diff options
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java')
| -rw-r--r-- | id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java | 94 |
1 files changed, 93 insertions, 1 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index c8f01f67d..64a4bae63 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; @@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer { ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); } - + + //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); + + if (oaAttributes == null) + oaAttributes = new ArrayList<ExtendedSAMLAttribute>(); + + try { + String additionalBpks = new BPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalBpks)) { + Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage()); + + } + + try { + String encryptedBpks = new EncryptedBPKAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedBpks)) { + Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage()); + + } + + //for mandates + try { + String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalMandatorBpks)) { + Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage()); + + } + + try { + String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) { + Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); + + } + + } + String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { |