From 96da47e5347471e8d94f809164c845eab871ae29 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 8 Jul 2013 15:52:12 +0200 Subject: AuthData um bPK/wbPK Target erweitert --- .../moa/id/auth/AuthenticationServer.java | 70 +++++++++++++++------- .../AuthenticationDataAssertionBuilder.java | 8 +-- .../moa/id/auth/builder/BPKBuilder.java | 11 +--- .../id/auth/servlet/VerifyCertificateServlet.java | 3 +- .../moa/id/data/AuthenticationData.java | 50 ++++++++++------ .../id/proxy/DefaultLoginParameterResolver.java | 6 +- .../XMLLoginParameterResolverEncryptedData.java | 4 +- .../proxy/XMLLoginParameterResolverPlainData.java | 4 +- .../parser/AuthenticationDataAssertionParser.java | 11 +++- 9 files changed, 109 insertions(+), 58 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 41b383f01..ba66041d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; +import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -32,12 +33,16 @@ import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; +//import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Set; import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -68,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -82,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; @@ -108,6 +115,7 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -117,6 +125,7 @@ import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -132,7 +141,6 @@ import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; -//import java.security.cert.CertificateFactory; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -849,16 +857,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <CreateXMLSignatureRequest> */ - public String createXMLSignatureRequestForeignID(String sessionID, + public String createXMLSignatureRequestForeignID(AuthenticationSession session, X509Certificate cert) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); +// AuthenticationSession session = getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -866,6 +874,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + //session.setSignerCertificate(cert); + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); } @@ -2000,9 +2010,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { // AuthConfigurationProvider.getInstance(); IdentityLink tempIdentityLink = null; - + if (session.getUseMandate()) { - session.setMandate(mandate); tempIdentityLink = new IdentityLink(); Element mandator = ParepUtils.extractMandator(mandate); String dateOfBirth = ""; @@ -2459,7 +2468,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { if(!isForeigner) { //we have Austrian citizen if (businessService) { - authData.setWBPK(identityLink.getIdentificationValue()); + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); } else { @@ -2471,16 +2481,30 @@ public class AuthenticationServer implements MOAIDAuthConstants { if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { String bpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); } } } else { //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW if (businessService) { //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); - authData.setWBPK(wbpkBase64); + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); } } else { @@ -2488,7 +2512,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); } @@ -2757,7 +2782,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); - //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); @@ -2776,16 +2800,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("Issuer value: " + issuerValue); - QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); - Logger.debug("QAALevel: " + qaaLevel.getValue()); - + QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); + //Logger.debug("QAALevel: " + qaaLevel.getValue()); + RequestedAttributes requestedAttributes = null; - requestedAttributes = oaParam.getRequestedAttributes(); + //TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes(); requestedAttributes.detach(); List reqAttributeList = new ArrayList(); List oaReqAttributeList = null; - oaReqAttributeList = new ArrayList(oaParam.getRequestedAttributes().getRequestedAttributes()); + //TODO UNCOMMENT AGAIN !! oaReqAttributeList = new ArrayList(oaParam.getRequestedAttributes().getRequestedAttributes()); //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes @@ -2924,7 +2948,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - + X509Certificate cert; try { cert = new X509Certificate(is); @@ -2933,7 +2957,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { } catch (Throwable e) { throw new CertificateException(e); } - + +// CertificateFactory cf; +// X509Certificate cert = null; +// cf = CertificateFactory.getInstance("X.509"); +// CertificateFactory +// cert = (X509Certificate)cf.generateCertificate(is); +// return cert; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 7137ce414..839ebe7a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -255,8 +255,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String