diff options
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src')
8 files changed, 145 insertions, 133 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index f6c8cb6e3..7ab222fa0 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -32,7 +32,6 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -41,7 +40,7 @@ import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. + * to be provided by the MOA ID Auth component. * * @author Paul Ivancsics * @version $Id$ @@ -277,8 +276,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -302,8 +301,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, @@ -400,8 +399,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -426,8 +425,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 99d5d9063..21dbb573a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -28,15 +28,15 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -49,9 +49,9 @@ public class GetArtifactAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { - String oaURL = (String) req.getOAURL(); + String oaURL = (String) req.getSPEntityId(); - String sourceID = null; + String sourceID = null; if (req instanceof SAML1RequestImpl) { SAML1RequestImpl saml1req = (SAML1RequestImpl) req; sourceID = saml1req.getSourceID(); @@ -68,7 +68,7 @@ public class GetArtifactAction implements IAction { } try { - IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = req.getServiceProviderConfiguration(IOAAuthParameters.class); //TODO: add eIDAS to SAML1 protocol if it is really necessary @@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); - String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class); + String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class); if (authData.isSsoSession()) { String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (MiscUtil.isNotEmpty(oaTargetArea)) url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); @@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction { String redirectURL = oaURL; if (MiscUtil.isNotEmpty(oaTargetArea)) { redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); } @@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction { new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; - + } catch (Exception ex) { Logger.error("SAML1 Assertion build error", ex); throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 13df30862..dcb7cb7ee 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -72,20 +72,19 @@ import org.xml.sax.SAXException; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Web service for picking up authentication data created in the MOA-ID Auth component. @@ -98,7 +97,7 @@ import at.gv.egovernment.moa.util.XPathUtils; * since SAML1 is deprecated MOA-ID >= 2.0.0 * * @author tlenz - */ + */ @Controller public class GetAuthenticationDataService extends AbstractController implements Constants { @@ -257,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements // no SAML artifact given in request statusCode = "samlp:Requester"; statusMessageCode = "1202"; - + } else if (samlArtifactList.getLength() > 1) { // too many SAML artifacts given in request statusCode = "samlp:Requester"; @@ -280,9 +279,7 @@ public class GetAuthenticationDataService extends AbstractController implements try { Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); statusCode = "samlp:Responder"; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (error instanceof MOAIDException) { statusMessageCode = ((MOAIDException)error).getMessageId(); statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); @@ -291,8 +288,9 @@ public class GetAuthenticationDataService extends AbstractController implements statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); } - subStatusCode = errorUtils.getResponseErrorCode(error); - + subStatusCode = statusMessager.getResponseErrorCode(error); + + } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; @@ -340,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements is = Thread.currentThread() .getContextClassLoader() .getResourceAsStream(templateURL); - + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); BufferedReader reader = new BufferedReader(new InputStreamReader(is )); StringWriter writer = new StringWriter(); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java index 2a7cce89e..51d722dc4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -49,9 +49,10 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.text.ParseException; import java.util.List; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; * @version $Id$ */ -public class SAML1AuthenticationData extends AuthenticationData { +public class SAML1AuthenticationData extends MOAAuthenticationData { /** * */ @@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends AuthenticationData { private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA; - public SAML1AuthenticationData() { + public SAML1AuthenticationData(LoALevelMapper loaMapper) { + super(loaMapper); this.setMajorVersion(1); this.setMinorVersion(0); this.setAssertionID(Random.nextRandom()); @@ -137,7 +139,7 @@ public void setAssertionID(String assertionID) { public void setIssueInstant(String date) { try { - setIssueInstant(DateTimeUtils.parseDateTime(date)); + setAuthenticationIssueInstant(DateTimeUtils.parseDateTime(date)); } catch (ParseException e) { Logger.error("Parse IssueInstant element FAILED.", e); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index bf4a55e46..c8f01f67d 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -43,11 +44,21 @@ import org.xml.sax.SAXException; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -57,21 +68,14 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.persondata.IdentificationType; @@ -86,7 +90,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { @Autowired private ITransactionStorage authenticationDataStore; - /** + /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ @@ -103,8 +107,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } Throwable error = null; try { - error = authenticationDataStore - .get(samlArtifact, Throwable.class); + error = authenticationDataStore.get(samlArtifact, Throwable.class); if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -114,7 +117,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authenticationDataStore.remove(samlArtifact); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -189,7 +192,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -201,10 +204,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) - throws BuildException, MOADatabaseException { + throws EAAFException { String samlArtifact = new SAMLArtifactBuilder().build( - protocolRequest.getOAURL(), protocolRequest.getRequestID(), + protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(), null); authenticationDataStore.put(samlArtifact, error, authDataTimeOut); @@ -319,12 +322,26 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - String samlAssertion; - //add mandate info's - if (authData.isUseMandate()) { - List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); + List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); + + //add additional SAML1 attribute that containts the CountryCode in case of foreigners + if (authData.isForeigner()) { + if (oaAttributes == null) + oaAttributes = new