aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java126
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java4
19 files changed, 399 insertions, 40 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 27cd2b5a5..585655e7c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -179,9 +179,9 @@ public class DispatcherServlet extends AuthServlet {
}
HttpSession httpSession = req.getSession();
-
+ IRequest protocolRequest = null;
try {
- IRequest protocolRequest = RequestStorage
+ protocolRequest = RequestStorage
.getPendingRequest(httpSession);
if (protocolRequest != null) {
@@ -250,12 +250,14 @@ public class DispatcherServlet extends AuthServlet {
}
moduleAction.processRequest(protocolRequest, req, resp);
-
+
RequestStorage.removePendingRequest(httpSession);
+ AuthenticationManager.logout(req, resp);
+
} catch (Throwable e) {
// Try handle module specific, if not possible rethrow
- if (!info.generateErrorMessage(e, req, resp)) {
+ if (!info.generateErrorMessage(e, req, resp, protocolRequest)) {
throw e;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
index 181955c2a..5a2bb1efc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -19,5 +19,7 @@ public interface IModulInfo {
public IAction canHandleRequest(HttpServletRequest request,
HttpServletResponse response);
- public boolean generateErrorMessage(Throwable e,HttpServletRequest request, HttpServletResponse response);
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 847f1ae54..feaf59cb2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -14,10 +14,10 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.core.StatusResponseType;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -29,8 +29,8 @@ import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.ServletInfo;
import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -174,8 +174,15 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
}
public boolean generateErrorMessage(Throwable e,
- HttpServletRequest request, HttpServletResponse response) {
- Response samlResponse = SAML2Utils.createSAMLObject(Response.class);
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable {
+
+ if(protocolRequest == null) {
+ throw e;
+ }
+
+ StatusResponseType samlResponse =
+ SAML2Utils.createSAMLObject(StatusResponseType.class);
Status status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
@@ -190,7 +197,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
status.setStatusCode(statusCode);
status.setStatusMessage(statusMessage);
samlResponse.setStatus(status);
- return false;
+ IEncoder encoder = new RedirectBinding();
+
+ encoder.encodeRespone(request, response, samlResponse, protocolRequest.getOAURL());
+ return true;
}
public IAction getAction(String action) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
new file mode 100644
index 000000000..c188914df
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap;
+import org.opensaml.xml.io.MarshallingException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
+
+public class PVPAssertionStorage implements SAMLArtifactMap {
+
+ private static PVPAssertionStorage instance = null;
+
+ public static PVPAssertionStorage getInstance() {
+ if(instance == null) {
+ instance = new PVPAssertionStorage();
+ }
+ return instance;
+ }
+
+ private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
+
+ public boolean contains(String artifact) {
+ return assertions.containsKey(artifact);
+ }
+
+ public void put(String artifact, String relyingPartyId, String issuerId,
+ SAMLObject samlMessage) throws MarshallingException {
+ SAMLArtifactMapEntry assertion = new StoredAssertion(artifact,
+ relyingPartyId,
+ issuerId,
+ samlMessage);
+
+ assertions.put(artifact, assertion);
+ }
+
+ public SAMLArtifactMapEntry get(String artifact) {
+ return assertions.get(artifact);
+ }
+
+ public void remove(String artifact) {
+ assertions.remove(artifact);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index f19602c1e..1f13cdfb5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -1,7 +1,5 @@
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import org.opensaml.saml2.core.RequestAbstractType;
-
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
new file mode 100644
index 000000000..a7b4a5bc7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -0,0 +1,143 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.BasicCredential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public class ArtifactBinding implements IDecoder, IEncoder {
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ KeyStore keyStore;
+
+ try {
+ keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+ FileInputStream inputStream = new FileInputStream(
+ "/home/afitzek/server/moaid_conf/moaid/pvp.ks");
+ keyStore.load(inputStream, "123456".toCharArray());
+ inputStream.close();
+
+ BasicCredential credentials = new BasicCredential();
+ PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP",
+ "123456".toCharArray());
+ Certificate cert = keyStore.getCertificate("pvpIDP");
+ credentials.setPublicKey(cert.getPublicKey());
+ credentials.setPrivateKey(key);
