aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java')
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java69
1 files changed, 43 insertions, 26 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index bf4a55e46..c8f01f67d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -43,11 +44,21 @@ import org.xml.sax.SAXException;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -57,21 +68,14 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.persondata.IdentificationType;
@@ -86,7 +90,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
@Autowired private ITransactionStorage authenticationDataStore;
- /**
+ /**
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
@@ -103,8 +107,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
Throwable error = null;
try {
- error = authenticationDataStore
- .get(samlArtifact, Throwable.class);
+ error = authenticationDataStore.get(samlArtifact, Throwable.class);
if (error == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
@@ -114,7 +117,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
authenticationDataStore.remove(samlArtifact);
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
@@ -189,7 +192,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- } catch (MOADatabaseException e) {
+ } catch (EAAFException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
@@ -201,10 +204,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
public String BuildErrorAssertion(Throwable error, IRequest protocolRequest)
- throws BuildException, MOADatabaseException {
+ throws EAAFException {
String samlArtifact = new SAMLArtifactBuilder().build(
- protocolRequest.getOAURL(), protocolRequest.getRequestID(),
+ protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(),
null);
authenticationDataStore.put(samlArtifact, error, authDataTimeOut);
@@ -319,12 +322,26 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- String samlAssertion;
- //add mandate info's
- if (authData.isUseMandate()) {
- List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
+ List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
+
+ //add additional SAML1 attribute that containts the CountryCode in case of foreigners
+ if (authData.isForeigner()) {
+ if (oaAttributes == null)
+ oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+ Logger.trace("Entity is marked as foreigner. Adding CountryCode: "
+ + authData.getCiticenCountryCode() + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, authData.getCiticenCountryCode(),
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+ }
+
+ String samlAssertion = null;
+ //add mandate info's
+ if (authData.isUseMandate()) {
//only provide full mandate if it is included.
if (saml1parameter.isProvideFullMandatorData()
&& authData.getMISMandate() != null) {
@@ -420,7 +437,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
authData.getBkuURL(),
signerCertificateBase64,
oaParam.hasBaseIdTransferRestriction(),
- authData.getExtendedSAMLAttributesOA(),
+ oaAttributes,
useCondition,
conditionLength);
}
@@ -428,7 +445,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//authData.setSamlAssertion(samlAssertion);
String samlArtifact = new SAMLArtifactBuilder().build(
- authData.getIssuer(), Random.nextRandom(),
+ authData.getAuthenticationIssuer(), Random.nextRandom(),
sourceID);
storeAuthenticationData(samlArtifact, samlAssertion);
@@ -443,10 +460,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
+ private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
- ValidateException {
+ ValidateException, EAAFBuilderException {
if (authData == null)
throw new AuthenticationException("auth.10", new Object[] {
@@ -491,7 +508,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
&& Constants.URN_PREFIX_BASEID
.equals(identificationType)) {
// now we calculate the wbPK and do so if we got it from the
- // BKU
+ // BKU
//load IdentityLinkDomainType from OAParam
Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
@@ -548,7 +565,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
} else {
;
- }
+ }
return DOMUtils.serializeNode(prPerson);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 19:28:55 +0000