diff options
Diffstat (limited to 'id/server')
9 files changed, 109 insertions, 58 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 41b383f01..ba66041d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,6 +24,7 @@  package at.gv.egovernment.moa.id.auth;  import iaik.pki.PKIException; +import iaik.x509.CertificateFactory;  import iaik.x509.X509Certificate;  import java.io.ByteArrayInputStream; @@ -32,12 +33,16 @@ import java.io.InputStream;  import java.security.GeneralSecurityException;  import java.security.Principal;  import java.security.cert.CertificateException; +//import java.security.cert.CertificateFactory;  import java.util.ArrayList;  import java.util.Calendar;  import java.util.Date; +import java.util.HashMap; +import java.util.HashSet;  import java.util.Iterator;  import java.util.List;  import java.util.Map; +import java.util.Set;  import java.util.Vector;  import javax.servlet.http.HttpServletRequest; @@ -68,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;  import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;  import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;  import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;  import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;  import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -82,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;  import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;  import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;  import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;  import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;  import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;  import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; @@ -108,6 +115,7 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;  import at.gv.egovernment.moa.id.config.stork.CPEPS;  import at.gv.egovernment.moa.id.config.stork.STORKConfig;  import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -117,6 +125,7 @@ import at.gv.egovernment.moa.id.util.SSLUtils;  import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;  import at.gv.egovernment.moa.logging.LogMsg;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils;  import at.gv.egovernment.moa.util.BoolUtils;  import at.gv.egovernment.moa.util.Constants;  import at.gv.egovernment.moa.util.DOMUtils; @@ -132,7 +141,6 @@ import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;  import eu.stork.vidp.messages.stork.RequestedAttributes;  import eu.stork.vidp.messages.util.SAMLUtil;  import eu.stork.vidp.messages.util.XMLUtil; -//import java.security.cert.CertificateFactory;  /**   * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is @@ -849,16 +857,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {  	 * @return String representation of the  	 *         <code><CreateXMLSignatureRequest></code>  	 */ -	public String createXMLSignatureRequestForeignID(String sessionID, +	public String createXMLSignatureRequestForeignID(AuthenticationSession session,  			X509Certificate cert) throws AuthenticationException,  			BuildException, ParseException, ConfigurationException,  			ValidateException, ServiceException { -		if (isEmpty(sessionID)) +		if (session == null)  			throw new AuthenticationException("auth.10", new Object[] {  					REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); -		AuthenticationSession session = getSession(sessionID); +//		AuthenticationSession session = getSession(sessionID);  		AuthConfigurationProvider authConf = AuthConfigurationProvider  				.getInstance(); @@ -866,6 +874,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()  				.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +		//session.setSignerCertificate(cert); +		  		return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,  				cert);  	} @@ -2000,9 +2010,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		// AuthConfigurationProvider.getInstance();  		IdentityLink tempIdentityLink = null; -		 +  		if (session.getUseMandate()) { -			session.setMandate(mandate);  			tempIdentityLink = new IdentityLink();  			Element mandator = ParepUtils.extractMandator(mandate);  			String dateOfBirth = ""; @@ -2459,7 +2468,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {  			if(!isForeigner) {  				//we have Austrian citizen  				if (businessService) { -					authData.setWBPK(identityLink.getIdentificationValue()); +					authData.setBPK(identityLink.getIdentificationValue()); +					authData.setBPKType(identityLink.getIdentificationType());  				} else { @@ -2471,16 +2481,30 @@ public class AuthenticationServer implements MOAIDAuthConstants {  					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {  						String bpkBase64 = new BPKBuilder().buildBPK(  								identityLink.getIdentificationValue(), target); -						authData.setBPK(bpkBase64);  +						authData.setBPK(bpkBase64); +						authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());  					 }  				}  			} else {  				//we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW  				if (businessService) {  					//since we have foreigner, wbPK is not calculated in BKU -					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { 						  -						 String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); -						 authData.setWBPK(wbpkBase64);  +					if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { +						 +						 	String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); +						  +							if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { +								// If domainIdentifier starts with prefix +								// "urn:publicid:gv.at:wbpk+"; remove this prefix +								registerAndOrdNr = registerAndOrdNr +										.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); +								Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " +										+ registerAndOrdNr); +							}  +						     +							String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); +							authData.setBPK(wbpkBase64); +							authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);   					 }										  				} else { @@ -2488,7 +2512,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {  					 if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {   						 // only compute bPK if online application is a public service and we have the Stammzahl  						 String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); -						 authData.setBPK(bpkBase64);  +						 authData.setBPK(bpkBase64); +						 authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());  					 } @@ -2757,7 +2782,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());  		if (oaParam == null)  				throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); -  		//Start of STORK Processing		  		STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); @@ -2776,16 +2800,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {      	Logger.debug("Issuer value: " + issuerValue); -    	QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); -    	Logger.debug("QAALevel: " + qaaLevel.getValue()); - +    	QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); +    	//Logger.debug("QAALevel: " + qaaLevel.getValue()); +    	      	RequestedAttributes requestedAttributes = null; -    	requestedAttributes = oaParam.getRequestedAttributes(); +    	//TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes();  		requestedAttributes.detach();      	List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();      	List<RequestedAttribute> oaReqAttributeList = null;  -    	oaReqAttributeList =  new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); +    	//TODO UNCOMMENT AGAIN !! oaReqAttributeList =  