+ credentials.setUsageType(UsageType.SIGNING);
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+
+ response.setSignature(signer);
+ VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.init();
+
+ HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine,
+ "resources/templates/pvp_postbinding_template.html",
+ PVPAssertionStorage.getInstance());
+
+ encoder.setPostEncoding(false);
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (FileNotFoundException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public boolean handleDecode(String action) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index 8e27de7a5..2778016ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -3,8 +3,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 06ce311cf..38be055be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -20,7 +20,6 @@ import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
new file mode 100644
index 000000000..0b280fe48
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
@@ -0,0 +1,126 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSInteger;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSIntegerBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public class CitizenTokenBuilder {
+
+ public static XMLObject buildAttributeStringValue(String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ public static XMLObject buildAttributeIntegerValue(int value) {
+ XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ public static Attribute buildStringAttribute(String friendlyName,
+ String name, String value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildIntegerAttribute(String friendlyName,
+ String name, int value) {
+ Attribute attribute =
+ SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ public static Attribute buildPVPVersion(String value) {
+ return buildStringAttribute("PVP-VERSION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.10", value);
+ }
+
+ public static Attribute buildSecClass(int value) {
+ return buildIntegerAttribute("SECCLASS",
+ "", value);
+ }
+
+ public static Attribute buildPrincipalName(String value) {
+ return buildStringAttribute("PRINCIPAL-NAME",
+ "urn:oid:1.2.40.0.10.2.1.1.261.20", value);
+ }
+
+ public static Attribute buildGivenName(String value) {
+ return buildStringAttribute("GIVEN-NAME",
+ "urn:oid:2.5.4.42", value);
+ }
+
+ public static Attribute buildBirthday(String value) {
+ return buildStringAttribute("BIRTHDATE",
+ "urn:oid:1.2.40.0.10.2.1.1.55", value);
+ }
+
+ public static Attribute buildBPK(String value) {
+ return buildStringAttribute("BPK",
+ "urn:oid:1.2.40.0.10.2.1.1.149", value);
+ }
+
+ public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
+ return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
+ "urn:oid:1.2.40.0.10.2.1.1.261.94", value);
+ }
+
+ public static Attribute buildEID_ISSUING_NATION(String value) {
+ return buildStringAttribute("EID-ISSUING-NATION",
+ "urn:oid:1.2.40.0.10.2.1.1.261.32", value);
+ }
+
+ public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
+ return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
+ "urn:oid:1.2.40.0.10.2.1.1.261.34", value);
+ }
+
+
+ public static AttributeStatement buildCitizenToken(MOARequest obj,
+ AuthenticationSession authSession) {
+ AttributeStatement statement =
+ SAML2Utils.createSAMLObject(AttributeStatement.class);
+
+ Attribute pvpVersion = buildPVPVersion("2.1");
+ Attribute secClass = buildSecClass(3);
+ Attribute principalName = buildPrincipalName(authSession.getAuthData().getFamilyName());
+ Attribute givenName = buildGivenName(authSession.getAuthData().getGivenName());
+ Attribute birthdate = buildBirthday(authSession.getAuthData().getDateOfBirth());
+ Attribute bpk = buildBPK(authSession.getAuthData().getIdentificationValue());
+ Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
+ Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
+ Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authSession.getAuthData().getIdentificationType());
+
+ statement.getAttributes().add(pvpVersion);
+ statement.getAttributes().add(secClass);
+ statement.getAttributes().add(principalName);
+ statement.getAttributes().add(givenName);
+ statement.getAttributes().add(birthdate);
+ statement.getAttributes().add(bpk);
+ statement.getAttributes().add(eid_citizen_qaa);
+ statement.getAttributes().add(eid_issuing_nation);
+ statement.getAttributes().add(eid_sector_for_id);
+
+ return statement;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 8dad932e2..346883a94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -5,15 +5,13 @@ import java.util.List;
import javax.xml.namespace.QName;
-import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
-import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 4af35e325..27e248081 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -11,25 +11,19 @@ import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.BaseID;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Subject;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
-import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore.PersistentIdEntry;
