusinessService();
authData.setMajorVersion(1);
@@ -2206,7 +2263,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setIssuer(session.getAuthURL());
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar
.getInstance(), useUTC));
+
+ //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
authData.setIdentificationType(identityLink.getIdentificationType());
+
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
authData.setDateOfBirth(identityLink.getDateOfBirth());
@@ -2218,105 +2279,58 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setBkuURL(session.getBkuURL());
authData.setUseUTC(oaParam.getUseUTC());
- //TODO: check correctness
-// boolean provideStammzahl = oaParam.getProvideStammzahl();
-// if (provideStammzahl) {
-// authData.setIdentificationValue(identityLink
-// .getIdentificationValue());
-// }
-
-// String prPerson = new PersonDataBuilder().build(identityLink,
-// provideStammzahl);
-
try {
-// String signerCertificateBase64 = "";
-// if (oaParam.getProvideCertifcate()) {
-// X509Certificate signerCertificate = verifyXMLSigResp
-// .getX509certificate();
-// if (signerCertificate != null) {
-// signerCertificateBase64 = Base64Utils
-// .encode(signerCertificate.getEncoded());
-// } else {
-// Logger
-// .info("\"provideCertificate\" is \"true\", but no signer certificate available");
-// }
-// }
-// authData.setSignerCertificate(signerCertificateBase64);
- if(!isForeigner) {
- //we have Austrian citizen
- if (businessService) {
- authData.setBPK(identityLink.getIdentificationValue());
- authData.setBPKType(identityLink.getIdentificationType());
-
- } else {
-
- // OLD! BZ.., calculation of bPK already before sending AUTHBlock
- //TL: identitylLink holds the BASEID, bPK is only calculated for AUTHBlock
- //authData.setBPK(identityLink.getIdentificationValue());
-
- // only compute bPK if online application is a public service and we have the Stammzahl
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- String bpkBase64 = new BPKBuilder().buildBPK(
- identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
- }
- }
- } else {
- //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
- if (businessService) {
- //since we have foreigner, wbPK is not calculated in BKU
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ //TODO: resign the IdentityLink!!!
+
+ if (businessService) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
+ String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
- }
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
+ authData.setBPK(wbpkBase64);
+ authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
} else {
+ authData.setBPK(identityLink.getIdentificationValue());
+ authData.setBPKType(identityLink.getIdentificationType());
+ }
+
+ Element idlassertion = session.getIdentityLink().getSamlAssertion();
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
+
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IdentityLink idl = idlparser.parseIdentityLink();
+ authData.setIdentityLink(idl);
+
+ } else {
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
- authData.setBPK(bpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
- }
-
-
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
+ authData.setBPK(bpkBase64);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
}
+ authData.setIdentityLink(identityLink);
}
-// String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
-// .getSerializedSamlAssertion()
-// : "";
-// if (!oaParam.getProvideStammzahl()) {
-// ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink
-// .getIdentificationValue(), "");
-// }
-// String authBlock = oaParam.getProvideAuthBlock() ? session
-// .getAuthBlock() : "";
-
-
- //TODO: check, if this elements are in use!!!!
-// session.setAssertionAuthBlock(authBlock);
-// session.setAssertionAuthData(authData);
-// session.setAssertionBusinessService(businessService);
-// session.setAssertionIlAssertion(ilAssertion);
-// session.setAssertionPrPerson(prPerson);
-// session.setAssertionSignerCertificateBase64(signerCertificateBase64);
-
+
return authData;
} catch (Throwable ex) {
@@ -2326,27 +2340,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Creates a new session and puts it into the session store.
- *
- * @param id
- * Session ID
- * @return AuthenticationSession created
- * @exception AuthenticationException
- * thrown when an <code>AuthenticationSession</code> is
- * running already for the given session ID
- */
- private static AuthenticationSession newSession()
- throws AuthenticationException {
-
- try {
- return AuthenticationSessionStoreage.createSession();
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("", null);
- }
- }
-
- /**
* Retrieves a session from the session store.
*
* @param id
@@ -2633,6 +2626,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
+
+ //TODO: check Target in case of SSO!!
String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 47bf61db4..e1552a5a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -48,6 +48,7 @@ public interface MOAIDAuthConstants {
public static final String PARAM_BKU = "bkuURI";
public static final String PARAM_MODUL = "MODUL";
public static final String PARAM_ACTION = "ACTION";
+ public static final String PARAM_SSO = "SSO";
/** servlet parameter &quot;sourceID&quot; */
public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index fb45e517d..abb33203c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -120,6 +121,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
*/
public static final int NUM_OF_SAML_ATTRIBUTES = 4;
+ public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 3;
/**
* Constructor for AuthenticationBlockAssertionBuilder.
@@ -168,23 +170,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List extendedSAMLAttributes,
- AuthenticationSession session)
+ AuthenticationSession session,
+ OAAuthParameter oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
-
- //reading OA parameters
- OAAuthParameter oaParam;
- try {
- oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } catch (ConfigurationException e) {
- Logger.error("Error on building AUTH-Block: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
- }
-
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
@@ -216,7 +209,6 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//no business service, adding bPK
- System.out.println("identityLinkValue: " + identityLinkValue);
if (identityLinkValue != null) {
Element bpkSamlValueElement;
try {
@@ -264,9 +256,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
- //TODO: load special text from OAconfig
- //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
@@ -406,9 +404,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
//..BZ
- //TODO: load special text from OAconfig
- //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
new Object[] { generateSpecialText(text, issuer, issueInstant) });
@@ -464,4 +467,92 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
return null;
}
+ public String buildAuthBlockSSO(
+ String issuer,
+ String issueInstant,
+ String authURL,
+ String target,
+ String targetFriendlyName,
+ String identityLinkValue,
+ String identityLinkType,
+ String oaURL,
+ String gebDat,
+ List extendedSAMLAttributes,
+ AuthenticationSession session,
+ OAAuthParameter oaParam)
+ throws BuildException
+ {
+ session.setSAMLAttributeGebeORwbpk(true);
+ String gebeORwbpk = "";
+ String wbpkNSDeclaration = "";
+
+ if (target != null) {
+
+ boolean useMandate = session.getUseMandate();
+ if (useMandate) {
+ String mandateReferenceValue = Random.nextRandom();
+ // remove leading "-"
+ if (mandateReferenceValue.startsWith("-"))
+ mandateReferenceValue = mandateReferenceValue.substring(1);
+
+ session.setMandateReferenceValue(mandateReferenceValue);
+
+ ExtendedSAMLAttribute mandateReferenceValueAttribute =
+ new ExtendedSAMLAttributeImpl("mandateReferenceValue", mandateReferenceValue, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK);
+
+ extendedSAMLAttributes.add(mandateReferenceValueAttribute);
+ }
+ }
+
+ //adding friendly name of OA
+ String friendlyname;
+ try {
+ friendlyname = AuthConfigurationProvider.getInstance().getSSOFriendlyName();
+
+ ExtendedSAMLAttribute oaFriendlyNameAttribute =
+ new ExtendedSAMLAttributeImpl("oaFriendlyName", friendlyname, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+
+
+ String text = AuthConfigurationProvider.getInstance().getSSOSpecialText();
+
+ if (MiscUtil.isEmpty(text))
+ text="";
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
+
+
+
+ String assertion;
+
+ assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] {
+ wbpkNSDeclaration,
+ issuer,
+ issueInstant,
+ authURL,
+ gebeORwbpk,
+ oaURL,
+ gebDat,
+ specialText,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+
+ return assertion;
+
+ } catch (ParseException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+
+ } catch (ConfigurationException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+
+
+
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 6a9a5b765..023b36d83 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -92,7 +92,12 @@ public class BPKBuilder {
identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
}
- String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+ String basisbegriff;
+ if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" ))
+ basisbegriff = identificationValue + "+" + registerAndOrdNr;
+ else
+ basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
index 913b12d49..0a526ebbe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -59,52 +59,52 @@ public class InfoboxValidatorParamsBuilder {
*
* @return Parameters for validating an infobox token.
