From fd8f60064e096b3c011cfc18e86a224308d762f7 Mon Sep 17 00:00:00 2001 From: "peter.danner" Date: Sun, 30 Oct 2005 09:01:22 +0000 Subject: updated for wbPK git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@538 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 4 +- .../moa/id/data/AuthenticationData.java | 8 +- .../id/proxy/DefaultLoginParameterResolver.java | 12 +- .../moa/id/proxy/LoginParameterResolver.java | 16 +- .../id/proxy/LoginParameterResolverFactory.java | 5 +- .../XMLLoginParameterResolverEncryptedData.java | 277 +++++++++++---------- .../proxy/XMLLoginParameterResolverPlainData.java | 55 ++-- .../parser/AuthenticationDataAssertionParser.java | 4 +- .../moa/id/proxy/servlet/ProxyServlet.java | 12 +- .../src/test/abnahme/A/Test300VerifyAuthBlock.java | 2 +- .../abnahme/P/Test100LoginParameterResolver.java | 8 +- .../id/proxy/parser/SAMLResponseParserTest.java | 2 +- 12 files changed, 224 insertions(+), 181 deletions(-) (limited to 'id.server/src') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 04107a794..5bd0ee5fa 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -602,14 +602,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { } authData.setSignerCertificate(signerCertificateBase64); if (businessService) { - authData.setWPBK(identityLink.getIdentificationValue()); + authData.setWBPK(identityLink.getIdentificationValue()); } else { // only compute bPK if online applcation is a public service String bpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); - authData.setPBK(bpkBase64); + authData.setBPK(bpkBase64); } String ilAssertion = oaParam.getProvideIdentityLink() diff --git a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java index 8e0f3cbcf..c1588fe22 100644 --- a/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id.server/src/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -131,7 +131,7 @@ public class AuthenticationData { * Returns the bPK. * @return String */ - public String getPBK() { + public String getBPK() { return bPK; } @@ -139,7 +139,7 @@ public class AuthenticationData { * Returns the wbPK. * @return String the wbPK. */ - public String getWPBK() { + public String getWBPK() { return wbPK; } @@ -179,7 +179,7 @@ public class AuthenticationData { * Sets the bPK. * @param bPK The bPK to set */ - public void setPBK(String bPK) { + public void setBPK(String bPK) { this.bPK = bPK; } @@ -187,7 +187,7 @@ public class AuthenticationData { * Sets the wbPK. * @param wbPK The wbPK to set */ - public void setWPBK(String wbPK) { + public void setWBPK(String wbPK) { this.wbPK = wbPK; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 77f6652f3..03034f3d3 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -27,7 +27,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { /** * Configuration mehtod (not used) */ - public void configure(String configuration) throws LoginParameterResolverException { + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { } @@ -37,7 +37,8 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) { + String clientIPAddress, + boolean businessService) { Map result = new HashMap(); @@ -73,7 +74,8 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { public Map getAuthenticationParameters( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) { + String clientIPAddress, + boolean businessService) { Map result = new HashMap(); @@ -111,7 +113,9 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { if (predicate.equals(MOADateOfBirth)) return authData.getDateOfBirth(); if (predicate.equals(MOABPK)) - return authData.getPBK(); + return authData.getBPK(); + if (predicate.equals(MOAWBPK)) + return authData.getWBPK(); if (predicate.equals(MOAPublicAuthority)) if (authData.isPublicAuthority()) return "true"; diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index f43bbd9e4..27d52fc1a 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -24,6 +24,8 @@ public interface LoginParameterResolver { public static final String MOADateOfBirth = "MOADateOfBirth"; /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ public static final String MOABPK = "MOABPK"; + /** Constant used in MOAIDConfiguration-1.3.xsd, type MOAAuthDataType */ + public static final String MOAWBPK = "MOAWBPK"; /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ public static final String MOAPublicAuthority = "MOAPublicAuthority"; /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ @@ -42,7 +44,8 @@ public interface LoginParameterResolver { * * @param oaConf configuration data * @param authData authentication data - * @param clientIPAddress client IP address + * @param clientIPAddress client IP address + * @param businessService boolean value for recognizing (w)bPK-mode * @return A map, the keys being header names and values being corresponding header values. *
