From bfa66b41e723daf7ac7da7cef694ed52c43dbb39 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Oct 2014 12:22:57 +0200 Subject: add SZR request to get baseID --- .../id/auth/builder/AuthenticationDataBuilder.java | 214 ++++++++++++++------- .../id/config/auth/AuthConfigurationProvider.java | 35 +++- 2 files changed, 174 insertions(+), 75 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index a8a7d0c51..0510f545a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -31,7 +31,6 @@ import java.security.PrivateKey; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; -import java.util.Iterator; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -66,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -102,6 +102,11 @@ import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.util.client.szr.SZRClient; +import at.gv.util.config.EgovUtilPropertiesConfiguration; +import at.gv.util.ex.EgovUtilException; +import at.gv.util.wsdl.szr.SZRException; +import at.gv.util.xsd.szr.PersonInfoType; /** * @author tlenz @@ -406,10 +411,61 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } - if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0) { - Logger.error("Federated assertion include no bPK or encrypted bPK"); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME); + if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 && + MiscUtil.isEmpty(authData.getIdentificationValue())) { + Logger.info("Federated assertion include no bPK, encrypted bPK or baseID"); + + try { + EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); + if (eGovClientsConfig != null) { + SZRClient szrclient = new SZRClient(eGovClientsConfig); + + Logger.debug("Create SZR request to get baseID ... "); + PersonInfoType personInfo = new PersonInfoType(); + at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); + personInfo.setPerson(person); + at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); + person.setName(name); + + name.setGivenName(authData.getGivenName()); + name.setFamilyName(authData.getFamilyName()); + if (authData.getDateOfBirth() != null) + person.setDateOfBirth(authData.getFormatedDateOfBirth()); + + authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); + authData.setIdentificationType(Constants.URN_PREFIX_BASEID); + + } else { + Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } + + } catch (ConfigurationException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } catch (EgovUtilException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } catch (SZRException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } + + } + + if (MiscUtil.isEmpty(authData.getBPK())) { + Logger.debug("Calcutlate bPK from baseID"); + buildOAspecificbPK(oaParam, authData, + authData.getIdentificationValue(), + authData.getIdentificationType()); } @@ -443,8 +499,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { try { InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false); IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); - authData.setIdentityLink(idl); - + buildOAspecificIdentityLink(oaParam, authData, idl); + } catch (ParseException e) { Logger.error("Received IdentityLink is not valid", e); @@ -618,15 +674,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, IOAAuthParameters oaParam) throws BuildException, ConfigurationException { - - String target = oaParam.getTarget(); IdentityLink identityLink = session.getIdentityLink(); VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - boolean businessService = oaParam.getBusinessService(); - authData.setIssuer(session.getAuthURL()); //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO @@ -733,67 +785,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - - //resign IDL - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion; - resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion()); - IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); - IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); - - authData.setIdentityLink(resignedIDL); - - } else { - - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } + buildOAspecificbPK(oaParam, authData, + identityLink.getIdentificationValue(), + identityLink.getIdentificationType()); + + buildOAspecificIdentityLink(oaParam, authData, identityLink); + } @@ -803,4 +800,77 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } + + private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { + if (oaParam.getBusinessService()) { + Element idlassertion = idl.getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink businessServiceIdl = idlparser.parseIdentityLink(); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion; + resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion()); + IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); + IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); + + authData.setIdentityLink(resignedIDL); + + } else + authData.setIdentityLink(idl); + + + } + + private static void buildOAspecificbPK(IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException { + + if (oaParam.getBusinessService()) { + //since we have foreigner, wbPK is not calculated in BKU + if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(baseID); + authData.setBPKType(baseIDType); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + } else { + + if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(baseID, oaParam.getTarget()); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + } + + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index a62de27fc..23369fecc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -113,6 +113,8 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.util.config.EgovUtilConfiguration; +import at.gv.util.config.EgovUtilPropertiesConfiguration; /** * A class providing access to the Auth Part of the MOA-ID configuration data. @@ -210,6 +212,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { private static SSO ssoconfig = null; + private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; + private static Date date = null; private String publicURLPreFix = null; @@ -325,7 +329,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { statisticProps.put(propertyName, props.get(key.toString())); } } - + // initialize hibernate synchronized (AuthConfigurationProvider.class) { @@ -384,6 +388,24 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // String xmlconfigout = props.getProperty("configuration.xml.out"); + //configure eGovUtils client implementations + + //read eGovUtils client configuration + Properties eGovUtilsConfigProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "service."; + if (key.toString().startsWith(propPrefix+"egovutil")) { + String propertyName = key.toString().substring(propPrefix.length()); + eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); + } + } + if (!eGovUtilsConfigProp.isEmpty()) { + Logger.info("Start eGovUtils client implementation configuration ..."); + eGovUtilsConfig = + new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); + } + + //check if XML config should be used if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); @@ -1035,7 +1057,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return storkconfig; } - private void setCertStoreDirectory() throws ConfigurationException { + /** + * @return the eGovUtilsConfig + */ +public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + return eGovUtilsConfig; +} + +private void setCertStoreDirectory() throws ConfigurationException { AuthComponentGeneral auth = getAuthComponentGeneral(); if (auth.getGeneralConfiguration() != null) @@ -1075,5 +1104,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } return moasp; } - + } -- cgit v1.2.3 From c48b11484a7c0b71a4259a33de279a9501a5cdef Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Oct 2014 13:04:03 +0200 Subject: update AuthData builder --- .../id/auth/builder/AuthenticationDataBuilder.java | 135 +++++++++++++++------ 1 file changed, 96 insertions(+), 39 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 0510f545a..cd2bfcf91 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -361,6 +361,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setBPK(pvpbPK.split(":")[1]); } + boolean foundEncryptedbPKForOA = false; if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { List encbPKList = Arrays.asList( extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";")); @@ -377,6 +378,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { + oaParam.getPublicURLPrefix() + " Start decryption process ..."); PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey(); + foundEncryptedbPKForOA = true; if (privKey != null) { try { String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey); @@ -411,54 +413,82 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } - if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 && - MiscUtil.isEmpty(authData.getIdentificationValue())) { + if (MiscUtil.isEmpty(authData.getIdentificationValue()) && + MiscUtil.isEmpty(authData.getBPK()) && + !foundEncryptedbPKForOA) { Logger.info("Federated assertion include no bPK, encrypted bPK or baseID"); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME + + " or " + PVPConstants.ENC_BPK_LIST_NAME); - try { - EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); - if (eGovClientsConfig != null) { - SZRClient szrclient = new SZRClient(eGovClientsConfig); + } + + //check if received bPK matchs to online application configuration + //and no encrypted bPK is found for this oa + if (!matchsReceivedbPKToOnlineApplication(oaParam, authData) + && !foundEncryptedbPKForOA) { + Logger.info("Received bPK/wbPK does not match to online application"); + + if (MiscUtil.isEmpty(authData.getIdentificationValue())) { + Logger.info("No baseID found. Connect SZR to reveive baseID ..."); + try { + EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); + if (eGovClientsConfig != null) { + SZRClient szrclient = new SZRClient(eGovClientsConfig); + + Logger.debug("Create SZR request to get baseID ... "); + PersonInfoType personInfo = new PersonInfoType(); + at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); + personInfo.setPerson(person); + at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); + person.setName(name); + at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType(); + person.setIdentification(idValue); + + //set bPK or wbPK + idValue.setValue(authData.getBPK()); + idValue.setType(authData.getBPKType()); + + //set person information + name.setGivenName(authData.getGivenName()); + name.setFamilyName(authData.getFamilyName()); + if (authData.getDateOfBirth() != null) + person.setDateOfBirth(authData.getFormatedDateOfBirth()); + + //request szr and store baseID + authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); + authData.setIdentificationType(Constants.URN_PREFIX_BASEID); + + } else { + Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } + + } catch (ConfigurationException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - Logger.debug("Create SZR request to get baseID ... "); - PersonInfoType personInfo = new PersonInfoType(); - at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); - personInfo.setPerson(person); - at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); - person.setName(name); + } catch (EgovUtilException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - name.setGivenName(authData.getGivenName()); - name.setFamilyName(authData.getFamilyName()); - if (authData.getDateOfBirth() != null) - person.setDateOfBirth(authData.getFormatedDateOfBirth()); - - authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); - authData.setIdentificationType(Constants.URN_PREFIX_BASEID); - - } else { - Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + } catch (SZRException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + " or " + PVPConstants.EID_SOURCE_PIN_NAME); } - - } catch (ConfigurationException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - - } catch (EgovUtilException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - - } catch (SZRException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - } - + + //build OA specific bPK/wbPK information + buildOAspecificbPK(oaParam, authData, + authData.getIdentificationValue(), + authData.getIdentificationType()); + } if (MiscUtil.isEmpty(authData.getBPK())) { @@ -672,6 +702,33 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setPublicAuthority(false); } + /** + * @param oaParam + * @param authData + * @return + */ + private static boolean matchsReceivedbPKToOnlineApplication( + IOAAuthParameters oaParam, AuthenticationData authData) { + + String oaTarget = null; + if (oaParam.getBusinessService()) { + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) + oaTarget = oaParam.getIdentityLinkDomainIdentifier(); + else + oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); + + } + + + if (oaTarget.equals(authData.getBPKType())) + return true; + else + return false; + } + private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, IOAAuthParameters oaParam) throws BuildException, ConfigurationException { -- cgit v1.2.3 From 45a8fe220eabaf060ef42704a2b51104de7f73a8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 13:01:39 +0200 Subject: add PVP gateway configuration --- .../java/at/gv/egovernment/moa/id/config/OAParameter.java | 11 +++++++++++ .../gv/egovernment/moa/id/config/auth/OAAuthParameter.java | 13 +++++++++++++ 2 files changed, 24 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index b2bcd443f..d87dfd3b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -70,6 +70,8 @@ public class OAParameter { this.isInderfederationIDP = oa.isIsInterfederationIDP(); + this.isSTORKPVPGateway = oa.isIsInterfederationGateway(); + } /** @@ -107,6 +109,8 @@ public class OAParameter { private Boolean isInderfederationIDP; + private Boolean isSTORKPVPGateway; + /** * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) */ @@ -154,6 +158,13 @@ public class OAParameter { return isInderfederationIDP; } + public boolean isSTORKPVPGateway() { + if (isSTORKPVPGateway == null) + return false; + + return isSTORKPVPGateway; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 