*/
- public static InfoboxValidatorParams buildInfoboxValidatorParams(
- AuthenticationSession session,
- VerifyInfoboxParameter verifyInfoboxParameter,
- List infoboxTokenList,
- OAAuthParameter oaParam)
- {
- InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
- IdentityLink identityLink = session.getIdentityLink();
-
- // the infobox token to validate
- infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
- // configuration parameters
- infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
- infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
- infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
- // authentication session parameters
- infoboxValidatorParams.setBkuURL(session.getBkuURL());
- infoboxValidatorParams.setTarget(session.getTarget());
- infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
- // parameters from the identity link
- infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
- infoboxValidatorParams.setGivenName(identityLink.getGivenName());
- infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
- if (verifyInfoboxParameter.getProvideStammzahl()) {
- infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
- }
- infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
- infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
- if (verifyInfoboxParameter.getProvideIdentityLink()) {
- Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
- if (!verifyInfoboxParameter.getProvideStammzahl()) {
- Element identificationValueElem =
- (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- if (identificationValueElem != null) {
- identificationValueElem.getFirstChild().setNodeValue("");
- }
- }
- infoboxValidatorParams.setIdentityLink(identityLinkElem);
- }
-
- //TODO: check if this is Protocol specific
- //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
- infoboxValidatorParams.setHideStammzahl(true);
-
- return infoboxValidatorParams;
- }
+// public static InfoboxValidatorParams buildInfoboxValidatorParams(
+// AuthenticationSession session,
+// VerifyInfoboxParameter verifyInfoboxParameter,
+// List infoboxTokenList,
+// OAAuthParameter oaParam)
+// {
+// InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
+// IdentityLink identityLink = session.getIdentityLink();
+//
+// // the infobox token to validate
+// infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
+// // configuration parameters
+// infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
+// infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
+// infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
+// // authentication session parameters
+// infoboxValidatorParams.setBkuURL(session.getBkuURL());
+// infoboxValidatorParams.setTarget(session.getTarget());
+// infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+// infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
+// // parameters from the identity link
+// infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
+// infoboxValidatorParams.setGivenName(identityLink.getGivenName());
+// infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
+// if (verifyInfoboxParameter.getProvideStammzahl()) {
+// infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
+// }
+// infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
+// infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
+// if (verifyInfoboxParameter.getProvideIdentityLink()) {
+// Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
+// if (!verifyInfoboxParameter.getProvideStammzahl()) {
+// Element identificationValueElem =
+// (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+// if (identificationValueElem != null) {
+// identificationValueElem.getFirstChild().setNodeValue("");
+// }
+// }
+// infoboxValidatorParams.setIdentityLink(identityLinkElem);
+// }
+//
+// //TODO: check if this is Protocol specific
+// //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
+// infoboxValidatorParams.setHideStammzahl(true);
+//
+// return infoboxValidatorParams;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index ed55d660c..5f100d5fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -12,8 +12,6 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.logging.Logger;
public class LoginFormBuilder {
-
- private static String SERVLET = "./GenerateIframeTemplate";
private static String AUTH_URL = "#AUTH_URL#";
private static String MODUL = "#MODUL#";
@@ -22,6 +20,9 @@ public class LoginFormBuilder {
private static String BKU_ONLINE = "#ONLINE#";
private static String BKU_HANDY = "#HANDY#";
private static String BKU_LOCAL = "#LOCAL#";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
+
+ private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
private static String template;
@@ -48,7 +49,7 @@ public class LoginFormBuilder {
return template;
}
- public static String buildLoginForm(String modul, String action, String oaname) {
+ public static String buildLoginForm(String modul, String action, String oaname, String contextpath) {
String value = getTemplate();
if(value != null) {
@@ -61,6 +62,7 @@ public class LoginFormBuilder {
value = value.replace(MODUL, modul);
value = value.replace(ACTION, action);
value = value.replace(OANAME, oaname);
+ value = value.replace(CONTEXTPATH, contextpath);
}
return value;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index ffe938d89..94a41a21f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -145,8 +145,6 @@ public class AuthenticationSession implements Serializable {
*/
private String misSessionID;
- private String mandateData;
-
//store Identitylink
/**
* identity link read from smartcard
@@ -231,6 +229,7 @@ public class AuthenticationSession implements Serializable {
private boolean authenticated;
private boolean authenticatedUsed = false;
+ private boolean ssoRequested = false;
// /**
// * Indicates if target from configuration is used or not
@@ -294,15 +293,6 @@ public class AuthenticationSession implements Serializable {
public void setAction(String action) {
this.action = action;
}
-
- public String getMandateData() {
- return mandateData;
- }
-
- public void setMandateData(String mandateData) {
- this.mandateData = mandateData;
- }
-
// public AuthenticationData getAuthData() {
// return authData;
@@ -1106,8 +1096,23 @@ public class AuthenticationSession implements Serializable {
}catch (Throwable e) {
Logger.warn("Mandate content could not be generated from MISMandate.");
return null;
- }
-
-
+ }
}
+
+ /**
+ * @return the ssoRequested
+ */
+
+ //TODO: SSO only allowed without mandates, actually
+ public boolean isSsoRequested() {
+ return ssoRequested && !useMandate;
+ }
+
+ /**
+ * @param ssoRequested the ssoRequested to set
+ */
+ public void setSsoRequested(boolean ssoRequested) {
+ this.ssoRequested = ssoRequested;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index cb3ed5ad9..a468caf73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -122,7 +122,7 @@ public class IdentityLinkAssertionParser {
+ "Value";
/** Xpath expression to the Identification Value element */
- private static final String PERSON_IDENT_TYPE_XPATH =
+ public static final String PERSON_IDENT_TYPE_XPATH =
PERSON_XPATH
+ "/"
+ PDATA
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index b0a4f2f8a..3f82c2a4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -36,6 +36,8 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
String targetFriendlyName = null;
+ String sso = req.getParameter(PARAM_SSO);
+
// escape parameter strings
//TODO: use URLEncoder.encode!!