In case of authentication type "basic-auth", header fields * username and password. @@ -53,14 +56,16 @@ public interface LoginParameterResolver { public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException, NotAllowedException; + String clientIPAddress, + boolean businessService) throws LoginParameterResolverException, NotAllowedException; /** * Returns request parameters to be added to a URLConnection. * * @param oaConf configuration data * @param authData authentication data - * @param clientIPAddress client IP address + * @param clientIPAddress client IP address + * @param businessService boolean value for recognizing (w)bPK-mode * @return A map, the keys being parameter names and values being corresponding parameter values. *
In case of authentication type "param-auth", parameters * derived from parameter mapping and authentication data provided. @@ -69,8 +74,9 @@ public interface LoginParameterResolver { public Map getAuthenticationParameters( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException, NotAllowedException; + String clientIPAddress, + boolean businessService) throws LoginParameterResolverException, NotAllowedException; - public void configure(String configuration) throws LoginParameterResolverException; + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java index 856afe74c..8edd23438 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -42,16 +42,15 @@ public class LoginParameterResolverFactory { String publicURLPrefix = oaParam.getPublicURLPrefix(); String className = oaParam.getLoginParameterResolverImpl(); String configuration = oaParam.getLoginParameterResolverConfiguration(); - if (className != null) { try { Class lprClass = Class.forName(className); LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); - Class[] argumentTypes = { String.class }; + Class[] argumentTypes = { String.class, Boolean.class }; Method confMethod = lprClass.getMethod( "configure", argumentTypes ); - Object[] arguments = { new String(configuration) }; + Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) }; confMethod.invoke( lpr, arguments ); loginParameterResolverMap.put(publicURLPrefix, lpr); diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 8a93148bb..a0780358e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -5,24 +5,30 @@ import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; - -import javax.crypto.Cipher; -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; - import java.security.InvalidAlgorithmParameterException; -import java.security.Key; import java.security.InvalidKeyException; +import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Security; +import java.util.HashMap; +import java.util.Map; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.IvParameterSpec; +import javax.xml.parsers.ParserConfigurationException; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; @@ -31,14 +37,6 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.URLEncoder; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; - -import java.io.IOException; -import java.util.*; - -import javax.xml.parsers.ParserConfigurationException; -import org.w3c.dom.*; -import org.xml.sax.SAXException; /** * XMLLoginParameterResolver an implementation of implementation of interface @@ -195,8 +193,8 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes * configuration method * @param configuration enabled enable user mapping to parameter set for the parameter set. */ - public void configure(String configuration) throws LoginParameterResolverException { - File idFile; + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + File idFile; Element rootElement; Security.addProvider(new IAIK()); @@ -248,7 +246,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes throw new LoginParameterResolverException("config.11", new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() }); } - buildInfo(rootElement); + buildInfo(rootElement, businessService.booleanValue()); isConfigured = true; } @@ -330,7 +328,8 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException, NotAllowedException { + String clientIPAddress, + boolean businessService) throws LoginParameterResolverException, NotAllowedException { Map result = new HashMap(); if (!isConfigured) { @@ -339,25 +338,32 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes identityFile + "' is not configured!", null); } - //get the Identity of the user - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOABPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - boolean userFound = false; + //get the Identity of the user + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; - //try bPK and named search - params = bPKIdentitySearch(bPK); + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); if (null == params) params = namedIdentitySearch(famName, givenName, dateOfBirth); //if both searches failed, report error. if(null == params) - throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); //HTTP 401 - Basic Authentication if (oaConf.getAuthType().equals("basic")) { @@ -395,34 +401,42 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes public Map getAuthenticationParameters( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException, NotAllowedException { - - Map result = new HashMap(); + String clientIPAddress, + boolean businessService) throws LoginParameterResolverException, NotAllowedException { - if (!isConfigured) { - Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); - return result; - } - - String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); - String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOABPK", authData, clientIPAddress); - String userid = ""; - String password = ""; - LPRParams params = null; - - //try bPK and named search - params = bPKIdentitySearch(bPK); - - if (null == params) - params = namedIdentitySearch(famName, givenName, dateOfBirth); - - //if both searches failed, report error. - if(null == params) - throw new NotAllowedException("User:_bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); - - //TODO MOAID XMLLPR URLEncoder.encode + Map result = new HashMap(); + + if (!isConfigured) { + Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); + return result; + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //TODO MOAID XMLLPR URLEncoder.encode if (oaConf.getAuthType().equals("param")) { try { if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1")); @@ -458,7 +472,9 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes if (predicate.equals("MOADateOfBirth")) return authData.getDateOfBirth(); if (predicate.equals("MOABPK")) - return authData.getPBK(); + return authData.getBPK(); + if (predicate.equals("MOAWBPK")) + return authData.getWBPK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; @@ -500,9 +516,11 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file. * @param root document root element. */ - private void buildInfo(Element root) { + private void buildInfo(Element root, boolean businessService) { NodeList idList = root.getElementsByTagName(XSD_IDELEM); NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM); + String wType =""; + if (businessService) wType = "w"; for (int i = 0; i < idList.getLength(); i++) Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); @@ -536,12 +554,22 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), tmpElem.getAttribute(XSD_PARAM3ATTR)) ); - } else { //bPKIdentity Elements + } else { - tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); + //(w)bPKIdentity Elements + if (businessService) { + tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM); + } else { + tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); + } if (1 == tmpList.getLength()) { tmpElem = (Element) tmpList.item(0); - String tmpStr = tmpElem.getAttribute(XSD_BPKATTR); + String tmpStr = ""; + if (businessService) { + tmpStr = tmpElem.getAttribute(XSD_WBPKATTR); + } else { + tmpStr = tmpElem.getAttribute(XSD_BPKATTR); + } boolean tmpBool = false; if (tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) @@ -557,99 +585,92 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), tmpElem.getAttribute(XSD_PARAM3ATTR)) ); } else { - Logger.warn( - "XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); + if (businessService) { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found"); + } else { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); + } } } } Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug("bPKMap:" + bPKMap.toString()); + Logger.debug(wType + "bPKMap:" + bPKMap.toString()); } - /** - * searches for a given bPK and returns the appropriate LPRParams structure - * @param bPK search argument - * @returns LPRParams if bPK could be found in internal mappings or null otherwise. + + + + /** + * searches for a given bPK and returns the appropriate LPRParams structure + * @param bPK search argument + * @returns LPRParams if bPK could be found in internal mappings or null otherwise. */ - LPRParams bPKIdentitySearch(String bPK) { - //search for mapping with bPK of the user - Logger.info("XMLLoginParameterResolver: search for login data mapped to bPK:" + bPK); - LPRParams params = (LPRParams) bPKMap.get(bPK); - if (null == params) { - Logger.info("XMLLoginParameterResolver: params for bPK: " + bPK + " not found!"); - return null; - } else if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return params; - } - Logger.info("XMLLoginParameterResolver: bPK: " + bPK + "found in list but user is NOT enabled"); - return null; + LPRParams bPKIdentitySearch(String bPK, String wType) { + //search for mapping with (w)bPK of the user + Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK); + LPRParams params = (LPRParams) bPKMap.get(bPK); + if (null == params) { + Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!"); + return null; + } else if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled"); + return null; } - /** - * searches for a given namedIdentity and returns the appropriate LPRParams structure - * @param surName surname search argument - * @param givenName givenname search argument - * @param dateOfBirth dateofbirth search argument - * @returns LPRParams if bPK could be found in internal mappings or null otherwise. + /** + * searches for a given namedIdentity