673d23373..d235f54fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -61,6 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationGatewayType; import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; @@ -99,6 +100,7 @@ public class OAAuthParameter extends OAParameter implements IOAAuthParameters { private AuthComponentOA oa_auth; private String keyBoxIdentifier; private InterfederationIDPType inderfederatedIDP = null; + private InterfederationGatewayType interfederatedGateway = null; public OAAuthParameter(OnlineApplication oa) { super(oa); @@ -108,6 +110,8 @@ public class OAAuthParameter extends OAParameter implements IOAAuthParameters { this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); this.inderfederatedIDP = oa.getInterfederationIDP(); + + this.interfederatedGateway = oa.getInterfederationGateway(); } @@ -537,6 +541,15 @@ public boolean isIDPPublicService() { } +public String getSTORKPVPForwardEntity() { + if (interfederatedGateway != null) { + return interfederatedGateway.getForwardIDPIdentifier(); + + } else + return null; + +} + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() */ -- cgit v1.2.3 From deebaf058efe2203f0e6844de7cb6b09374cab7c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 13:03:52 +0200 Subject: add VIDP gateway process-flow to national infrastructure --- .../gv/egovernment/moa/id/moduls/SSOManager.java | 1 + .../id/protocols/stork2/AuthenticationRequest.java | 16 +++++---- .../moa/id/protocols/stork2/STORKProtocol.java | 38 +++++++++++++++++++--- 3 files changed, 44 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index ff294dc3d..68545e1c2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -100,6 +100,7 @@ public class SSOManager { if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + return; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3bd827667..95597e0ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -22,7 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -38,6 +37,7 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -67,14 +67,11 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private IAuthData authData = null; private MOASTORKRequest moaStorkRequest = null; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - this.authData = authData; - if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) { this.moaStorkRequest = (MOASTORKRequest) req; @@ -111,7 +108,10 @@ public class AuthenticationRequest implements IAction { // } // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam)); + + //build STORK attributes from local authentication information + if (authData != null) + moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam)); } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); @@ -390,6 +390,10 @@ public class AuthenticationRequest implements IAction { public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + //redirect to national PVP IDP infrastructure if special attributes are requested + if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest) + return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req); + // // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country // if (req instanceof MOASTORKRequest) { // MOASTORKRequest moastorkRequest = (MOASTORKRequest) req; @@ -444,7 +448,7 @@ public class AuthenticationRequest implements IAction { } - public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) { + public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) { IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); Logger.info("Found " + attrLst.size() + " personal attributes in the request."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 440121417..57531992d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -23,11 +23,15 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -145,20 +149,23 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; - - + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { // we do not have a authnRequest // check if a valid attr request is container try { attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } } @@ -176,11 +183,32 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("Exception, attributes: " + e.getMessage()); } - STORK2Request.setSTORKAuthnRequest(authnRequest); STORK2Request.setSTORKAttrRequest(attrRequest); - - + + //check if OA is instance of VIDP or STORKPVPGateway + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); + + else { + if (oaParam.isSTORKPVPGateway()) { + if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) { + Logger.info("Received request for STORK->PVP gateway. " + + "Forward to PVP portal with entiyID " + oaParam.getSTORKPVPForwardEntity() + + " ..." ); + STORK2Request.setRequestedIDP(oaParam.getSTORKPVPForwardEntity()); + + } else { + Logger.error("InterfederatedGateway configuration with ID " + STORK2Request.getOAURL() + + " not configure a forward entityID."); + throw new MOAIDException("", null); + + } + } + + } + return STORK2Request; } else { throw new MOAIDException("stork.14", null); // TODO Specify message -- cgit v1.2.3 From f4e83ea671c3bd743fca894f7f48a29e95dcb4dc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 13:05:23 +0200 Subject: add sequence priority to STORK attribute providers --- .../id/protocols/stork2/AttributeCollector.java | 11 +++++--- .../protocols/stork2/AttributeProviderFactory.java | 8 +++--- .../attributeproviders/AttributeProvider.java | 31 ++++++++++++++++++++-- .../EHvdAttributeProviderPlugin.java | 7 +++++ .../EHvdAttribute_deprecatedProviderPlugin.java | 7 +++++ .../MandateAttributeRequestProvider.java | 7 +++++ .../SignedDocAttributeRequestProvider.java | 8 ++++++ .../StorkAttributeRequestProvider.java | 8 ++++++ 8 files changed, 79 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 456baf49f..6f29744b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; +import java.util.Iterator; import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -135,9 +136,11 @@ public class AttributeCollector implements IAction { // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; - for (AttributeProvider current : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) + + Iterator attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()); + while(attibuteProvidersInterator.hasNext()) try { - newAttributes = current.parse(httpReq); + newAttributes = attibuteProvidersInterator.next().parse(httpReq); // stop as soon as we hit a capable plugin break; @@ -203,7 +206,9 @@ public class AttributeCollector implements IAction { addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes); // - check if we can find a suitable AttributeProvider Plugin - for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { + Iterator attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()); + while(attibuteProvidersInterator.hasNext()) { + AttributeProvider currentProvider = attibuteProvidersInterator.next(); // build a section of attribute provider's predefined attributes and missing attributes // only missing attributes that can be handled by attribute provider will be sent to it diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index ec64f7eb1..bcc031741 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -32,7 +32,9 @@ import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttribu import at.gv.egovernment.moa.logging.Logger; import java.util.ArrayList; +import java.util.Iterator; import java.util.List; +import java.util.PriorityQueue; /** * A factory for creating AttributeProvider objects. @@ -89,16 +91,16 @@ public class AttributeProviderFactory { * @param configuredAPs the configured a ps * @return the configured plugins */ - public static List getConfiguredPlugins( + public static Iterator getConfiguredPlugins( List configuredAPs) { - List result = new ArrayList(); + PriorityQueue result = new PriorityQueue(); for (AttributeProviderPlugin current : configuredAPs) { result.add(create(current.getName(), current.getUrl(), current.getAttributes())); Logger.debug("Adding configured attribute provider: " + current.getClass().getName() + current.getName() + " at " + current.getUrl()); } - return result; + return result.iterator(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java index a8454b37c..4b50e2593 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java @@ -40,7 +40,7 @@ import eu.stork.peps.auth.commons.PersonalAttribute; * An {@link AttributeProvider} can fetch a set of stork attributes. It might complete the query within one method call, * but might also need to redirect to another webservice to accomplish its task. */ -public abstract class AttributeProvider { +public abstract class AttributeProvider implements Comparable{ protected String attributes; @@ -107,5 +107,32 @@ public abstract class AttributeProvider { return supportedAttributeNames; } - + + /** + * Returns the sequence priority of this attribute provider. + * Providers with small numbers are requested first. + * + * @return a sequence priority of this provider + */ + public abstract int getPriority(); + + /** + * Compare the sequence priority of two attribute providers + * @param o attribute provider + * @return 0 if priority is equal + * @return -1 if priority if this is higher then from o + * @return +1 if priority if o is higher then from this + */ + @Override + public int compareTo(AttributeProvider o) { + if (this.getPriority() == o.getPriority()) + return 0; + + if (this.getPriority() < o.getPriority()) + return -1; + + else + return +1; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java index 8af35673f..51cb472f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java @@ -241,5 +241,12 @@ public class EHvdAttributeProviderPlugin extends AttributeProvider { throw new UnsupportedAttributeException(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java index fb62e43e5..c390f9407 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java @@ -246,5 +246,12 @@ public class EHvdAttribute_deprecatedProviderPlugin extends AttributeProvider { throw new UnsupportedAttributeException(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java index 07e5b70ba..2d92b7406 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java @@ -205,5 +205,12 @@ public class MandateAttributeRequestProvider extends AttributeProvider { return null; // } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java index 13b14b0be..5dc6b801e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -616,4 +616,12 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { return success; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java index cb3a33c69..161e7193a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java @@ -180,5 +180,13 @@ public class StorkAttributeRequestProvider extends AttributeProvider { Logger.info("STORK AttrRequest successfully rendered!"); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 99; + } + } -- cgit v1.2.3 From 503cfcb406551c32f23ad0f4809f56d2d0d605d1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 14:01:00 +0200 Subject: change Attribute Provider interface --- .../moa/id/protocols/stork2/AttributeCollector.java | 2 +- .../stork2/attributeproviders/AttributeProvider.java | 11 ++++++----- .../attributeproviders/EHvdAttributeProviderPlugin.java | 5 +++-- .../EHvdAttribute_deprecatedProviderPlugin.java | 5 +++-- .../attributeproviders/MandateAttributeRequestProvider.java | 9 +++++---- .../attributeproviders/SignedDocAttributeRequestProvider.java | 3 ++- .../attributeproviders/StorkAttributeRequestProvider.java | 5 +++-- 7 files changed, 23 insertions(+), 17 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 6f29744b5..e3b9992aa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -228,7 +228,7 @@ public class AttributeCollector implements IAction { //aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession); //aquiredAttributes = currentProvider.acquire(missingAttributes, container.getRequest().getSpCountry(), moasession); - aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), authData); + aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest(), authData); Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'"); break; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java index 4b50e2593..aaf13a779 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -53,19 +54,19 @@ public abstract class AttributeProvider implements Comparable * for redirecting the user to an external service. Use {@link AttributeProvider#parse(HttpServletRequest)} to parse * the response. * - * @param attributes the list of attributes to be acquired - * @param spCountyCode the sp county code + * @param currentProviderConfiguredAttributes the list of attributes to be acquired + * @param moastorkRequest the sp county code * @param authData the moasession * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done * @throws MOAIDException the mOAID exception */ - protected abstract IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + protected abstract IPersonalAttributeList acquire(PersonalAttribute currentProviderConfiguredAttributes, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; - public IPersonalAttributeList acquire(List attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(List attributes, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { if (attributes.size() == 1) { - return acquire(attributes.get(0), spCountyCode, authData); + return acquire(attributes.get(0), moastorkRequest, authData); } else { throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java index 51cb472f2..761460971 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -77,7 +78,7 @@ public class EHvdAttributeProviderPlugin extends AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -214,7 +215,7 @@ public class EHvdAttributeProviderPlugin extends AttributeProvider { // add stork id for verification ArrayList value = new ArrayList(); - value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode)); + value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), moastorkRequest.getSpCountry())); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); return result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java index c390f9407..2000ef928 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttribute_deprecatedProviderPlugin.