diff options
Diffstat (limited to 'id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
-rw-r--r-- | id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 231 |
1 files changed, 57 insertions, 174 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 065f3866b..21e7f2027 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -59,9 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -90,6 +88,7 @@ import iaik.x509.X509ExtensionInitException; public class AuthenticationServer extends BaseAuthenticationServer { @Autowired private MOAReversionLogger revisionsLogger; + @Autowired private AuthConfiguration authConfig; /** * Constructor for AuthenticationServer. @@ -142,40 +141,37 @@ public class AuthenticationServer extends BaseAuthenticationServer { } //load OnlineApplication configuration - OAAuthParameter oaParam = - authConfig.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); + throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()}); //load Template + String templateURL = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class); String template = null; - if (session.getTemplateURL() != null) { + if (MiscUtil.isNotEmpty(templateURL)) { try { - - template = new String(FileUtils.readURL(session.getTemplateURL())); + template = new String(FileUtils.readURL(templateURL)); + } catch (IOException ex) { throw new AuthenticationException("auth.03", new Object[]{ - session.getTemplateURL(), ex.toString()}, ex); + templateURL, ex.toString()}, ex); + } + + } else { + throw new AuthenticationException("auth.04", new Object[]{ + "SecurityLayerTemplate", "No template definde"}); + } String infoboxReadRequest = ""; - - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); - if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { - //do not use SSO if no Target is set - Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); - session.setSsoRequested(false); - - } - - if (session.isSsoRequested()) { + if (pendingReq.needSingleSignOnFunctionality()) { Logger.info("SSO Login requested"); //load identityLink with SSO Target boolean isbuisness = false; - + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); if (domainIdentifier.startsWith(PREFIX_WPBK)) { - isbuisness = true; } else { @@ -196,9 +192,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { } - + //build DataURL for BKU request String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); //removed in MOAID 2.0 String pushInfobox = ""; @@ -263,9 +259,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - // check if an identity link was found // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform // (SL1.2)) @@ -295,7 +288,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { IdentityLinkValidator.getInstance().validate(identityLink); // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(identityLink, authConf + .build(identityLink, authConfig .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); // invokes the call @@ -305,13 +298,12 @@ public class AuthenticationServer extends BaseAuthenticationServer { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), + authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, oaParam); @@ -351,15 +343,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyCertificate(AuthenticationSession session, + public void verifyCertificate(AuthenticationSession session, X509Certificate certificate, IRequest pendingReq) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - // check if person is a Organwalter // if true - don't show bPK in AUTH Block try { @@ -375,16 +363,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setOW(false); } - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam, pendingReq); - - return returnvalue; } /** @@ -398,6 +376,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * layer implementation</li> * </ul> * @param pendingReq + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -405,7 +384,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public void verifyMandate(AuthenticationSession session, MISMandate mandate) + public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { @@ -413,9 +392,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); try { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam @@ -442,8 +419,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { /** * @param session - * @param authConf - * @param oaParam * @param pendingReq * @return * @throws ConfigurationException @@ -451,26 +426,16 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws ValidateException */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfiguration authConf, - IOAAuthParameters oaParam, IRequest pendingReq) throws ConfigurationException, + AuthenticationSession session, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { - // // check for intermediate processing of the infoboxes - // if (session.isValidatorInputPending()) - // return "Redirect to Input Processor"; - - if (authConf == null) - authConf = authConfig; - if (oaParam == null) - oaParam = authConfig - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); // builds the <CreateXMLSignatureRequest> - List<String> transformsInfos = authConf.getTransformsInfos(); + List<String> transformsInfos = authConfig.getTransformsInfos(); String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -483,112 +448,26 @@ public class AuthenticationServer extends BaseAuthenticationServer { * <ul> * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li> * </ul> + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param cert The certificate from the user * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String createXMLSignatureRequestForeignID(AuthenticationSession session, + public String createXMLSignatureRequestForeignID(IRequest pendingReq, X509Certificate cert) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, - cert); - } - - public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfiguration authConf, - OAAuthParameter oaParam, X509Certificate cert) - throws ConfigurationException { - - // // check for intermediate processing of the infoboxes - // if (session.isValidatorInputPending()) - // return "Redirect to Input Processor"; - - if (authConf == null) - authConf = authConfig; - if (oaParam == null) - oaParam = authConfig - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - Principal subject = cert.getSubjectDN(); String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .buildForeignID(subject.toString(), oaParam, session); + .buildForeignID(subject.toString(), pendingReq); return createXMLSignatureRequest; + } -// /** -// * Processes an <code><CreateXMLSignatureResponse></code> sent by the -// * security layer implementation.