target = StringEscapeUtils.escapeHtml(target);
@@ -44,7 +46,8 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
templateURL = StringEscapeUtils.escapeHtml(templateURL);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
ccc = StringEscapeUtils.escapeHtml(ccc);
-
+ sso = StringEscapeUtils.escapeHtml(sso);
+
// check parameter
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
@@ -52,7 +55,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-
+ if (!ParamValidatorUtils.isValidUseMandate(sso))
+ throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12");
+
//check UseMandate flag
String useMandateString = null;
boolean useMandateBoolean = false;
@@ -68,7 +73,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
useMandateBoolean = false;
moasession.setUseMandate(useMandateString);
-
+
+
+ //check useSSO flag
+ String useSSOString = null;
+ boolean useSSOBoolean = false;
+ if ((sso != null) && (sso.compareTo("") != 0)) {
+ useSSOString = sso;
+ } else {
+ useSSOString = "false";
+ }
+
+ if (useSSOString.compareToIgnoreCase("true") == 0)
+ useSSOBoolean = true;
+ else
+ useSSOBoolean = false;
+ moasession.setSsoRequested(useSSOBoolean);
+
//load OnlineApplication configuration
OAAuthParameter oaParam;
if (moasession.getPublicOAURLPrefix() != null) {
@@ -126,9 +147,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
}
moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+
+ //TODO: check for SSO
moasession.setTarget(target);
- moasession.setTargetFriendlyName(targetFriendlyName);
moasession.setBusinessService(oaParam.getBusinessService());
+ moasession.setTargetFriendlyName(targetFriendlyName);
moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 310f3509c..5a0bd33bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -9,6 +9,8 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
@@ -16,16 +18,31 @@ public class RedirectServlet extends AuthServlet{
private static final long serialVersionUID = 1L;
- public static final String REDIRCT_GETPARAM = "redirecturl";
+ public static final String REDIRCT_PARAM_URL = "redirecturl";
+
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.info("Receive " + RedirectServlet.class + " Request");
- String url = req.getParameter(REDIRCT_GETPARAM);
+ String url = req.getParameter(REDIRCT_PARAM_URL);
+ String target = req.getParameter(PARAM_TARGET);
+ String artifact = req.getParameter(PARAM_SAMLARTIFACT);
Logger.info("Redirect to " + url);
+ if (MiscUtil.isNotEmpty(target)) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_TARGET,
+ URLEncoder.encode(target, "UTF-8"));
+
+
+ }
+ url = addURLParameter(url, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(artifact, "UTF-8"));
+ url = resp.encodeRedirectURL(url);
+
String redirect_form = RedirectFormBuilder.buildLoginForm(url);
resp.setContentType("text/html;charset=UTF-8");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f8a828f6f..adef74370 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -207,13 +207,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String mandateReferenceValue = session.getMandateReferenceValue();
byte[] cert = session.getEncodedSignerCertificate();
- String targetType = null;
-
- if(session.getBusinessService()) {
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+ //TODO: check in case of SSO!!!
+ String targetType = null;
+ if(oaParam.getBusinessService()) {
+ String id = oaParam.getIdentityLinkDomainIdentifier();
+ if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ targetType = id;
+ else
+ targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
} else {
- targetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget();
+ targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 8eaa8341c..2f12c7ae6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -229,7 +229,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
- throw new AuthenticationException("", null);
+ Logger.info("No valid MOA session found. Authentification process is abourted.");
+ throw new AuthenticationException("auth.20", null);
}
}
catch (ParseException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index ba7893412..d0fb1f87f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -35,9 +35,13 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -243,9 +247,15 @@ public class CreateXMLSignatureResponseValidator {
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
- //TODO:load Text from OA config
- //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
- String text = "";
+ String text = "";
+ try {
+ OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
+ Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
+
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
if (!samlSpecialText.equals(specialText)) {
@@ -333,6 +343,211 @@ public class CreateXMLSignatureResponseValidator {
}
}
+ /**
+ * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
+ * @param createXMLSignatureResponse
+ * @param session
+ * @throws ValidateException
+ */
+ public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+ throws ValidateException {
+
+ // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
+
+ String oaURL;
+ try {
+ oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+ } catch (ConfigurationException e1) {
+ oaURL = new String();
+ }
+
+ IdentityLink identityLink = session.getIdentityLink();
+
+ Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
+ String issuer = samlAssertion.getAttribute("Issuer");
+ if (issuer == null) {
+ // should not happen, because parser would dedect this
+ throw new ValidateException("validator.32", null);
+ }
+ // replace ' in name with &#39;
+ issuer = issuer.replaceAll("'", "&#39;");
+
+ String issueInstant = samlAssertion.getAttribute("IssueInstant");
+ if (!issueInstant.equals(session.getIssueInstant())) {
+ throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()});
+ }
+
+ String name = identityLink.getName();
+
+ if (!issuer.equals(name)) {
+ throw new ValidateException("validator.33", new Object[] {issuer, name});
+ }
+
+ SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes();
+
+ boolean foundOA = false;
+ boolean foundGB = false;
+ boolean foundWBPK = false;
+ int offset = 0;
+
+ // check number of SAML aatributes
+ List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ int extendedSAMLAttributesNum = 0;
+ if (extendedSAMLAttributes != null) {
+ extendedSAMLAttributesNum = extendedSAMLAttributes.size();
+ }
+ int expectedSAMLAttributeNumber =
+ AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + extendedSAMLAttributesNum;
+ if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--;
+ int actualSAMLAttributeNumber = samlAttributes.length;
+ if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) {
+ Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " +
+ expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber);
+ throw new ValidateException(
+ "validator.36",
+ new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)});
+ }
+
+ SAMLAttribute samlAttribute;
+ if (!session.getSAMLAttributeGebeORwbpk()) {
+ offset--;
+ }
+
+ // check the first attribute (must be "OA")
+ samlAttribute = samlAttributes[0 + offset];
+ if (!samlAttribute.getName().equals("OA")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundOA = true;
+ if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
+ throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()});