and returns the appropriate LPRParams structure + * @param surName surname search argument + * @param givenName givenname search argument + * @param dateOfBirth dateofbirth search argument + * @returns LPRParams if (w)bPK could be found in internal mappings or null otherwise. */ - LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { - Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + - " GivenName: " + givenName + - " DateOfBirth" + dateOfBirth); - - //try first a search with surname, givenname and birthdate + LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { + Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth); + //try first a search with surname, givenname and birthdate LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth); if (null == params) { - Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + - givenName + "BirthDate: " + dateOfBirth + " not found!"); - - //try a search with surname, givenname only - params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); - if(null == params) { - Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + - givenName + " not found!"); - return null; - } + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!"); + //try a search with surname, givenname only + params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); + if(null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!"); + return null; + } } if (params.getEnabled()) { - Logger.info("XMLLoginParameterResolver: Surname:" + surName - + " GivenName: " - + givenName - + " found in list; user is enabled"); - Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); - return params; + Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; } - Logger.info( - "XMLLoginParameterResolver: SurName:" - + surName - + " GivenName: " - + givenName - + "found in list; user is NOT enabled"); + Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled"); return null; } - //public static final String XSD_MAPPING = "Mapping"; - + //public static final String XSD_MAPPING = "Mapping"; //public static final String XSD_DOCELEM = "MOAIdentities"; public static final String XSD_IDELEM = "Identity"; public static final String XSD_NAMEDIDELEM = "NamedIdentity"; public static final String XSD_BPKIDELEM = "bPKIdentity"; + public static final String XSD_WBPKIDELEM = "wbPKIdentity"; public static final String XSD_PARAMELEM = "Parameters"; public static final String XSD_SURNAMEATTR = "SurName"; - public static final String XSD_GIVENNAMEATTR = "GivenName"; + public static final String XSD_GIVENNAMEATTR = "GivenName"; public static final String XSD_BIRTHDATEATTR = "BirthDate"; - public static final String XSD_BIRTHDATEBLANKATTR = "any"; + public static final String XSD_BIRTHDATEBLANKATTR = "any"; public static final String XSD_BPKATTR = "bPK"; + public static final String XSD_WBPKATTR = "wbPK"; public static final String XSD_UNATTR = "UN"; - public static final String XSD_PWATTR = "PW"; - public static final String XSD_PARAM1ATTR = "Param1"; - public static final String XSD_PARAM2ATTR = "Param2"; - public static final String XSD_PARAM3ATTR = "Param3"; + public static final String XSD_PWATTR = "PW"; + public static final String XSD_PARAM1ATTR = "Param1"; + public static final String XSD_PARAM2ATTR = "Param2"; + public static final String XSD_PARAM3ATTR = "Param3"; private Map bPKMap; private Map namedMap; - private boolean isConfigured = false; + private boolean isConfigured = false; } \ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 1f59aa809..597a6bc7d 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -150,7 +150,7 @@ public class XMLLoginParameterResolverPlainData } //TODO document - public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress) throws NotAllowedException + public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService) throws NotAllowedException { Map result = new HashMap(); if(oaConf.getAuthType().equals("basic")) @@ -158,7 +158,14 @@ public class XMLLoginParameterResolverPlainData String famName = resolveValue(MOAFamilyName, authData, clientIPAddress); String givenName = resolveValue(MOAGivenName, authData, clientIPAddress); String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress); - String bPK = resolveValue(MOABPK, authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } String userid = ""; String password = ""; String param1 = ""; @@ -168,15 +175,15 @@ public class XMLLoginParameterResolverPlainData LPRParams params = null; boolean userFound = false; - //first step: search for bPK entry in user list - Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for bPK:" + bPK); + //first step: search for (w)bPK entry in user list + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK); params = (LPRParams)bPKMap.get(bPK); if(params == null) - Logger.debug("XMLLoginParameterResolverPlainData: params for bPK: " + bPK + " not found in file!"); + Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!"); else if(params.getEnabled()) { //if user is enabled: get related parameters - Logger.debug("XMLLoginParameterResolverPlainData: bPK: " + bPK + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled"); Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); userid = params.getUN(); password = params.getPW(); @@ -186,7 +193,7 @@ public class XMLLoginParameterResolverPlainData userFound = true; } else { - Logger.info("XMLLoginParameterResolverPlainData: bPK: " + bPK + " found in list; user is NOT enabled"); + Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled"); } if(!userFound) //secound step: search for name entry in user list { @@ -241,7 +248,7 @@ public class XMLLoginParameterResolverPlainData return result; } - public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress) + public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService) { Map result = new HashMap(); if(oaConf.getAuthType().equals("param")) @@ -268,7 +275,9 @@ public class XMLLoginParameterResolverPlainData if(predicate.equals(MOADateOfBirth)) return authData.getDateOfBirth(); if(predicate.equals(MOABPK)) - return authData.getPBK(); + return authData.getBPK(); + if(predicate.equals(MOAWBPK)) + return authData.getWBPK(); if(predicate.equals(MOAPublicAuthority)) if(authData.isPublicAuthority()) return "true"; @@ -309,11 +318,13 @@ public class XMLLoginParameterResolverPlainData } } - private void buildInfo(Document doc) + private void buildInfo(Document doc, boolean businessService) { Element root = doc.getDocumentElement(); NodeList idList = root.getElementsByTagName("Identity"); NodeList paramList = root.getElementsByTagName("Parameters"); + String wType =""; + if (businessService) wType = "w"; for(int i = 0; i < idList.getLength(); i++) Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName()); @@ -340,11 +351,11 @@ public class XMLLoginParameterResolverPlainData namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { - tmpList = tmpElem.getElementsByTagName("bPKIdentity"); + tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity"); if(1 == tmpList.getLength()) { tmpElem = (Element)tmpList.item(0); - String tmpStr = tmpElem.getAttribute("bPK"); + String tmpStr = tmpElem.getAttribute(wType + "bPK"); boolean tmpBool = false; if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) tmpBool = true; @@ -354,26 +365,26 @@ public class XMLLoginParameterResolverPlainData bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { - Logger.warn("XMLLoginParameterResolverPlainData: wrong format no NamedIdentity or bPKIdentity found"); + Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found"); } } } Logger.debug("namedMap:" + namedMap.toString()); - Logger.debug("bPKMap:" + bPKMap.toString()); + Logger.debug(wType + "bPKMap:" + bPKMap.toString()); } - public static final String XSD_DOCELEM = "MOAIdentities"; - public static final String XSD_IDELEM = "Identity"; - public static final String XSD_NAMEDIDELEM = "NamedIdentity"; - public static final String XSD_BPKIDELEM = "bPKIdentity"; - public static final String XSD_PARAMELEM = "Parameters"; - public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration"; + //public static final String XSD_DOCELEM = "MOAIdentities"; + //public static final String XSD_IDELEM = "Identity"; + //public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + //public static final String XSD_BPKIDELEM = "bPKIdentity"; + //public static final String XSD_PARAMELEM = "Parameters"; + //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration"; private Map bPKMap; private Map namedMap; - public void configure(String configuration) throws LoginParameterResolverException { + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration); this.configuration = configuration; String fileName = configuration; @@ -382,6 +393,6 @@ public class XMLLoginParameterResolverPlainData Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName); } Document doc = readXMLFile(fileName); - buildInfo(doc); + buildInfo(doc, businessService.booleanValue() ); } } \ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 9bbf13aca..6bf5da02b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -121,9 +121,9 @@ public class AuthenticationDataAssertionParser implements Constants { XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { - authData.setPBK(pkValue); + authData.setBPK(pkValue); } else { - authData.setWPBK(pkValue); + authData.setWBPK(pkValue); } authData.setIdentificationValue( XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 327c658f1..0cb3389e8 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -91,7 +91,7 @@ public class ProxyServlet extends HttpServlet { /** Name of the Attribute for user binding */ private static final String ATT_OA_USER_BINDING = "UserBinding"; /** For extended internal debug messages */ - private static final boolean INTERNAL_DEBUG = false; + private static final boolean INTERNAL_DEBUG = true; /** Message to be given if browser login failed */ private static final String RET_401_MSG = "Ein Fehler ist aufgetreten

Fehler bei der Anmeldung

Bei der Anmeldung ist ein Fehler aufgetreten.