-
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.CitizenTokenBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
public class AuthnRequestHandler implements IRequestHandler {
@@ -70,6 +64,8 @@ public class AuthnRequestHandler implements IRequestHandler {
subjectNameID.setValue(authSession.getAuthData().getIdentificationValue());
subject.setNameID(subjectNameID);
+ assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession));
+
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
issuer.setValue("pvpIDP");
assertion.setIssuer(issuer);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 74e8d8d4b..a971df93b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -3,8 +3,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.opensaml.saml2.core.RequestAbstractType;
-
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public interface IRequestHandler {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index fa2ce4f79..0fa5a7193 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -11,15 +11,12 @@ import javax.xml.transform.TransformerException;
import org.opensaml.Configuration;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.w3c.dom.Document;
-import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-
public class SAML2Utils {
public static <T> T createSAMLObject(final Class<T> clazz) {
@@ -29,6 +26,7 @@ public class SAML2Utils {
QName defaultElementName = (QName) clazz.getDeclaredField(
"DEFAULT_ELEMENT_NAME").get(null);
+ @SuppressWarnings("unchecked")
T object = (T) builderFactory.getBuilder(defaultElementName)
.buildObject(defaultElementName);
return object;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
new file mode 100644
index 000000000..70793d073
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
+
+public class StoredAssertion implements SAMLArtifactMapEntry {
+ private String artifact;
+ private String relyingPartyId;
+ private String issuerId;
+ private SAMLObject samlMessage;
+ private DateTime expirationTime;
+
+ public StoredAssertion(String artifact,
+ String relyingPartyId,
+ String issuerId,
+ SAMLObject samlMessage) {
+ this.artifact = artifact;
+ this.relyingPartyId = relyingPartyId;
+ this.issuerId = issuerId;
+ this.samlMessage = samlMessage;
+ this.expirationTime = new DateTime();
+ this.expirationTime.plusMinutes(5);
+ }
+
+ public DateTime getExpirationTime() {
+ return expirationTime;
+ }
+
+ public boolean isExpired() {
+ return this.expirationTime.isAfterNow();
+ }
+
+ public void onExpire() {
+ }
+ public String getArtifact() {
+ return artifact;
+ }
+ public String getIssuerId() {
+ return issuerId;
+ }
+ public String getRelyingPartyId() {
+ return relyingPartyId;
+ }
+ public SAMLObject getSamlMessage() {
+ return samlMessage;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
index af77213df..37289a8e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
@@ -5,9 +5,6 @@ import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Element;
-import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
-
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
@@ -19,6 +16,7 @@ import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.vidp.messages.util.XMLUtil;
public class SAMLVerifierMOASP implements ISAMLVerifier {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
index 54bea4bb4..f5219f7e9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -1,7 +1,6 @@
package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.IOException;
-import java.io.OutputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -13,12 +12,9 @@ import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.LoginConfirmationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 3a9b79163..784dec0df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -28,12 +28,10 @@ import java.util.Calendar;
import org.apache.axis.AxisFault;
import org.w3c.dom.Element;
-
import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 7e4313087..4399c556b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -38,6 +38,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
// TODO: for clustering we have to replicate this data to other servers
// We might need to introduce a openEJB to accomplish this
/** authentication data store (assertion handle -> AuthenticationData) */
+ @SuppressWarnings("rawtypes")
private static Map authenticationDataStore = new HashMap();
/**
@@ -270,6 +271,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* @throws AuthenticationException
* when SAML artifact is invalid
*/
+ @SuppressWarnings("unchecked")
private static void storeAuthenticationData(String samlArtifact,
AuthenticationData authData) throws AuthenticationException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index d184643c4..1731a738c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -76,7 +76,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
}
public boolean generateErrorMessage(Throwable e,
- HttpServletRequest request, HttpServletResponse response) {
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest)
+ throws Throwable{
// TODO Auto-generated method stub
return false;
}