+ }
+ } else {
+ throw new ValidateException("validator.15", null);
+ }
+
+ // check the third attribute (must be "Geburtsdatum")
+ samlAttribute = samlAttributes[1 + offset];
+ if (!samlAttribute.getName().equals("Geburtsdatum")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlDateOfBirth = (String)samlAttribute.getValue();
+ String dateOfBirth = identityLink.getDateOfBirth();
+ if (!samlDateOfBirth.equals(dateOfBirth)) {
+ throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
+ // check four attribute could be a special text
+ samlAttribute = samlAttributes[2 + offset];
+ if (!samlAttribute.getName().equals("SpecialText")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlSpecialText = (String)samlAttribute.getValue();
+
+ String text = "";
+ try {
+ if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
+ Logger.info("Use addional AuthBlock Text from SSO=" +text);
+ else
+ text = new String();
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
+ }
+
+
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
+ // now check the extended SAML attributes
+ int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset;
+ if (extendedSAMLAttributes != null) {
+ Iterator it = extendedSAMLAttributes.iterator();
+ while (it.hasNext()) {
+ ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+ samlAttribute = samlAttributes[i];
+ String actualName = samlAttribute.getName();
+ String expectedName = extendedSAMLAttribute.getName();
+ if (!actualName.equals(expectedName)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName });
+ }
+ String actualNamespace = samlAttribute.getNamespace();
+ String expectedNamespace = extendedSAMLAttribute.getNameSpace();
+ if (!actualNamespace.equals(expectedNamespace)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, });
+ }
+ Object expectedValue = extendedSAMLAttribute.getValue();
+ Object actualValue = samlAttribute.getValue();
+ try {
+ if (expectedValue instanceof String) {
+ // replace \r\n because text might be base64-encoded
+ String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
+ expValue = StringUtils.replaceAll(expValue,"\n","");
+ String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
+ actValue = StringUtils.replaceAll(actValue,"\n","");
+ if (!expValue.equals(actValue)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue });
+ }
+ } else if (expectedValue instanceof Element) {
+ // only check the name of the element
+ String actualElementName = ((Element)actualValue).getNodeName();
+ String expectedElementName = ((Element)expectedValue).getNodeName();
+ if (!(expectedElementName.equals(actualElementName))){
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName});
+ }
+ } else {
+ // should not happen
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()});
+ }
+ } catch (ClassCastException e) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()});
+ }
+ i++;
+ }
+ }
+
+
+ if (!foundOA) throw new ValidateException("validator.14", null);
+
+ //Check if dsig:Signature exists
+// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+// if (nl.getLength() != 1) {
+// throw new ValidateException("validator.05", null);
+// }
+ Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH);
+ if (dsigSignature == null) {
+ throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
+ }
+ }
+
public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
//TODO: insert Time validation!!!!
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
new file mode 100644
index 000000000..b358a31c9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -0,0 +1,55 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
+
+public abstract class ConnectionParameter {
+
+ protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore";
+ protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword";
+ protected static final String PROP_IDENTIFIER_ACCEPEDSERVERCERTS = "acceptedServerCertificates";
+
+ protected ConnectionParameterClientAuthType database;
+ protected Properties prop;
+ protected String basedirectory;
+
+ public ConnectionParameter(ConnectionParameterClientAuthType database, Properties prop, String basedirectory) {
+ this.database = database;
+ this.prop = prop;
+ this.basedirectory = basedirectory;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public abstract String getAcceptedServerCertificates();
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public abstract String getClientKeyStore();
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public abstract String getClientKeyStorePassword();
+
+
+ public boolean isHTTPSURL() {
+ if (database==null)
+ return false;
+ else
+ return database.getURL().indexOf("https") == 0;
+ }
+
+ public String getUrl() {
+ if (database == null)
+ return null;
+ else
+ return database.getURL();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 922d86fc0..713fd538e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
@@ -57,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
@@ -617,6 +619,95 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return null;
}
+ public boolean isSSOBusinessService() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ SSO sso = auth.getSSO();
+
+ if (sso!= null) {
+ if (sso.getIdentificationNumber() != null)
+ return true;
+ }
+ return false;
+ }
+
+ public IdentificationNumber getSSOBusinessService() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ SSO sso = auth.getSSO();
+
+ if (sso!= null)
+ return sso.getIdentificationNumber();
+
+ return null;
+ }
+
+ public String getSSOTarget() throws ConfigurationException {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ SSO sso = auth.getSSO();
+
+ if (sso!= null)
+ return sso.getTarget();
+
+ return null;
+ }
+
+ public String getSSOFriendlyName() {
+ AuthComponentGeneral auth;
+ try {
+ auth = getAuthComponentGeneral();
+
+ SSO sso = auth.getSSO();
+
+ if (sso!= null)
+ return sso.getFriendlyName();
+
+ } catch (ConfigurationException e) {
+ Logger.warn("No SSO FriendlyName found. Use default Name!!!");
+ }
+ return "Default MOA-ID friendly name for SSO";
+ }
+
+ public String getSSOSpecialText() {
+ try {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ SSO sso = auth.getSSO();
+
+ if (sso!= null) {
+ String text = sso.getSpecialText();
+ if (MiscUtil.isEmpty(text))
+ text = new String();
+ return text;
+ }
+
+
+ } catch (ConfigurationException e) {
+ }
+ return new String();
+ }
+
+ public String getSSOPublicUrl() {
+ try {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+
+ SSO sso = auth.getSSO();
+
+ if (sso!= null) {
+ String url = sso.getPublicURL();
+
+ if (MiscUtil.isEmpty(url))
+ url = new String();
+
+ return url;
+ }
+
+ } catch (ConfigurationException e) {
+ }
+ return new String();
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 1536b907b..4ee9986ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -189,7 +189,7 @@ public class BuildFromLegacyConfig {
generalAuth.setSSO(auth_sso);
auth_sso.setTarget("BF");
auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta");
-
+
//set SecurityLayer Transformations
String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index efb300a1c..4bbd221a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.data;
import java.io.Serializable;
import java.util.Date;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+
/**
* Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