Fehler bei der Anmeldung.
Prüfen Sie bitte ihre Berechtigung.
Abbruch durch den Benutzer.

"; @@ -102,7 +102,7 @@ public class ProxyServlet extends HttpServlet { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) { + if (req.getParameter(PARAM_SAMLARTIFACT) != null) { // check if SAML Artifact was already used in this session (in case of page reload) HttpSession session = req.getSession(); if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { @@ -163,7 +163,8 @@ public class ProxyServlet extends HttpServlet { samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); // String target = req.getParameter(PARAM_TARGET); parameter given but not processed - + // boolean targetprovided = req.getParameter(PARAM_TARGET) != null; + // get authentication data from the MOA-ID Auth component AuthenticationData authData; try { @@ -189,11 +190,12 @@ public class ProxyServlet extends HttpServlet { // resolve login parameters to be forwarded to online application LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); String clientIPAddress = req.getRemoteAddr(); + boolean businessService = oaParam.getBusinessService(); try { if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); + loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService); else - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); + loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService); } catch (LoginParameterResolverException ex) { throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); } catch (NotAllowedException e) { diff --git a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java index c7ee57f09..8bf7f32ab 100644 --- a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java +++ b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java @@ -565,7 +565,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase { authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); String vpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); - authData.setPBK(vpkBase64); + authData.setBPK(vpkBase64); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); diff --git a/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java b/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java index ede69dd8b..b56f7f4ab 100644 --- a/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java +++ b/id.server/src/test/abnahme/P/Test100LoginParameterResolver.java @@ -54,7 +54,7 @@ public class Test100LoginParameterResolver extends AbnahmeTestCase { authData.setGivenName("Hugo"); // resolve login headers - Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS); + Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false); // validate login headers assertEquals(1, loginHeaders.keySet().size()); @@ -84,10 +84,10 @@ public class Test100LoginParameterResolver extends AbnahmeTestCase { String DATE_OF_BIRTH = "1963-12-29"; String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw="; authData.setDateOfBirth(DATE_OF_BIRTH); - authData.setPBK(VPK); + authData.setBPK(VPK); // resolve login parameters - Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS); + Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false); // validate login headers assertEquals(2, loginParameters.keySet().size()); @@ -122,7 +122,7 @@ public class Test100LoginParameterResolver extends AbnahmeTestCase { authData.setIdentificationValue(STAMMZAHL); // resolve login headers - Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS); + Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false); // validate login headers assertEquals(5, loginHeaders.keySet().size()); diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java index 69e5958bf..68b5d4ee3 100644 --- a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java +++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java @@ -170,7 +170,7 @@ public class SAMLResponseParserTest extends UnitTestCase { assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer()); assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant()); assertEquals("123456789012", authData.getIdentificationValue()); - assertEquals("MTk2OC0xMC0yMmdi", authData.getPBK()); + assertEquals("MTk2OC0xMC0yMmdi", authData.getBPK()); assertEquals("Hermann", authData.getGivenName()); assertEquals("Muster", authData.getFamilyName()); assertEquals("1968-10-22", authData.getDateOfBirth()); -- cgit v1.2.3