From b73822979de23a3b7236411a7a737e2c93642a7d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 4 Jul 2013 10:09:26 +0200 Subject: =?UTF-8?q?BKU=20Auswahl=20in=20Kontext=20von=20MOA-ID=20f=C3=BCr?= =?UTF-8?q?=20standardkonforme=20Variante?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../moa/id/auth/AuthenticationServer.java | 188 ++++------------ .../moa/id/auth/MOAIDAuthConstants.java | 10 + .../AuthenticationBlockAssertionBuilder.java | 46 +++- .../moa/id/auth/builder/LoginFormBuilder.java | 11 +- .../auth/builder/StartAuthenticationBuilder.java | 56 +++++ .../moa/id/auth/data/AuthenticationSession.java | 16 ++ .../StartAuthentificationParameterParser.java | 239 +++++++++++++++++++++ .../servlet/GenerateIFrameTemplateServlet.java | 178 +++++++++++++++ .../auth/servlet/StartAuthenticationServlet.java | 173 +++++---------- .../CreateXMLSignatureResponseValidator.java | 22 ++ 10 files changed, 667 insertions(+), 272 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 911920e83..9abbf2970 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -389,95 +389,31 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(String authURL, String target, - String targetFriendlyName, String oaURL, String templateURL, - String bkuURL, String useMandate, String sessionID, String scheme, - String sourceID, String modul, String action) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - String useMandateString = null; - boolean useMandateBoolean = false; - if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMandateString = useMandate; - } else { - useMandateString = "false"; - } - - if (useMandateString.compareToIgnoreCase("true") == 0) - useMandateBoolean = true; - else - useMandateBoolean = false; - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); + if (session == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - AuthenticationSession session; - OAAuthParameter oaParam; - if (sessionID != null) { - session = getSession(sessionID); - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } else { - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (useMandateBoolean) { - Logger - .error("Online-Mandate Mode for bussines application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; - } - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setTargetFriendlyName(targetFriendlyName); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - session.setModul(modul); - session.setAction(action); - if (sourceID != null) - session.setSourceID(sourceID); - } - // BKU URL has not been set yet, even if session already exists - if (bkuURL == null) { - if (scheme != null && scheme.equalsIgnoreCase("https")) { - bkuURL = DEFAULT_BKU_HTTPS; - } else { - bkuURL = DEFAULT_BKU; + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[] { + session.getTemplateURL(), ex.toString() }, ex); } } - session.setBkuURL(bkuURL); - session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - session.setUseMandate(useMandateString); + + //build ReadInfobox request String infoboxReadRequest = new InfoboxReadRequestBuilder().build( oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); @@ -485,22 +421,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - String template = null; - // override template url by url from configuration file - if (oaParam.getTemplateURL() != null) { - templateURL = oaParam.getTemplateURL(); - } else { - templateURL = session.getTemplateURL(); - } - if (templateURL != null) { - try { - template = new String(FileUtils.readURL(templateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - templateURL, ex.toString() }, ex); - } - } - + String pushInfobox = ""; VerifyInfoboxParameters verifyInfoboxParameters = oaParam .getVerifyInfoboxParameters(); @@ -509,21 +430,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPushInfobox(pushInfobox); } - try { - AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - throw new AuthenticationException("", null); - } - + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(oaParam.getSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); + String htmlForm = new GetIdentityLinkFormBuilder().build(template, - bkuURL, infoboxReadRequest, dataURL, certInfoRequest, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox); + return htmlForm; } @@ -2311,6 +2228,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { + //TODO: CHECK if STORK parts works correct!!!! + if (isEmpty(sessionID)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); @@ -2784,46 +2703,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static void startSTORKAuthentication( HttpServletRequest req, HttpServletResponse resp, - String ccc, - String oaURL, - String target, - String targetFriendlyName, - String authURL, - String sourceID, - String modul, - String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); - } else { - target = null; + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - //create MOA session - AuthenticationSession moaSession = newSession(); - Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); - moaSession.setTarget(target); - moaSession.setTargetFriendlyName(targetFriendlyName); - moaSession.setOAURLRequested(oaURL); - moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moaSession.setAuthURL(authURL); - moaSession.setBusinessService(oaParam.getBusinessService()); - moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - moaSession.setAction(action); - moaSession.setModul(modul); - if (sourceID != null) - moaSession.setSourceID(sourceID); + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - CPEPS cpeps = storkConfig.getCPEPS(ccc); + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); @@ -2838,7 +2732,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); - Logger.debug("QAALevel: " + qaaLevel.getValue()); + //Logger.debug("QAALevel: " + qaaLevel.getValue()); RequestedAttributes requestedAttributes = null; @@ -2850,7 +2744,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); Logger.debug("The following attributes are requested for this specific country:"); List countrySpecificReqAttributeList = new ArrayList(cpeps.getCountrySpecificRequestedAttributes()); for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { @@ -2888,13 +2782,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String spSector = StringUtils.isEmpty(target) ? "Business" : target; + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( @@ -2944,9 +2838,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moaSession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(storkAuthnRequest); HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); Logger.debug("Preparing to send STORK AuthnRequest."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 01c875533..47bf61db4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth; +import java.util.Arrays; +import java.util.List; + import iaik.asn1.ObjectID; @@ -118,5 +121,12 @@ public interface MOAIDAuthConstants { public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; /** the number of the certifcate extension for party organ representatives */ public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /**BKU type identifiers to use bkuURI from configuration*/ + public static final String REQ_BKU_TYPE_LOCAL = "local"; + public static final String REQ_BKU_TYPE_ONLINE = "online"; + public static final String REQ_BKU_TYPE_HANDY = "handy"; + public static final List REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 412f1db81..897933ea0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.StringWriter; import java.text.MessageFormat; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; import java.util.List; +import java.util.Locale; +import javax.xml.bind.DatatypeConverter; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.Transformer; @@ -49,6 +54,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -79,6 +85,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " {6}" + NL + " " + NL + "{7}" + + "{8}" + " " + NL + ""; @@ -97,6 +104,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " " + NL + " " + NL; + private static String SPECIAL_TEXT_ATTRIBUTE = + " " + NL + + " {0}" + NL + + " " + NL; + private static String PR_IDENTIFICATION_ATTRIBUTE = " " + NL + @@ -107,7 +119,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ - public static final int NUM_OF_SAML_ATTRIBUTES = 3; + public static final int NUM_OF_SAML_ATTRIBUTES = 4; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -172,8 +184,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.error("Error on building AUTH-Block: " + e.getMessage()); throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); } - - + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { @@ -252,6 +263,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + //TODO: load special text from OAconfig + String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + //String text = ""; + + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -385,6 +406,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); //..BZ + //TODO: load special text from OAconfig + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -396,6 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -406,6 +435,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } + public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { + Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); + + String text = inputtext.replaceAll("#NAME#", issuer); + text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); + text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); + + return text; + } public static String xmlToString(Node node) { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 5191a2f81..83b7ae592 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -10,11 +10,12 @@ import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { + private static String SERVLET = "GenerateIframeTemplate"; + private static String AUTH_URL = "#AUTH_URL#"; - private static String OA_URL = "#OA_URL#"; - private static String RED_URL = "#RED_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; + private static String OANAME = "#OAName#"; private static String template; @@ -29,7 +30,7 @@ public class LoginFormBuilder { StringWriter writer = new StringWriter(); IOUtils.copy(input, writer); template = writer.toString(); - template = template.replace(AUTH_URL, "StartBKUAuthentication"); + template = template.replace(AUTH_URL, SERVLET); } catch (Exception e) { Logger.error("Failed to read template", e); } @@ -38,11 +39,10 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String oaURL, String modul, String action) { + public static String buildLoginForm(String modul, String action, String oaname) { String value = getTemplate(); if(value != null) { - value = value.replace(OA_URL, oaURL); if(modul == null) { modul = SAML1Protocol.PATH; } @@ -51,6 +51,7 @@ public class LoginFormBuilder { } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); + value = value.replace(OANAME, oaname); } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java new file mode 100644 index 000000000..8a9c2b4fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthenticationBuilder { + + private static StartAuthenticationBuilder instance = null; + + public static StartAuthenticationBuilder getInstance() { + if (instance == null) { + instance = new StartAuthenticationBuilder(); + } + return instance; + } + + + public String build(AuthenticationSession moasession, HttpServletRequest req, + HttpServletResponse resp) throws WrongParametersException, MOAIDException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); + } + + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + return ""; + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + return getIdentityLinkForm; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e023acafa..22a3337e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -113,6 +113,12 @@ public class AuthenticationSession implements Serializable { */ private boolean useMandate; + + /** + * STORK + */ + private String ccc; + /** * Reference value for mandate */ @@ -1025,6 +1031,16 @@ public class AuthenticationSession implements Serializable { public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { this.storkAuthnRequest = storkAuthnRequest; } + + public String getCcc() { + return ccc; + } + + public void setCcc(String ccc) { + this.ccc = ccc; + } + + // public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { // return XMLCreateSignatureResponse; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java new file mode 100644 index 000000000..1d3c82aaf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -0,0 +1,239 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ + + public static void parse(AuthenticationSession moasession, + String target, + String sourceID, + String oaURL, + String bkuURL, + String templateURL, + String useMandate, + String ccc, + String module, + String action, + HttpServletRequest req) throws WrongParametersException, MOAIDException { + + String targetFriendlyName = null; + + // escape parameter strings + //TODO: use URLEncoder.encode!! + target = StringEscapeUtils.escapeHtml(target); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + boolean useMandateBoolean = false; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; + else + useMandateBoolean = false; + + moasession.setUseMandate(useMandateString); + + //load OnlineApplication configuration + OAAuthParameter oaParam; + if (moasession.getPublicOAURLPrefix() != null) { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + moasession.getPublicOAURLPrefix()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { moasession.getPublicOAURLPrefix() }); + + } else { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + } else { + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; + } + + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); + + } else { + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for bussines application not supported."); + throw new AuthenticationException("auth.17", null); + } + target = null; + targetFriendlyName = null; + } + + moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + moasession.setTarget(target); + moasession.setTargetFriendlyName(targetFriendlyName); + moasession.setBusinessService(oaParam.getBusinessService()); + moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + } + + //check OnlineApplicationURL + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.05"); + moasession.setOAURLRequested(oaURL); + + //check AuthURL + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); + + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", + "AuthURL", "auth.05"); + + // check if HTTP Connection may be allowed (through + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider + .getInstance() + .getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) + && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", + new Object[] { authURL + "*" }); + + moasession.setAuthURL(authURL); + + //check and set SourceID + if (sourceID != null) + moasession.setSourceID(sourceID); + + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } + } + moasession.setBkuURL(bkuURL); + + // override template url by url from configuration file + if (oaParam.getTemplateURL() != null) { + templateURL = oaParam.getTemplateURL(); + } + moasession.setTemplateURL(templateURL); + moasession.setCcc(ccc); + + } + + public static void parse(HttpServletRequest req, HttpServletResponse resp, + AuthenticationSession moasession) throws WrongParametersException, MOAIDException { + + //check Module and Action + HttpSession httpSession = req.getSession(); + IRequest request = RequestStorage.getPendingRequest(httpSession); + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); + + modul = StringEscapeUtils.escapeHtml(modul); + action = StringEscapeUtils.escapeHtml(action); + if(modul == null) { + modul = SAML1Protocol.PATH; + } + + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + moasession.setModul(modul); + moasession.setAction(action); + + //get Parameters from request + String target = req.getParameter(PARAM_TARGET); + String sourceID = req.getParameter(PARAM_SOURCEID); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + oaURL = request.getOAURL(); + target = request.getTarget(); + + parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + + } + + /** + * Checks a parameter. + * + * @param param + * parameter + * @return true if the parameter is null or empty + */ + private static boolean isEmpty(String param) { + return param == null || param.length() == 0; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java new file mode 100644 index 000000000..29d407dc7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -0,0 +1,178 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; +import org.bouncycastle.asn1.x509.Target; + +import com.trilead.ssh2.