*
@@ -67,7 +69,13 @@ public class AuthenticationData implements Serializable {
/**
* user identification type
*/
- private String identificationType;
+ private String identificationType;
+
+ /**
+ * user identityLink specialized to OAParamter
+ */
+ private IdentityLink identityLink;
+
/**
* application specific user identifier (bPK/wbPK)
*/
@@ -78,11 +86,6 @@ public class AuthenticationData implements Serializable {
*/
private String bPKType;
-
-// /**
-// * private sector-specific personal identifier (wbPK)
-// */
-// private String wbPK;
/**
* given name of the user
*/
@@ -450,5 +453,21 @@ public void setBPKType(String bPKType) {
this.bPKType = bPKType;
}
+/**
+ * @return the identityLink
+ */
+public IdentityLink getIdentityLink() {
+ return identityLink;
+}
+
+/**
+ * @param identityLink the identityLink to set
+ */
+public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+}
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index a453010da..22f4a00ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -17,6 +17,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -273,11 +274,17 @@ public class DispatcherServlet extends AuthServlet{
RequestStorage.removePendingRequest(httpSession);
- if (useSSOOA || isValidSSOSession) {
+ String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+ AuthenticationManager.MOA_SESSION, null);
+
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+
+ if ((useSSOOA || isValidSSOSession)
+ && moasession.isSsoRequested()
+ && !moasession.getUseMandate()) //TODO: SSO with mandates requires an OVS extension
+ {
+
//save SSO session usage in Database
- String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
- AuthenticationManager.MOA_SESSION, null);
-
String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
if (newSSOSessionId != null) {
@@ -290,7 +297,9 @@ public class DispatcherServlet extends AuthServlet{
} else {
authmanager.logout(req, resp);
}
-
+
+ ConfigurationDBUtils.closeSession();
+
//authmanager.logout(req, resp);
} catch (Throwable e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 7c2a9d533..4ec734c41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -212,18 +212,9 @@ public class AuthenticationManager extends AuthServlet {
moasession = getORCreateMOASession(request);
//parse request parameter into MOASession
- try{
- StartAuthentificationParameterParser.parse(request, response, moasession);
-
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, request, response);
- }
-
- catch (MOAIDException ex) {
- handleError(null, ex, request, response);
- }
-
+
+ StartAuthentificationParameterParser.parse(request, response, moasession);
+
Logger.info("Start Authentication Module: " + moasession.getModul()
+ " Action: " + moasession.getAction());
@@ -274,7 +265,7 @@ public class AuthenticationManager extends AuthServlet {
//Build authentication form
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
- target.requestedAction(), oaParam.getFriendlyName());
+ target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath());
//store MOASession
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 1e863ec81..84817ba7a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.moduls;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.List;
import javax.servlet.http.Cookie;
@@ -13,6 +15,8 @@ import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.Random;
@@ -34,7 +38,14 @@ public class SSOManager {
instance = new SSOManager();
//TODO: move to config based timeout!
- sso_timeout = DEFAULTSSOTIMEOUT;
+ try {
+ sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue();
+
+ } catch (ConfigurationException e) {
+ Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
+ sso_timeout = DEFAULTSSOTIMEOUT;
+ }
+
}
return instance;
@@ -100,10 +111,8 @@ public class SSOManager {
public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
- //TODO: use secure random number generation!!!!!
String newSSOId = Random.nextRandom();
-
-
+
System.out.println("generate new SSO Tokken (" + newSSOId + ")");
if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 3bbb3bd2a..790c42348 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -48,6 +48,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
@@ -79,6 +80,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
actions.put(METADATA, new MetadataAction());
instance = new PVP2XProtocol();
+
+ new VelocityLogAdapter();
}
private static PVP2XProtocol instance = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 6e826005d..97c5e8d20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -25,6 +25,7 @@ import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -47,6 +48,7 @@ public class PostBinding implements IDecoder, IEncoder {
Credential credentials = CredentialProvider
.getIDPSigningCredential();
+// VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
VelocityEngine engine = new VelocityEngine();
engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
@@ -54,6 +56,7 @@ public class PostBinding implements IDecoder, IEncoder {
engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
engine.setProperty("classpath.resource.loader.class",
"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
engine.init();
HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
@@ -75,6 +78,9 @@ public class PostBinding implements IDecoder, IEncoder {
} catch (CredentialsNotAvailableException e) {
e.printStackTrace();
throw new SecurityException(e);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
index e464536de..ab880bb9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
@@ -102,57 +102,57 @@ public class CitizenTokenBuilder {
}
- public static AttributeStatement buildCitizenToken(MOARequest obj,
- AuthenticationSession authSession) {
- AttributeStatement statement =
- SAML2Utils.createSAMLObject(AttributeStatement.class);
-
- //TL: AuthData generation is moved out from VerifyAuthBlockServlet
- try {
-
- //TODO: LOAD oaParam from request and not from MOASession in case of SSO
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
-
- AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
- oaParam,
- authSession.getTarget());
-
- Attribute pvpVersion = buildPVPVersion("2.1");
- Attribute secClass = buildSecClass(3);
- Attribute principalName = buildPrincipalName(authData.getFamilyName());
- Attribute givenName = buildGivenName(authData.getGivenName());
- Attribute birthdate = buildBirthday(authData.getDateOfBirth());
-
- //TL: getIdentificationValue holds the baseID --> change to pBK
- Attribute bpk = buildBPK(authData.getBPK());
-
- Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
- Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
- Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
-
- statement.getAttributes().add(pvpVersion);
- statement.getAttributes().add(secClass);
- statement.getAttributes().add(principalName);
- statement.getAttributes().add(givenName);
- statement.getAttributes().add(birthdate);
- statement.getAttributes().add(bpk);
- statement.getAttributes().add(eid_citizen_qaa);
- statement.getAttributes().add(eid_issuing_nation);
- statement.getAttributes().add(eid_sector_for_id);
-
- return statement;
-
- } catch (ConfigurationException e) {
-
- // TODO: check Exception Handling
- return null;
- } catch (BuildException e) {
-
- // TODO: check Exception Handling
- return null;
- }
-
-
- }