new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());      	//check if country specific attributes must be additionally requested      	if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {      		//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes @@ -2924,7 +2948,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		}  		InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - +		  		X509Certificate cert;  		try {  			cert = new X509Certificate(is); @@ -2933,7 +2957,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		} catch (Throwable e) {  			throw new CertificateException(e);  		} - +				 +//		CertificateFactory cf; +//		X509Certificate cert = null; +//		cf = CertificateFactory.getInstance("X.509"); +//		CertificateFactory +//		cert = (X509Certificate)cf.generateCertificate(is);	 +//		return cert;  	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 7137ce414..839ebe7a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -255,8 +255,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB      String pkType;      String pkValue;      if (businessService) { -      pkType = authData.getIdentificationType(); -      pkValue = authData.getWBPK(); +      pkType = authData.getBPKType(); +      pkValue = authData.getBPK();      } else {        // <saml:NameIdentifier NameQualifier> always has the bPK as type/value @@ -376,8 +376,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB      String pkType;      String pkValue;      if (businessService) { -      pkType = authData.getIdentificationType(); -      pkValue = authData.getWBPK(); +      pkType = authData.getBPKType(); +      pkValue = authData.getBPK();      } else {        // <saml:NameIdentifier NameQualifier> always has the bPK as type/value diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index de86a4f05..6a9a5b765 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -91,16 +91,7 @@ public class BPKBuilder {            new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +                           identificationValue + ",Register+Registernummer=" + registerAndOrdNr});      } -     -	if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { -		// If domainIdentifier starts with prefix -		// "urn:publicid:gv.at:wbpk+"; remove this prefix -		registerAndOrdNr = registerAndOrdNr -				.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); -		Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " -				+ registerAndOrdNr); -	}  -     +           String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;      try {        MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 930fedfd4..7b5c1513a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -148,7 +148,8 @@ public class VerifyCertificateServlet extends AuthServlet {  	    	}
  	    	else {
  	    		// Foreign Identities Modus	
 -		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
 +		    	
 +		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
  		      // build dataurl (to the GetForeignIDSerlvet)
  		    	String dataurl =
  	             new DataURLBuilder().buildDataURL(
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index c1de93fae..efb300a1c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -69,13 +69,20 @@ public class AuthenticationData implements Serializable {  	 */  	private String identificationType;    /** -   * application specific user identifier (bPK) +   * application specific user identifier (bPK/wbPK)     */    private String bPK; +      /** -   * private sector-specific personal identifier (wbPK) +   * application specific user identifier type     */ -  private String wbPK; +  private String bPKType; +   +   +//  /** +//   * private sector-specific personal identifier (wbPK) +//   */ +//  private String wbPK;    /**     * given name of the user     */ @@ -167,13 +174,13 @@ public class AuthenticationData implements Serializable {      return bPK;    } -  /** -   * Returns the wbPK. -   * @return String the wbPK. -   */ -  public String getWBPK() { -    return wbPK; -  } +//  /** +//   * Returns the wbPK. +//   * @return String the wbPK. +//   */ +//  public String getWBPK() { +//    return wbPK; +//  }    /**     * Returns useUTC @@ -223,13 +230,13 @@ public class AuthenticationData implements Serializable {      this.bPK = bPK;    } -  /** -   * Sets the wbPK. -   * @param wbPK The wbPK to set -   */ -  public void setWBPK(String wbPK) { -    this.wbPK = wbPK; -  } +//  /** +//   * Sets the wbPK. +//   * @param wbPK The wbPK to set +//   */ +//  public void setWBPK(String wbPK) { +//    this.wbPK = wbPK; +//  }    public void setUseUTC(boolean useUTC) {  	  this.useUTC = useUTC; @@ -435,4 +442,13 @@ public class AuthenticationData implements Serializable {      return timestamp;    } +public String getBPKType() { +	return bPKType; +} + +public void setBPKType(String bPKType) { +	this.bPKType = bPKType; +} + +    } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 7a356aaf0..03b012a27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -136,8 +136,10 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {        return authData.getDateOfBirth();      if (predicate.equals(MOABPK))        return authData.getBPK(); -    if (predicate.equals(MOAWBPK)) -      return authData.getWBPK(); +     +    //AuthData holdes the correct BPK/WBPK +    if (predicate.equals(MOAWBPK))   +      return authData.getBPK();      if (predicate.equals(MOAPublicAuthority))        if (authData.isPublicAuthority())          return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 1fc257ea8..1a466c520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -499,8 +499,10 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes        return authData.getDateOfBirth();      if (predicate.equals("MOABPK"))        return authData.getBPK(); +     +    //AuthData holdes the correct BPK/WBPK      if (predicate.equals("MOAWBPK")) -        return authData.getWBPK(); +        return authData.getBPK();      if (predicate.equals("MOAPublicAuthority"))        if (authData.isPublicAuthority())          return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 6f698770c..b904161a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -324,8 +324,10 @@ public class XMLLoginParameterResolverPlainData                          return authData.getDateOfBirth();                  if(predicate.equals(MOABPK))                          return authData.getBPK(); +                 +                //AuthData holds the correct BPK/WBPK                  if(predicate.equals(MOAWBPK)) -                    	return authData.getWBPK(); +                    	return authData.getBPK();                  if(predicate.equals(MOAPublicAuthority))                          if(authData.isPublicAuthority())                                  return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 134bd21a8..1589f1440 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -143,10 +143,17 @@ public class AuthenticationDataAssertionParser implements Constants {        authData.setIssueInstant(          XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));        String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); +       +       +      //TODO: set pBK and Type        if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { -        authData.setBPK(pkValue); +    	//bPK   +        authData.setBPK(Constants.URN_PREFIX_BPK); +                } else { -        authData.setWBPK(pkValue); +    	//wbPK +        authData.setBPK(pkValue); +        authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));        }        authData.setIdentificationValue(          XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); | 