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -78,7 +79,7 @@ public class EHvdAttribute_deprecatedProviderPlugin extends AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -219,7 +220,7 @@ public class EHvdAttribute_deprecatedProviderPlugin extends AttributeProvider { // add stork id for verification ArrayList value = new ArrayList(); - value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode)); + value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), moastorkRequest.getSpCountry())); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); return result; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java index 2d92b7406..f4d963645 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java @@ -36,6 +36,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -73,9 +74,9 @@ public class MandateAttributeRequestProvider extends AttributeProvider { } @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); - this.spCountryCode = spCountryCode; + this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); @@ -94,9 +95,9 @@ public class MandateAttributeRequestProvider extends AttributeProvider { } @Override - public IPersonalAttributeList acquire(List attributes, String spCountryCode, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(List attributes, MOASTORKRequest moastorkRequest, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring " + attributes.size() + " attributes, by: " + getAttrProviderName()); - this.spCountryCode = spCountryCode; + this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(attributes.size()); for (PersonalAttribute personalAttribute : attributes) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java index 5dc6b801e..06cb99da0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java @@ -58,6 +58,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; @@ -124,7 +125,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider { * .lang.String) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if(!attributes.contains(attribute.getName())) { throw new UnsupportedAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java index 161e7193a..5ee0e380e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java @@ -35,6 +35,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -77,13 +78,13 @@ public class StorkAttributeRequestProvider extends AttributeProvider { * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) + protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if (!attributes.contains(attribute.getName())) throw new UnsupportedAttributeException(); - this.spCountryCode = spCountyCode; + this.spCountryCode = moastorkRequest.getSpCountry(); requestedAttributes = new PersonalAttributeList(1); requestedAttributes.add(attribute); -- cgit v1.2.3 From 5a5ab5c36c94157e431a6128e3189db314626859 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 14:01:31 +0200 Subject: add PVPAuthentication provider --- .../protocols/stork2/AttributeProviderFactory.java | 3 + .../moa/id/protocols/stork2/STORKPVPUtilits.java | 49 +++++ .../PVPAuthenticationProvider.java | 238 +++++++++++++++++++++ 3 files changed, 290 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index bcc031741..a1525db0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -27,6 +27,7 @@ import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributePro import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttributeProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttribute_deprecatedProviderPlugin; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.MandateAttributeRequestProvider; +import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.PVPAuthenticationProvider; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.SignedDocAttributeRequestProvider; import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttributeRequestProvider; import at.gv.egovernment.moa.logging.Logger; @@ -80,6 +81,8 @@ public class AttributeProviderFactory { ex.printStackTrace(); return null; } + } else if (shortname.equals("PVPAuthenticationProvider")) { + return new PVPAuthenticationProvider(url, attributes); } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java new file mode 100644 index 000000000..d923eccde --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java @@ -0,0 +1,49 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.Arrays; +import java.util.List; + +/** + * @author tlenz + * + */ +public class STORKPVPUtilits { + + public static final List attributesRequirePVPAuthentication = + Arrays.asList("ECApplicationRole"); + + + + public static boolean performAuthenticationOnNationalIDP(MOASTORKRequest moastorkRequest) { + for (String el : attributesRequirePVPAuthentication) { + if (moastorkRequest.getPersonalAttributeList().containsKey(el)) { + return true; + + } + } + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java new file mode 100644 index 000000000..95af3565e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java @@ -0,0 +1,238 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; + +import java.io.StringWriter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; +import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; + +/** + * @author tlenz + * + */ +public class PVPAuthenticationProvider extends AttributeProvider { + + private String destination = null; + private MOASTORKRequest moastorkRequest = null; + + /** + * @param attributes + * @param attributes2 + */ + public PVPAuthenticationProvider(String url, String attributes) { + super(attributes); + this.destination = url; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + protected IPersonalAttributeList acquire(PersonalAttribute attribute, + MOASTORKRequest moastorkRequest, IAuthData authData) + throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException, MOAIDException { + + this.moastorkRequest = moastorkRequest; + // break if we cannot handle the requested attribute + if (!attributes.contains(attribute.getName())) { + Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); + throw new UnsupportedAttributeException(); + + } + + Logger.info("Thrown external request by: " + getAttrProviderName()); + throw new ExternalAttributeRequestRequiredException(this); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#performRedirect(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) + */ + @Override + public void performRedirect(String url, HttpServletRequest req, + HttpServletResponse resp, OAAuthParameter oaParam) + throws MOAIDException { + + String spSector = "Business"; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + String spCountryCode = moastorkRequest.getSpCountry(); + + if ((spCountryCode == null) || (spCountryCode.length()<2)) { + spCountryCode = oaParam.getTarget(); + Logger.info("Setting spcountry target: " + oaParam.getTarget()); + Logger.info("idlink ident " + oaParam.getIdentityLinkDomainIdentifier()); + Logger.info("idlink type " + oaParam.getIdentityLinkDomainIdentifierType()); + Logger.info("Setting spcountry target