+// public static AttributeStatement buildCitizenToken(MOARequest obj,
+// AuthenticationSession authSession) {
+// AttributeStatement statement =
+// SAML2Utils.createSAMLObject(AttributeStatement.class);
+//
+// //TL: AuthData generation is moved out from VerifyAuthBlockServlet
+// try {
+//
+// //TODO: LOAD oaParam from request and not from MOASession in case of SSO
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
+//
+// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
+// oaParam,
+// authSession.getTarget());
+//
+// Attribute pvpVersion = buildPVPVersion("2.1");
+// Attribute secClass = buildSecClass(3);
+// Attribute principalName = buildPrincipalName(authData.getFamilyName());
+// Attribute givenName = buildGivenName(authData.getGivenName());
+// Attribute birthdate = buildBirthday(authData.getDateOfBirth());
+//
+// //TL: getIdentificationValue holds the baseID --> change to pBK
+// Attribute bpk = buildBPK(authData.getBPK());
+//
+// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
+// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
+// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
+//
+// statement.getAttributes().add(pvpVersion);
+// statement.getAttributes().add(secClass);
+// statement.getAttributes().add(principalName);
+// statement.getAttributes().add(givenName);
+// statement.getAttributes().add(birthdate);
+// statement.getAttributes().add(bpk);
+// statement.getAttributes().add(eid_citizen_qaa);
+// statement.getAttributes().add(eid_issuing_nation);
+// statement.getAttributes().add(eid_sector_for_id);
+//
+// return statement;
+//
+// } catch (ConfigurationException e) {
+//
+// // TODO: check Exception Handling
+// return null;
+// } catch (BuildException e) {
+//
+// // TODO: check Exception Handling
+// return null;
+// }
+//
+//
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index f3df7a4df..47887ddc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -79,31 +79,39 @@ public class GetArtifactAction implements IAction {
target);
String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
-
- String redirectURL = oaURL;
- session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
- URLEncoder.encode(session.getTarget(), "UTF-8"));
-
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
- URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = httpResp.encodeRedirectURL(redirectURL);
-
- httpResp.setContentType("text/html");
- httpResp.setStatus(302);
-// if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
-// String url = "RedirectServlet?"+RedirectServlet.REDIRCT_GETPARAM+"="+redirectURL;
-// httpResp.addHeader("Location", url);
-//
-// } else {
+ if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
+ String url = "RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
+ url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+ url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ url = httpResp.encodeRedirectURL(url);
+
+ httpResp.setContentType("text/html");
+ httpResp.setStatus(302);
+ httpResp.addHeader("Location", url);
+
+ } else {
+ String redirectURL = oaURL;
+
+ //session.getOAURLRequested();
+
+ if (!oaParam.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+ URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+
+
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = httpResp.encodeRedirectURL(redirectURL);
+ httpResp.setContentType("text/html");
+ httpResp.setStatus(302);
httpResp.addHeader("Location", redirectURL);
-// }
-
- Logger.debug("REDIRECT TO: " + redirectURL);
-
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
// CONFIRMATION FOR SSO!
/*
* OAAuthParameter oaParam =
@@ -146,10 +154,10 @@ public class GetArtifactAction implements IAction {
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- } //catch (MOADatabaseException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// }
+ } catch (MOADatabaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
}
protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
deleted file mode 100644
index 3a2f4ee9f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ /dev/null
@@ -1,140 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.saml1;
-
-import iaik.util.logging.Log;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-public class GetArtifactServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 3593264832041467899L;
-
- /**
- * Constructor for GetArtifactServlet.
- */
- public GetArtifactServlet() {
- super();
- }
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Log.err("Sollte nicht mehr verwendet werden!!!!");
- throw new ServletException("The Servlet Class + " + GetArtifactServlet.class
- + " is out of date!!!");
-
-// HttpSession httpSession = req.getSession();
-//
-// AuthenticationManager authmanager = AuthenticationManager.getInstance();
-// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
-//
-// String oaURL = (String) req.getAttribute(PARAM_OA);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
-//
-// String target = (String) req.getAttribute(PARAM_TARGET);
-// target = StringEscapeUtils.escapeHtml(target);
-//
-// try {
-//
-// // check parameter
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
-//
-// if (oaURL == null) {
-// oaURL = session.getOAURLRequested();
-// }
-//
-// if (oaURL == null) {
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
-// }
-//
-// String samlArtifactBase64 = SAML1AuthenticationServer
-// .BuildSAMLArtifact(session);
-//
-// String redirectURL = oaURL;
-// session.getOAURLRequested();
-// if (!session.getBusinessService()) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
-//
-// }
-// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
-// URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-// redirectURL = resp.encodeRedirectURL(redirectURL);
-//
-// resp.setContentType("text/html");
-// resp.setStatus(302);
-//
-// resp.addHeader("Location", redirectURL);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-//
-// // CONFIRMATION FOR SSO!
-// /*
-// * OAAuthParameter oaParam =
-// * AuthConfigurationProvider.getInstance().
-// * getOnlineApplicationParameter(oaURL);
-// *
-// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
-// * == null) { friendlyName = oaURL; }
-// *
-// *
-// * LoginConfirmationBuilder builder = new
-// * LoginConfirmationBuilder();
-// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
-// * String form = builder.finish(oaURL, session.getIdentityLink()
-// * .getName(), friendlyName);
-// */
-//
-// /*
-// resp.setContentType("text/html");
-//
-// OutputStream out = resp.getOutputStream();
-// out.write(form.getBytes("UTF-8"));
-// out.flush();
-// out.close();*/
-//
-// } catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
-// } catch (ConfigurationException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// } catch (BuildException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// } catch (AuthenticationException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// }
-
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- doGet(req, resp);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1b516fe19..2a7147bcb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -128,17 +128,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
AuthenticationData authData)
throws ConfigurationException, BuildException, AuthenticationException {
- //TODO: check, if this is correct!!!!