pkType; String pkValue; if (businessService) { - pkType = authData.getIdentificationType(); - pkValue = authData.getWBPK(); + pkType = authData.getBPKType(); + pkValue = authData.getBPK(); } else { // always has the bPK as type/value @@ -376,8 +376,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String pkType; String pkValue; if (businessService) { - pkType = authData.getIdentificationType(); - pkValue = authData.getWBPK(); + pkType = authData.getBPKType(); + pkValue = authData.getBPK(); } else { // always has the bPK as type/value diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index de86a4f05..6a9a5b765 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -91,16 +91,7 @@ public class BPKBuilder { new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; try { MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 930fedfd4..7b5c1513a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -148,7 +148,8 @@ public class VerifyCertificateServlet extends AuthServlet { } else { // Foreign Identities Modus - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert); // build dataurl (to the GetForeignIDSerlvet) String dataurl = new DataURLBuilder().buildDataURL( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index c1de93fae..efb300a1c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -69,13 +69,20 @@ public class AuthenticationData implements Serializable { */ private String identificationType; /** - * application specific user identifier (bPK) + * application specific user identifier (bPK/wbPK) */ private String bPK; + /** - * private sector-specific personal identifier (wbPK) + * application specific user identifier type */ - private String wbPK; + private String bPKType; + + +// /** +// * private sector-specific personal identifier (wbPK) +// */ +// private String wbPK; /** * given name of the user */ @@ -167,13 +174,13 @@ public class AuthenticationData implements Serializable { return bPK; } - /** - * Returns the wbPK. - * @return String the wbPK. - */ - public String getWBPK() { - return wbPK; - } +// /** +// * Returns the wbPK. +// * @return String the wbPK. +// */ +// public String getWBPK() { +// return wbPK; +// } /** * Returns useUTC @@ -223,13 +230,13 @@ public class AuthenticationData implements Serializable { this.bPK = bPK; } - /** - * Sets the wbPK. - * @param wbPK The wbPK to set - */ - public void setWBPK(String wbPK) { - this.wbPK = wbPK; - } +// /** +// * Sets the wbPK. +// * @param wbPK The wbPK to set +// */ +// public void setWBPK(String wbPK) { +// this.wbPK = wbPK; +// } public void setUseUTC(boolean useUTC) { this.useUTC = useUTC; @@ -435,4 +442,13 @@ public class AuthenticationData implements Serializable { return timestamp; } +public String getBPKType() { + return bPKType; +} + +public void setBPKType(String bPKType) { + this.bPKType = bPKType; +} + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 7a356aaf0..03b012a27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -136,8 +136,10 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { return authData.getDateOfBirth(); if (predicate.equals(MOABPK)) return authData.getBPK(); - if (predicate.equals(MOAWBPK)) - return authData.getWBPK(); + + //AuthData holdes the correct BPK/WBPK + if (predicate.equals(MOAWBPK)) + return authData.getBPK(); if (predicate.equals(MOAPublicAuthority)) if (authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 1fc257ea8..1a466c520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -499,8 +499,10 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes return authData.getDateOfBirth(); if (predicate.equals("MOABPK")) return authData.getBPK(); + + //AuthData holdes the correct BPK/WBPK if (predicate.equals("MOAWBPK")) - return authData.getWBPK(); + return authData.getBPK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 6f698770c..b904161a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -324,8 +324,10 @@ public class XMLLoginParameterResolverPlainData return authData.getDateOfBirth(); if(predicate.equals(MOABPK)) return authData.getBPK(); + + //AuthData holds the correct BPK/WBPK if(predicate.equals(MOAWBPK)) - return authData.getWBPK(); + return authData.getBPK(); if(predicate.equals(MOAPublicAuthority)) if(authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 134bd21a8..1589f1440 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -143,10 +143,17 @@ public class AuthenticationDataAssertionParser implements Constants { authData.setIssueInstant( XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); + + + //TODO: set pBK and Type if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { - authData.setBPK(pkValue); + //bPK + authData.setBPK(Constants.URN_PREFIX_BPK); + } else { - authData.setWBPK(pkValue); + //wbPK + authData.setBPK(pkValue); + authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); } authData.setIdentificationValue( XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); -- cgit v1.2.3