friendly : " + oaParam.getTargetFriendlyName()); + Logger.info("Oatype : " + oaParam.getOaType()); + Logger.info("puburl : " + oaParam.getPublicURLPrefix()); + if ("STORK".equals(oaParam.getIdentityLinkDomainIdentifierType())) { + + spCountryCode = oaParam.getIdentityLinkDomainIdentifier().substring(oaParam.getIdentityLinkDomainIdentifier().length()-2); + Logger.info("Set to " +spCountryCode); + } + + } + + //generate AttrQueryRequest + STORKAuthnRequest authRequest = new STORKAuthnRequest(); + authRequest.setDestination(destination); + authRequest.setAssertionConsumerServiceURL(url); + authRequest.setIssuer(HTTPUtils.getBaseURL(req)); + authRequest.setQaa(oaParam.getQaaLevel()); + authRequest.setSpInstitution(spInstitution); + authRequest.setCountry(spCountryCode); + authRequest.setSpCountry(spCountryCode); + authRequest.setSpApplication(spApplication); + authRequest.setSpSector(spSector); + authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList()); + + authRequest.setCitizenCountryCode("AT"); + authRequest.setQaa(oaParam.getQaaLevel()); + + if (authRequest.getQaa() == 0 ) { + authRequest.setQaa(4); // workaround + } + + + + Logger.info("STORK AttrRequest successfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + + authRequest = samlEngine.generateSTORKAuthnRequest(authRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + //validate AuthnRequest + try { + samlEngine.validateSTORKAuthnRequest(authRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { + Logger.error("STORK SAML AuthnRequest not valid.", e); + throw new MOAIDException("stork.01", null); + } + + Logger.debug("STORK AuthnRequest successfully internally validated."); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); + + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + + } + Logger.info("STORK AttrRequest successfully rendered!"); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) + */ + @Override + public IPersonalAttributeList parse(HttpServletRequest httpReq) + throws UnsupportedAttributeException, MOAIDException { + + Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request"); + + //extract STORK Response from HTTP Request + //Decodes SAML Response + byte[] decSamlToken; + try { + decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); + } catch(NullPointerException e) { + throw new UnsupportedAttributeException(); + } + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + + STORKAuthnResponse authnResponse = null; + try { + //validate SAML Token + Logger.debug("Starting validation of SAML response"); + authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) httpReq.getRemoteHost()); + Logger.info("SAML response successfully verified!"); + + }catch(STORKSAMLEngineException e){ + Logger.error("Failed to verify STORK SAML Response", e); + throw new MOAIDException("stork.05", null); + } + + return authnResponse.getPersonalAttributeList(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() + */ + @Override + public int getPriority() { + return 1; + } + + public String getAttrProviderName() { + return this.getClass().getName(); + } +} -- cgit v1.2.3 From cf30fab96d66c6beb46f1c69bf8a9d4bed2fb715 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:42:40 +0200 Subject: refactor bPK/wbPK builder --- .../moa/id/auth/builder/BPKBuilder.java | 69 ++++++++++++---------- 1 file changed, 37 insertions(+), 32 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index b122ba17e..a2570ed7e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -46,7 +46,6 @@ package at.gv.egovernment.moa.id.auth.builder; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.logging.Logger; @@ -54,7 +53,6 @@ import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; -import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -103,14 +101,7 @@ public class BPKBuilder { else basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[]{"bPK", ex.toString()}, ex); - } + return calculatebPKwbPK(basisbegriff); } /** @@ -139,16 +130,24 @@ public class BPKBuilder { else basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); - String hashBase64 = Base64Utils.encode(hash); - return hashBase64; - } catch (Exception ex) { - throw new BuildException("builder.00", new Object[]{"wbPK", ex.toString()}, ex); - } + return calculatebPKwbPK(basisbegriff); } + public String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { + if (MiscUtil.isEmpty(baseID) || + !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || + bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || + bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { + throw new BuildException("builder.00", + new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget + + " has an unkown prefix."}); + + } + + return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); + + } + public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { MiscUtil.assertNotNull(bpk, "BPK"); MiscUtil.assertNotNull(publicKey, "publicKey"); @@ -211,7 +210,8 @@ public class BPKBuilder { */ public String buildStorkeIdentifier(IdentityLink identityLink, String destinationCountry) throws BuildException { - return buildStorkbPK(identityLink, "AT", destinationCountry); + return buildStorkbPK(identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), "AT", destinationCountry); } /** @@ -224,10 +224,7 @@ public class BPKBuilder { */ public String buildStorkeIdentifier(String identificationType, String identificationValue, String destinationCountry) throws BuildException { - IdentityLink tempIdentity = new IdentityLink(); - tempIdentity.setIdentificationType(identificationType); - tempIdentity.setIdentificationValue(identificationValue); - return buildStorkbPK(tempIdentity, "AT", destinationCountry); + return buildStorkbPK(identificationValue, identificationType, "AT", destinationCountry); } /** @@ -239,16 +236,17 @@ public class BPKBuilder { * @return storkid in a BASE64 encoding * @throws BuildException if an error occurs on building the wbPK */ - public String buildStorkbPK(IdentityLink identityLink, String sourceCountry, String destinationCountry) + public String buildStorkbPK(String baseID, String baseIDType, String sourceCountry, String destinationCountry) throws BuildException { String identificationValue = null; // check if we have been called by public sector application - if (identityLink.getIdentificationType().startsWith(Constants.URN_PREFIX_BASEID)) { - identificationValue = calculateStorkeIdentifierBase(identityLink, sourceCountry, destinationCountry); + if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { + identificationValue = calculateStorkeIdentifierBase(baseID, sourceCountry, destinationCountry); + } else { // if not, sector identification value is already calculated by BKU Logger.info("STORK eIdentifier already provided by BKU"); - identificationValue = identityLink.getIdentificationValue(); + identificationValue = baseID; } if ((identificationValue == null || @@ -266,19 +264,26 @@ public class BPKBuilder { return eIdentifier; } - - private String calculateStorkeIdentifierBase(IdentityLink identityLink, String