From 0d652fd6754c4b5719306b81c65c0b28fec07aa1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 5 Jul 2013 10:33:16 +0200 Subject: =?UTF-8?q?MIS=20Client=20f=C3=BCr=20ELGA=20Target(GH)=20erweitert?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../moa/id/auth/AuthenticationServer.java | 111 +++++++++++++-------- .../moa/id/auth/data/AuthenticationSession.java | 4 +- .../servlet/VerifyAuthenticationBlockServlet.java | 13 ++- .../id/auth/servlet/VerifyCertificateServlet.java | 15 ++- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 29 +++++- .../moa/id/protocols/saml1/SAML1Protocol.java | 2 + .../id/util/client/mis/simple/MISSimpleClient.java | 14 ++- 7 files changed, 133 insertions(+), 55 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9abbf2970..aef247edb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -469,12 +469,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <CreateXMLSignatureRequest> */ - public String verifyIdentityLink(String sessionID, + public String verifyIdentityLink(AuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); @@ -487,10 +487,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); - if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); +// AuthenticationSession session = getSession(sessionID); +// if (session.getTimestampIdentityLink() != null) +// throw new AuthenticationException("auth.01", +// new Object[] { sessionID }); + session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -576,17 +577,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam .getProvideStammzahl()); - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); - - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - - return returnvalue; + + //TODO: make it better!! + return "found!"; } /** @@ -614,12 +607,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <CreateXMLSignatureRequest> */ - public String verifyCertificate(String sessionID, + public String verifyCertificate(AuthenticationSession session, X509Certificate certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException{ - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); @@ -630,7 +623,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { // if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) // isOW = true; // - AuthenticationSession session = getSession(sessionID); +// AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -639,14 +633,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, authConf, oaParam, isOW); - - try { - AuthenticationSessionStoreage.storeSession(session); - } catch (MOADatabaseException e) { - throw new MOAIDException("session store error", null); - } - - + return returnvalue; } @@ -767,6 +754,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { String bpkBase64 = new BPKBuilder().buildBPK(identityLink .getIdentificationValue(), session.getTarget()); identityLink.setIdentificationValue(bpkBase64); + + //TODO: insert correct Type!!!! + identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); } // ..BZ // } @@ -828,6 +818,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { String bpkBase64 = new BPKBuilder().buildBPK(identityLink .getIdentificationValue(), session.getTarget()); identityLink.setIdentificationValue(bpkBase64); + + //TODO: insert correct Type!!!! + identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); } } // ..BZ @@ -2084,25 +2077,57 @@ public class AuthenticationServer implements MOAIDAuthConstants { useCondition = oaParam.getUseCondition(); conditionLength = oaParam.getConditionLength(); - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); + String oatargetType; + + if(session.getBusinessService()) { + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + oatargetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); + } + + Element prIdentification = (Element) mandatePerson + .getElementsByTagNameNS(Constants.PD_NS_URI, + "Identification").item(0); + + if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + String baseid = getBaseId(mandatePerson); + Element identificationBpK = createIdentificationBPK(mandatePerson, + baseid, session.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + mandatePerson.insertBefore(identificationBpK, + prIdentification); } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); } + + } else { + +// Element identificationBpK = mandatePerson.getOwnerDocument() +// .createElementNS(Constants.PD_NS_URI, "Identification"); +// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Value"); +// +// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// tempIdentityLink.getIdentificationValue())); +// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Type"); +// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// "urn:publicid:gv.at:cdid+bpk")); +// identificationBpK.appendChild(valueBpK); +// identificationBpK.appendChild(typeBpK); +// +// mandatePerson.insertBefore(identificationBpK, prIdentification); } + mandateData = DOMUtils.serializeNode(mandatePerson); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 22a3337e3..6cfb12380 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -55,8 +55,8 @@ public class AuthenticationSession implements Serializable { */ private static final long serialVersionUID = 1L; - private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; - private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index dc4361da5..2f866ca78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -206,7 +206,18 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); byte[] cert = session.getEncodedSignerCertificate(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + + String targetType = null; + + if(session.getBusinessService()) { + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + targetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); + } + + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory); String redirectMISGUI = misSessionID.getRedirectURL(); if (misSessionID == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 51ec82e2d..fae69d81a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -43,6 +43,8 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -140,7 +142,7 @@ public class VerifyCertificateServlet extends AuthServlet { if (useMandate) { // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(sessionID, cert); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } @@ -159,9 +161,14 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("Send CreateXMLSignatureRequest to BKU"); - } - - + } + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + } + } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 61b55f73d..f1ecd512a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -43,6 +43,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -134,11 +138,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); Logger.debug(createXMLSignatureRequestOrRedirect); + if (createXMLSignatureRequestOrRedirect == null) { // no identity link found @@ -200,12 +207,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } else { Logger.info("Normal"); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } } - + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } } catch (ParseException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 610c61343..b5e957c5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -81,6 +81,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); config.setOAURL(oaURL); + config.setTarget(target); + request.getSession().setAttribute(PARAM_OA, oaURL); request.getSession().setAttribute(PARAM_TARGET, target); return config; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index ad4e45a2b..7ee3b4e84 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -143,7 +143,7 @@ public class MISSimpleClient { } } - public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { if (webServiceURL == null) { throw new NullPointerException("Argument webServiceURL must not be null."); } @@ -201,7 +201,17 @@ public class MISSimpleClient { } filtersElement.appendChild(mandateIdentifiersElement); mirElement.appendChild(filtersElement); - } + } + + //add Target element + Element targetElement = doc.createElementNS(MIS_NS, "Target"); + Element targetTypeElement = doc.createElementNS(MIS_NS, "Type"); + targetTypeElement.appendChild(doc.createTextNode(targetType)); + targetElement.appendChild(targetTypeElement); + mirElement.appendChild(targetElement); + + + // send soap request Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); -- cgit v1.2.3