aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java2
3 files changed, 63 insertions, 23 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index 27e19e830..b5d18b451 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -4,6 +4,9 @@ import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
/**
@@ -16,6 +19,11 @@ import at.gv.egovernment.moa.util.Base64Utils;
public class SAMLArtifactBuilder {
/**
+ * The generic configuration parameter for an alternative SourceID.
+ */
+ private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+
+ /**
* Constructor for SAMLArtifactBuilder.
*/
public SAMLArtifactBuilder() {
@@ -36,25 +44,34 @@ public class SAMLArtifactBuilder {
* @return the 42-byte SAML artifact, encoded BASE64
*/
public String build(String authURL, String sessionID) throws BuildException {
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] sourceID = md.digest(authURL.getBytes());
- byte[] assertionHandle = md.digest(sessionID.getBytes());
- ByteArrayOutputStream out = new ByteArrayOutputStream(42);
- out.write(0);
- out.write(1);
- out.write(sourceID, 0, 20);
- out.write(assertionHandle, 0, 20);
- byte[] samlArtifact = out.toByteArray();
- String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
- return samlArtifactBase64;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()},
- ex);
- }
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] sourceID;
+ // alternative sourceId
+ String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID);
+ if (!ParepUtils.isEmpty(alternativeSourceID)) {
+ // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL;
+ sourceID = md.digest(alternativeSourceID.getBytes());
+ Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\".");
+ } else {
+ sourceID = md.digest(authURL.getBytes());
+ }
+ byte[] assertionHandle = md.digest(sessionID.getBytes());
+ ByteArrayOutputStream out = new ByteArrayOutputStream(42);
+ out.write(0);
+ out.write(1);
+ out.write(sourceID, 0, 20);
+ out.write(assertionHandle, 0, 20);
+ byte[] samlArtifact = out.toByteArray();
+ String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
+ return samlArtifactBase64;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()},
+ ex);
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
index fe8e263ff..3077ba185 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
@@ -6,6 +6,7 @@ import java.util.List;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
+import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -204,11 +205,31 @@ public class CreateMandateRequest {
Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ //Old Version 0.0.1 of SZR-Gateway
+// representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
+// representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
+// representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
- representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
- representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
- representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
-
+ //New since version 0.0.2 of SZR-Gateway:
+ // we need to send an identity link and must replace its identification value
+ representativeElem.appendChild(representativeElem.getOwnerDocument().importNode(params.getIdentityLink(), true));
+ try {
+ Element nameSpaceNode = representativeElem.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ Element identificationValueElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value", nameSpaceNode);
+ if (identificationValueElement != null) {
+ identificationValueElement.setTextContent(identificationValue);
+ }
+ Element identificationTypeElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type", nameSpaceNode);
+ if (identificationTypeElement != null) {
+ identificationTypeElement.setTextContent(identificationType);
+ }
+ } catch (Exception e) {
+ throw new SZRGWClientException("validator.63", null);
+ }
this.representative = representativeElem;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
index 006b2b9f2..cc0cc4862 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
@@ -10,6 +10,8 @@ public interface SZRGWConstants {
//PersonData
public static final String PD_PREFIX = "pr:";
public static final String PD_POSTFIX = ":pr";
+ public static final String SAML_PREFIX = "saml:";
+ public static final String SAML_POSTFIX = ":saml";
public static final String PERSON = "Person";
public static final String PHYSICALPERSON = "PhysicalPerson";
public static final String CORPORATEBODY = "CorporateBody";