sourceCountry, String destinationCountry) throws BuildException { - String basisbegriff = identityLink.getIdentificationValue() + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; - Logger.info("Building STORK identification from: [identValue]+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry); - try { + + private String calculateStorkeIdentifierBase(String baseID, String sourceCountry, String destinationCountry) throws BuildException { + String basisbegriff = baseID + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; + Logger.info("Building STORK identification from: [identValue]+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry); + return calculatebPKwbPK(basisbegriff); + + } + + private String calculatebPKwbPK(String basisbegriff) throws BuildException { + try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); String hashBase64 = Base64Utils.encode(hash); Logger.debug("STORK identification defined as: " + hashBase64); return hashBase64; + } catch (Exception ex) { throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex); } + } private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { -- cgit v1.2.3 From 422bce78a84746c95298facd6c00ade2d48683ad Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:43:19 +0200 Subject: fix possible NullpointerException --- .../egovernment/moa/id/advancedlogging/StatisticLogger.java | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index f20339506..b68db92a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -110,8 +110,7 @@ public class StatisticLogger { Logger.warn("Advanced logging failed: OA can not be found in database."); return; } - - + StatisticLog dblog = new StatisticLog(); //set actual date and time @@ -125,12 +124,8 @@ public class StatisticLogger { dblog.setOafriendlyName(dbOA.getFriendlyName()); boolean isbusinessservice = isBusinessService(dbOA); - dblog.setBusinessservice(isbusinessservice); - - if (isbusinessservice) - dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue()); - else - dblog.setOatarget(dbOA.getTarget()); + dblog.setBusinessservice(isbusinessservice); + dblog.setOatarget(authData.getBPKType()); dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession()); -- cgit v1.2.3 From a9e03893056cf1b349148b0f1048c37c9073e557 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:44:54 +0200 Subject: update dynamic OA generation --- .../builder/DynamicOAAuthParameterBuilder.java | 37 ++++++++++++++- .../gv/egovernment/moa/id/config/OAParameter.java | 18 +++---- .../moa/id/config/auth/IOAAuthParameters.java | 12 +++++ .../moa/id/config/auth/OAAuthParameter.java | 29 +++++++++++- .../config/auth/data/DynamicOAAuthParameters.java | 55 +++++++++------------- 5 files changed, 106 insertions(+), 45 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java index 132b6af01..49f87122d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -33,7 +33,9 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -62,7 +64,7 @@ public class DynamicOAAuthParameterBuilder { attrValue.startsWith(Constants.URN_PREFIX_STORK) ) { dynamicOA.setBusinessService(true); dynamicOA.setTarget(attrValue); - + } else { Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea"); throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null); @@ -106,4 +108,37 @@ public class DynamicOAAuthParameterBuilder { } + + /** + * @param oaParam + * @param protocolRequest + * @return + */ + public static IOAAuthParameters buildFromAuthnRequest( + IOAAuthParameters oaParam, IRequest protocolRequest) { + + DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters(); + dynOAParams.setApplicationID(oaParam.getPublicURLPrefix()); + dynOAParams.setBusinessService(oaParam.getBusinessService()); + + if (protocolRequest instanceof MOASTORKRequest) + return buildFromSTORKRequest(dynOAParams, (MOASTORKRequest) protocolRequest); + + Logger.warn("Dynamic OA generation failed. RequestType is not implemented."); + return null; + } + + /** + * @param oaParam + * @param protocolRequest + * @return + */ + private static IOAAuthParameters buildFromSTORKRequest( + DynamicOAAuthParameters oaParam, MOASTORKRequest protocolRequest) { + + oaParam.setBusinessTarget(Constants.URN_PREFIX_STORK + "+" + "AT" + "+" + protocolRequest.getSpCountry()); + oaParam.setBusinessService(true); + + return oaParam; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index d87dfd3b5..a2e8bab9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -47,6 +47,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; */ public class OAParameter { + public OAParameter() { } + public OAParameter(OnlineApplication oa) { this.oaType = oa.getType(); @@ -83,33 +85,33 @@ public class OAParameter { * specifies whether the online application is a business application or not (true * if value of {@link #oaType} is "businessService" */ - private boolean businessService; + protected boolean businessService; /** * public URL prefix of the online application */ - private String publicURLPrefix; + protected String publicURLPrefix; /** * specifies a human readable name of the Online Application */ - private String friendlyName; + protected String friendlyName; /** * specified a specific target for the Online Application (overwrites the target in der request) */ - private String target; + protected String target; /** * specifies a friendly name for the target */ - private String targetFriendlyName; + protected String targetFriendlyName; - private boolean removePBKFromAuthblock; + protected boolean removePBKFromAuthblock; - private Boolean isInderfederationIDP; + protected Boolean isInderfederationIDP; - private Boolean isSTORKPVPGateway; + protected Boolean isSTORKPVPGateway; /** * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 4c6519b57..c336eb316 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -54,6 +54,8 @@ public interface IOAAuthParameters { public boolean isInderfederationIDP(); + public boolean isSTORKPVPGateway(); + /** * @return the identityLinkDomainIdentifier */ @@ -152,5 +154,15 @@ public interface IOAAuthParameters { List getTestCredentialOIDs(); PrivateKey getBPKDecBpkDecryptionKey(); + + /** + * @return + */ + boolean isPassivRequestUsedForInterfederation(); + + /** + * @return + */ + boolean isPerformLocalAuthenticationOnInterfederationError(); } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index d235f54fd..90b72b72b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -443,6 +443,9 @@ public List getRequestedAttributes() { @Override public boolean isRequireConsentForStorkAttributes() { try{ + if (isSTORKPVPGateway()) + return false; + return oa_auth.getOASTORK().isRequireConsent(); }catch(Exception e) { @@ -457,7 +460,13 @@ public boolean isRequireConsentForStorkAttributes() { */ @Override public List getStorkAPs() { - return oa_auth.getOASTORK().getAttributeProviders(); + if (oa_auth.getOASTORK() != null && + oa_auth.getOASTORK().getAttributeProviders() != null) + return oa_auth.getOASTORK().getAttributeProviders(); + + else + return new ArrayList(); + } /* (non-Javadoc) @@ -527,10 +536,26 @@ public boolean