-// String samlAssertion = new AuthenticationDataAssertionBuilder().build(
-// authData, session.getAssertionPrPerson(),
-// session.getAssertionAuthBlock(),
-// session.getAssertionIlAssertion(), session.getBkuURL(),
-// session.getAssertionSignerCertificateBase64(),
-// session.getAssertionBusinessService(),
-// session.getExtendedSAMLAttributesOA(), useCondition,
-// conditionLength);
-
-
//Load SAML1 Parameter from OA config
OASAML1 saml1parameter = oaParam.getSAML1Parameter();
@@ -162,7 +151,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set prPersion
boolean provideStammzahl = saml1parameter.isProvideStammzahl();
- String prPerson = new PersonDataBuilder().build(session.getIdentityLink(),
+ String prPerson = new PersonDataBuilder().build(authData.getIdentityLink(),
provideStammzahl);
//set Authblock
@@ -170,18 +159,18 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
.getAuthBlock() : "";
//set IdentityLink for assortion
- String ilAssertion = saml1parameter.isProvideIdentityLink() ? session.getIdentityLink()
+ String ilAssertion = saml1parameter.isProvideIdentityLink() ? authData.getIdentityLink()
.getSerializedSamlAssertion()
: "";
if (!saml1parameter.isProvideStammzahl()) {
- ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink()
+ ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
.getIdentificationValue(), "");
}
String samlAssertion;
if (session.getUseMandate()) {
- List oaAttributes = session.getExtendedSAMLAttributesOA();;
+ List oaAttributes = session.getExtendedSAMLAttributesOA();
if (saml1parameter.isProvideFullMandatorData()) {
@@ -250,7 +239,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
- String mandateDate = generateMandateDate(session, oaParam);
+ String mandateDate = generateMandateDate(session, oaParam, authData);
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
@@ -280,22 +269,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
authData.setSamlAssertion(samlAssertion);
-
- //is removed from MOA-ID 2.0 config
-// String assertionFile = AuthConfigurationProvider.getInstance()
-// .getGenericConfigurationParameter(
-// "AuthenticationServer.WriteAssertionToFile");
-// if (!ParepUtils.isEmpty(assertionFile))
-// try {
-// ParepUtils.saveStringToFile(samlAssertion, new File(
-// assertionFile));
-// } catch (IOException e) {
-// throw new BuildException("builder.00", new Object[] {
-// "AuthenticationData", e.toString() }, e);
-// }
-
-
- //TODO: get sourceID from oaConfig!!!
+
String samlArtifact = new SAMLArtifactBuilder().build(
session.getAuthURL(), session.getSessionID(),
saml1parameter.getSourceID());
@@ -314,7 +288,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
private String generateMandateDate(AuthenticationSession session,
- OAAuthParameter oaParam
+ OAAuthParameter oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
@@ -364,10 +338,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
.equals(identificationType)) {
// now we calculate the wbPK and do so if we got it from the
// BKU
- identificationType = Constants.URN_PREFIX_WBPK + "+"
- + session.getDomainIdentifier();
+
+
+ //load IdentityLinkDomainType from OAParam
+ String type = oaParam.getIdentityLinkDomainIdentifier();
+ if (type.startsWith(Constants.URN_PREFIX_WBPK + "+"))
+ identificationType = type;
+ else
+ identificationType = Constants.URN_PREFIX_WBPK + "+"
+ + type;
+
+
identificationValue = new BPKBuilder().buildWBPK(
- identificationValue, session.getDomainIdentifier());
+ identificationValue, identificationType);
ParepUtils
.HideStammZahlen(prPerson, true, null, null, true);
}
@@ -379,7 +362,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
tempIdentityLink.setIdentificationValue(identificationValue);
tempIdentityLink.setPrPerson(prPerson);
try {
- tempIdentityLink.setSamlAssertion(session.getIdentityLink()
+ tempIdentityLink.setSamlAssertion(authData.getIdentityLink()
.getSamlAssertion());
} catch (Exception e) {
throw new ValidateException("validator.64", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index d6cf84d86..fad25bc20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -95,6 +95,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
config.setTarget(oaParam.getTarget());
+
//TODO: set reauthenticate if OA.useSSO=false
request.getSession().setAttribute(PARAM_OA, oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 90c938e7f..73308e607 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -117,22 +117,7 @@ public class AuthenticationSessionStoreage {
}
AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
-
-// //delete old SSO Session Ids
-// List<OldSSOSessionIDStore> oldssosessionids = dbsession.getOldssosessionids();
-//
-// for (OldSSOSessionIDStore oldsssid : oldssosessionids) {
-// session.delete(oldsssid);
-// }
-//
-// //delete active OA
-// List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
-//
-// for (OASessionStore activeOA : activeOAs) {
-// session.delete(activeOA);
-//
-// }
-
+
//delete MOA Session
session.delete(dbsession);
session.getTransaction().commit();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index be8e475f2..d6bef8d53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -308,18 +308,18 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
Logger.debug("Parameter MOASessionId ist null");
return true;
}
-
-
- Pattern pattern = Pattern.compile("[0-9-]*");
+
+ Pattern pattern = Pattern.compile("[0-9-]*");
Matcher matcher = pattern.matcher(sessionID);
boolean b = matcher.matches();
if (b) {
Logger.debug("Parameter MOASessionId erfolgreich ueberprueft");
return true;
}
- else {
- Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
- return false;
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ return false;
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index d006dcdfc..f1d0ecd45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -24,9 +24,16 @@
package at.gv.egovernment.moa.id.util;
+
+import iaik.security.random.SeedGenerator;
+
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
/**
* Random number generator used to generate ID's
* @author Paul Ivancsics
@@ -35,21 +42,36 @@ import java.security.SecureRandom;
public class Random {
/** random number generator used */
- private static SecureRandom random = new SecureRandom();
+ //private static SecureRandom random = new SecureRandom();
+ private static SecureRandom random;
+ private static SeedGenerator seedgenerator;
+
+ static {
+ random = iaik.security.random.SHA256FIPS186Random.getDefault();
+ seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault();
+
+
+ }
/**
* Creates a new random number, to be used as an ID.