<br> -// * <ul> -// * <li>Validates given <code><CreateXMLSignatureResponse></code></li> -// * <li>Parses response enclosed in -// * <code><CreateXMLSignatureResponse></code></li> -// * <li>Verifies signature by calling the MOA SP component</li> -// * <li>Returns the signer certificate</li> -// * </ul> -// * -// * @param sessionID ID of associated authentication session data -// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU -// * including the <code><CreateXMLSignatureResponse></code> -// * @throws BKUException -// */ -// public X509Certificate verifyXMLSignature(String sessionID, -// Map<String, String> createXMLSignatureResponseParameters) -// throws AuthenticationException, BuildException, ParseException, -// ConfigurationException, ValidateException, ServiceException, BKUException { -// -// if (isEmpty(sessionID)) -// throw new AuthenticationException("auth.10", new Object[]{ -// REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); -// -// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters -// .get(PARAM_XMLRESPONSE); -// -// if (isEmpty(xmlCreateXMLSignatureResponse)) -// throw new AuthenticationException("auth.10", new Object[]{ -// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); -// -// AuthConfiguration authConf = AuthConfigurationProviderFactory -// .getInstance(); -// -// // parses the <CreateXMLSignatureResponse> -// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( -// xmlCreateXMLSignatureResponse); -// CreateXMLSignatureResponse createXMLSignatureResponse = p -// .parseResponseDsig(); -// -// // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP -// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() -// .buildDsig(createXMLSignatureResponse, authConf -// .getMoaSpAuthBlockTrustProfileID()); -// -// // invokes the call -// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() -// .verifyXMLSignature(domVerifyXMLSignatureRequest); -// -// // parses the <VerifyXMLSignatureResponse> -// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( -// domVerifyXMLSignatureResponse).parseData(); -// -// return verifyXMLSignatureResponse.getX509certificate(); -// -// } - /** * Processes an <code><CreateXMLSignatureResponse></code> sent by the * security layer implementation.<br> @@ -650,8 +529,16 @@ public class AuthenticationServer extends BaseAuthenticationServer { String identificationValue = null; String identificationType = null; + //get processing data from pending-request + String authURL = pendingReq.getAuthURL(); + String requestedTarget = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); + String targetFriendlyName = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); + + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested - if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + if (session.isOW() || pendingReq.needSingleSignOnFunctionality() || oaParam.isRemovePBKFromAuthBlock()) { identificationType = ""; identificationValue = ""; @@ -668,11 +555,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { else identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - } else { + } else { String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); + .getIdentificationValue(), requestedTarget); identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + identificationType = Constants.URN_PREFIX_CDID + "+" + requestedTarget; } @@ -682,12 +569,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { } + //set AuthBlock generation time to session String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar .getInstance()); session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) @@ -696,22 +581,22 @@ public class AuthenticationServer extends BaseAuthenticationServer { List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - if (session.isSsoRequested()) { + if (pendingReq.needSingleSignOnFunctionality()) { String oaURL = pendingReq.getAuthURL(); if (MiscUtil.isNotEmpty(oaURL)) oaURL = oaURL.replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); return authBlock; - } else { - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + } else { + String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, + .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); @@ -1034,8 +919,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); // parses <CreateXMLSignatureResponse> CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( xmlCreateXMLSignatureReadResponse).parseResponse(); @@ -1052,14 +935,15 @@ public class AuthenticationServer extends BaseAuthenticationServer { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); } // validates <CreateXMLSignatureResponse> - if (session.isSsoRequested()) + if (pendingReq.needSingleSignOnFunctionality()) new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); + else new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); + List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output @@ -1089,8 +973,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, |