ArrayList<ExtendedSAMLAttribute>(); + + Logger.trace("Entity is marked as foreigner. Adding CountryCode: " + + authData.getCiticenCountryCode() + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, authData.getCiticenCountryCode(), + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + } + + String samlAssertion = null; + //add mandate info's + if (authData.isUseMandate()) { //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { @@ -420,7 +437,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.getBkuURL(), signerCertificateBase64, oaParam.hasBaseIdTransferRestriction(), - authData.getExtendedSAMLAttributesOA(), + oaAttributes, useCondition, conditionLength); } @@ -428,7 +445,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - authData.getIssuer(), Random.nextRandom(), + authData.getAuthenticationIssuer(), Random.nextRandom(), sourceID); storeAuthenticationData(samlArtifact, samlAssertion); @@ -443,10 +460,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, - ValidateException { + ValidateException, EAAFBuilderException { if (authData == null) throw new AuthenticationException("auth.10", new Object[] { @@ -491,7 +508,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { && Constants.URN_PREFIX_BASEID .equals(identificationType)) { // now we calculate the wbPK and do so if we got it from the - // BKU + // BKU //load IdentityLinkDomainType from OAParam Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier( @@ -548,7 +565,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } else { ; - } + } return DOMUtils.serializeNode(prPerson); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 19fadb318..30d740a2a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -35,18 +35,20 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -59,10 +61,10 @@ import at.gv.egovernment.moa.util.URLEncoder; * @deprecated * @author tlenz * - */ + */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController { +public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; @@ -92,21 +94,22 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { + @Override + public String getAuthProtocolIdentifier() { return PATH; + } - @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) - public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { - Logger.info("SAML1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); - - } + public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { +// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { +// Logger.info("SAML1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); +// +// } SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -127,15 +130,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { public void preProcess(HttpServletRequest request, - HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException { try { - String oaURL = (String) request.getParameter(PARAM_OA); + String oaURL = (String) request.getParameter(MOAIDAuthConstants.PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String target = (String) request.getParameter(PARAM_TARGET); + String target = (String) request.getParameter(MOAIDAuthConstants.PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); - String sourceID = request.getParameter(PARAM_SOURCEID); + String sourceID = request.getParameter(MOAIDAuthConstants.PARAM_SOURCEID); sourceID = StringEscapeUtils.escapeHtml(sourceID); //the target parameter is used to define the OA in SAML1 standard @@ -146,25 +149,25 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { if (MiscUtil.isEmpty(oaURL)) { Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); } if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); - pendingRequest.setOAURL(oaURL); + pendingRequest.setSPEntityId(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_SOURCEID, "auth.12"); //load Target only from OA config - IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", @@ -190,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); if (MiscUtil.isNotEmpty(target)) { - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target); pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target); } else { @@ -198,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { pendingRequest.setTarget(targetArea); if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID)) - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length())); @@ -225,15 +228,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getServiceProviderConfiguration(IOAAuthParameters.class).getSAML1Parameter().isProvideAllErrors()) return false; else { String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; - url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getSPEntityId(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); response.setContentType("text/html"); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 1d3525626..4d3e60dd7 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -22,18 +22,11 @@ */ package at.gv.egovernment.moa.id.protocols.saml1; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; /** * @author tlenz @@ -45,7 +38,7 @@ public class SAML1RequestImpl extends RequestImpl { private static final long serialVersionUID = -4961979968425683115L; - private String sourceID = null; + private String sourceID = null; private String target = null; /** @@ -78,29 +71,29 @@ public class SAML1RequestImpl extends RequestImpl { this.target = target; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - - List<String> reqAttr = new ArrayList<String>(); - reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); - - SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); - if (saml1 != null) { - if (saml1.isProvideAUTHBlock()) - reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - - if (saml1.isProvideCertificate()) - reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); - - if (saml1.isProvideFullMandatorData()) - reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); - } - - return reqAttr; - - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// +// List<String> reqAttr = new ArrayList<String>(); +// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); +// +// SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); +// if (saml1 != null) { +// if (saml1.isProvideAUTHBlock()) +// reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); +// +// if (saml1.isProvideCertificate()) +// reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); +// +// if (saml1.isProvideFullMandatorData()) +// reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); +// } +// +// return reqAttr; +// +// } } diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java index 961c8d0b5..4591e456f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java +++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java @@ -46,9 +46,9 @@ package test.at.gv.egovernment.moa.id.auth.parser; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; -import at.gv.egovernment.moa.id.util.Random; import test.at.gv.egovernment.moa.id.UnitTestCase; /* @@ -63,7 +63,7 @@ public class SAMLArtifactParserTest extends UnitTestCase { public SAMLArtifactParserTest(String name) { super(name); } - + public void testParseTypeCode() throws Exception { String sessionID = Random.nextRandom(); String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); |