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class GenerateIFrameTemplateServlet extends AuthServlet { + + private static final long serialVersionUID = 1L; + + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); + + try { + String bkuid = req.getParameter(PARAM_BKU); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + String moasessionid = null; + AuthenticationSession moasession = null; + + try { + moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moasessionid}); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + //load OA Config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(moasession.getOAURLRequested()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + + else { + + //load Parameters from config + String target = oaParam.getTarget(); + String sourceID = ""; //TODO: load from Config + String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); + String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; + + + //parse all OA parameters i + StartAuthentificationParameterParser.parse(moasession, + target, + sourceID, + moasession.getOAURLRequested(), + bkuURL, + templateURL, + useMandate, + ccc, + moasession.getModul(), + moasession.getAction(), + req); + } + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + String getIdentityLinkForm = startauth.build(moasession, req, resp); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + + + } + + private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List bkuURIs = Arrays.asList( + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html"); + +// List bkuURIs = Arrays.asList( +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, + "auth.12"); + } + + private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List bkuURIs = Arrays.asList( + "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", + "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", + "https://127.0.0.1:3496/https-security-layer-request"); + +// List bkuURIs = Arrays.asList( +// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +// "https://127.0.0.1:3496/https-security-layer-request"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, + "auth.12"); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index e15d8f908..16ff65477 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; @@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -94,130 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET StartAuthentication"); - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); + Logger.debug("GET StartAuthentication"); + + String sessionID = req.getParameter(PARAM_SESSIONID); + sessionID = (String) req.getAttribute(PARAM_SESSIONID); + + + + try { + + if (StringUtils.isEmpty(sessionID)) + throw new MOAIDException("auth.18", null); + + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + + setNoCachingHeadersInHttpRespone(req, resp); - HttpSession httpSession = req.getSession(); - - String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - - IRequest request = RequestStorage.getPendingRequest(httpSession); - - String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); - String action = request.requestedAction();//req.getParameter(PARAM_ACTION); - request.getOAURL(); - - // escape parameter strings - //TODO: use URLEncoder.encode!! - target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - bkuURL = StringEscapeUtils.escapeHtml(bkuURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - sessionID = StringEscapeUtils.escapeHtml(sessionID); - useMandate = StringEscapeUtils.escapeHtml(useMandate); - ccc = StringEscapeUtils.escapeHtml(ccc); - modul = StringEscapeUtils.escapeHtml(modul); - action = StringEscapeUtils.escapeHtml(action); - - oaURL = request.getOAURL(); - target = request.getTarget(); - - setNoCachingHeadersInHttpRespone(req, resp); - - try { - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - if (!ParamValidatorUtils.isValidCCC(ccc)) - throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - - if(modul == null) { - modul = SAML1Protocol.PATH; - } - - if(action == null) { - action = SAML1Protocol.GETARTIFACT; - } - - Logger.info("Start Authentication Module: " + modul + " Action: " + action); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - String targetFriendlyName = null; - - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; - } - - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc)); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(ccc)) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); - Logger.debug("Starting STORK authentication"); - - AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action); + //TODO: Load MOASession + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID); - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + //TODO: insert sessionID to STORK!! + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + } + Logger.debug("Finished GET StartAuthentication"); - } + } + catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + + } catch (MOADatabaseException e) { + handleError(null, e, req, resp); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8d2f95cce..93bc0d214 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -231,7 +231,29 @@ public class CreateXMLSignatureResponseValidator { } else { throw new ValidateException("validator.35", null); } + + // check four attribute could be a special text + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + //TODO:load Text from OA config + String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + //String text = ""; + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + // now check the extended SAML attributes int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; if (extendedSAMLAttributes != null) { -- cgit v1.2.3