*
* @return random long as a String
*/
public static String nextRandom() {
-
- byte[] b = new byte[16]; // 16 bytes = 128 bits
- random.nextBytes(b);
-
- ByteBuffer bb = ByteBuffer.wrap(b);
- long l = bb.getLong();
+ byte[] b = new byte[32]; // 32 bytes = 256 bits
+ random.nextBytes(b);
+
+ ByteBuffer bb = ByteBuffer.wrap(b);
+ long l = bb.getLong();
+ return "" + l;
+
+
+ }
+
+ public static void seedRandom() {
- return "" + l;
+ if (seedgenerator.seedAvailable())
+ random.setSeed(seedgenerator.getSeed());
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
new file mode 100644
index 000000000..caa8f1769
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
@@ -0,0 +1,77 @@
+package at.gv.egovernment.moa.id.util;
+
+import org.apache.velocity.app.Velocity;
+import org.apache.velocity.runtime.RuntimeServices;
+import org.apache.velocity.runtime.log.LogChute;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class VelocityLogAdapter implements LogChute {
+
+ public VelocityLogAdapter() {
+ try
+ {
+ /*
+ * register this class as a logger with the Velocity singleton
+ * (NOTE: this would not work for the non-singleton method.)
+ */
+ Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
+ Velocity.init();
+ }
+ catch (Exception e)
+ {
+ Logger.error("Failed to register Velocity logger");
+ }
+ }
+
+ public void init(RuntimeServices arg0) throws Exception {
+ }
+
+ public boolean isLevelEnabled(int arg0) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ return Logger.isDebugEnabled();
+ case LogChute.TRACE_ID:
+ return Logger.isTraceEnabled();
+ default:
+ return true;
+ }
+ }
+
+ public void log(int arg0, String arg1) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ Logger.debug(arg1);
+ break;
+ case LogChute.TRACE_ID:
+ Logger.trace(arg1);
+ break;
+ case LogChute.INFO_ID:
+ Logger.info(arg1);
+ break;
+ case LogChute.WARN_ID:
+ Logger.warn(arg1);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ Logger.error(arg1);
+ break;
+ }
+ }
+
+ public void log(int arg0, String arg1, Throwable arg2) {
+ switch(arg0) {
+ case LogChute.DEBUG_ID:
+ case LogChute.TRACE_ID:
+ case LogChute.INFO_ID:
+ case LogChute.WARN_ID:
+ Logger.warn(arg1, arg2);
+ break;
+ case LogChute.ERROR_ID:
+ default:
+ Logger.error(arg1, arg2);
+ break;
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 25f1fef9d..f5745873f 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -34,9 +34,10 @@ auth.13=Vollmachtenmodus f�r ausl�ndische B�rger wird nicht unterst�tzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
auth.15=Fehler bei Anfrage an Vollmachten Service.
auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
-auth.17=Vollmachtenmodus für nicht-öffentlichen Bereich wird nicht unterstützt.
+auth.17=Vollmachtenmodus f�r nicht-�ffentlichen Bereich wird nicht unterst�tzt.
auth.18=Keine MOASessionID vorhanden
-auth.19=Die Authentifizierung kann nicht passiv durchgeführt werden.
+auth.19=Die Authentifizierung kann nicht passiv durchgef�hrt werden.
+auth.20=No valid MOA session found. Authentification process is abourted.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m?glicherweise nicht verf?gbar
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
index fe17a6d37..38ef53475 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
@@ -2,10 +2,10 @@
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta content="text/css" http-equiv="Content-Style-Type">
- <link rel="stylesheet" type="text/css" href="./css/index.css">
- <link type="text/css" rel="stylesheet" href="./css/2.0/stammzahl.css">
- <link type="text/css" rel="stylesheet" href="./css/2.0/stylesnew.css">
- <link type="text/css" rel="stylesheet" href="./css/2.0/stylesinput.css">
+ <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stammzahl.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesnew.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesinput.css">
<script type="text/javascript">
function isIE() {
@@ -46,11 +46,16 @@
document.getElementById("metroDetected").style.display="block";
document.getElementById("localBKU").style.display="block";
+ if (checkMandateSSO())
+ return;
+
setMandateSelection();
-
+ setSSOSelection();
+
var iFrameURL = "#AUTH_URL#" + "?";
iFrameURL += "bkuURI=" + "#ONLINE#";
iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
@@ -60,11 +65,16 @@
function bkuHandyClicked() {
document.getElementById("localBKU").style.display="none";
+ if (checkMandateSSO())
+ return;
+
setMandateSelection();
-
+ setSSOSelection();
+
var iFrameURL = "#AUTH_URL#" + "?";
iFrameURL += "bkuURI=" + "#HANDY#";
iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
@@ -74,8 +84,12 @@
function storkClicked() {
document.getElementById("localBKU").style.display="none";
+ if (checkMandateSSO())
+ return;
+
setMandateSelection();
-
+ setSSOSelection();
+
var ccc = "AT";
var countrySelection = document.getElementById("cccSelection");
@@ -87,6 +101,7 @@
iFrameURL += "bkuURI=" + "#ONLINE#";
iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
iFrameURL += "&ccc=" + ccc;
+ iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
@@ -119,6 +134,31 @@
}
}
}
+
+ function setSSOSelection() {
+ document.getElementById("useSSO").value = "false";
+ var checkbox = document.getElementById("SSOCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("SSOCheckBox").checked) {
+ document.getElementById("useSSO").value = "true";
+ }
+ }
+ }
+
+ function checkMandateSSO() {
+ var sso = document.getElementById("SSOCheckBox");
+ var mandate = document.getElementById("mandateCheckBox");
+
+
+ if (sso.checked && mandate.checked) {
+ alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
+ mandate.checked = false;
+ sso.checked = false;
+ return true;
+ } else {
+ return false;
+ }
+ }
</script>
</head>
@@ -140,7 +180,7 @@
</ul> -->
<div id="mainnavjump"></div>
- <p id="homelink"><img src="img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p>
+ <p id="homelink"><img src="#CONTEXTPATH#/img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p>
<ul id="mainnav" class="clearfix">
<!-- <li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> -->
<!-- <li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li>
@@ -177,6 +217,13 @@
<td><a href="info_mandates.html" target="_blank"
class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td>
</tr>
+ <tr>
+ <td><input tabindex="1" type="checkbox" name="SSO"
+ style="vertical-align: middle; margin-right: 5px"
+ id="SSOCheckBox"></td>
+ <td><label for="SSOCheckBox">mit SingleSignOn anmelden</label></td>
+ <td></td>
+ </tr>
</table>
</div>
@@ -231,6 +278,7 @@
<form method="get" id="moaidform">
<input type="hidden" name="bkuURI" value="#LOCAL#">
<input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="SSO" id="useSSO">
<input type="hidden" name="CCC" id="ccc">
<input type="hidden" name="MODUL" value="#MODUL#">
<input type="hidden" name="ACTION" value="#ACTION#">