isOutboundSSOInterfederationAllowed() { return false; } +@Override +public boolean isPassivRequestUsedForInterfederation() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isPerformPassivRequest().booleanValue(); + else + return false; +} + +@Override +public boolean isPerformLocalAuthenticationOnInterfederationError() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isPerformLocalAuthenticationOnError().booleanValue(); + else + return false; +} + @Override public boolean isInterfederationSSOStorageAllowed() { if (inderfederatedIDP != null) - return inderfederatedIDP.isStoreSSOSession(); + return inderfederatedIDP.isStoreSSOSession().booleanValue(); else return false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 7dbdcfa52..e576522bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -32,31 +32,19 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; /** * @author tlenz * */ -public class DynamicOAAuthParameters implements IOAAuthParameters { - - private String applicationID = null; +public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParameters { - private boolean isBusinessService; - private String target; private String businessTarget; - private boolean inderfederatedIDP; private String IDPQueryURL; - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() - */ - @Override - public boolean getBusinessService() { - return this.isBusinessService; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() */ @@ -73,14 +61,6 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { return this.businessTarget; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() - */ - @Override - public boolean isInderfederationIDP() { - return this.inderfederatedIDP; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() */ @@ -309,7 +289,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { * @param isBusinessService the isBusinessService to set */ public void setBusinessService(boolean isBusinessService) { - this.isBusinessService = isBusinessService; + businessService = isBusinessService; } /** @@ -330,7 +310,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { * @param inderfederatedIDP the inderfederatedIDP to set */ public void setInderfederatedIDP(boolean inderfederatedIDP) { - this.inderfederatedIDP = inderfederatedIDP; + isInderfederationIDP = inderfederatedIDP; } /** @@ -340,19 +320,11 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { IDPQueryURL = iDPQueryURL; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() - */ - @Override - public String getPublicURLPrefix() { - return this.applicationID; - } - /** * @param applicationID the applicationID to set */ public void setApplicationID(String applicationID) { - this.applicationID = applicationID; + publicURLPrefix = applicationID; } /* (non-Javadoc) @@ -409,6 +381,21 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { return null; } - + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPassivRequestUsedForInterfederation() + */ + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPerformLocalAuthenticationOnInterfederationError() + */ + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } } -- cgit v1.2.3 From d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:47:00 +0200 Subject: update STORK <-> PVP gateway functionality --- .../id/auth/builder/AuthenticationDataBuilder.java | 103 +++++++++++---------- .../moa/id/data/AuthenticationData.java | 20 ++++ .../at/gv/egovernment/moa/id/data/IAuthData.java | 2 + .../moa/id/entrypoints/DispatcherServlet.java | 22 ++++- .../moa/id/moduls/AuthenticationManager.java | 7 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 2 +- .../moa/id/protocols/pvp2x/PVPConstants.java | 2 +- .../pvp2x/builder/AttributQueryBuilder.java | 3 +- .../pvp2x/utils/AssertionAttributeExtractor.java | 27 +++++- .../protocols/stork2/AttributeProviderFactory.java | 2 +- .../id/protocols/stork2/AuthenticationRequest.java | 2 +- .../moa/id/protocols/stork2/MOASTORKRequest.java | 52 +++++++---- .../PVPAuthenticationProvider.java | 1 + 13 files changed, 162 insertions(+), 83 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cd2bfcf91..2c20e96ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -78,6 +78,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -175,7 +176,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { //get OnlineApplication from MOA-ID-Auth configuration oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaID); - + + //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway + if (oaParam.isSTORKPVPGateway()) + oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest); + } else { //build OnlineApplication dynamic from requested attributes oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP); @@ -347,24 +352,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.debug("Build AuthData from assertion starts ...."); - authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME)); - authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME)); - authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME)); - authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); - authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME)); - authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME)); - authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME)); - authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); + authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME)); + authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME)); + authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME)); + authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); + authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME)); + authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME)); + authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME)); + authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); if (extractor.containsAttribute(PVPConstants.BPK_NAME)) { - String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME); + String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME); authData.setBPK(pvpbPK.split(":")[1]); } boolean foundEncryptedbPKForOA = false; if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { List encbPKList = Arrays.asList( - extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";")); + extractor.getSingleAttributeValue(PVPConstants.ENC_BPK_LIST_NAME).split(";")); authData.setEncbPKList(encbPKList); for (String fullEncbPK : encbPKList) { int index = fullEncbPK.indexOf("|"); @@ -501,11 +506,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + - extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { try { - byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false); + byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false); authData.setAuthBlock(new String(authBlock, "UTF-8")); } catch (IOException e) { @@ -517,7 +522,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { try { authData.setSignerCertificate(Base64Utils.decode( - extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); + extractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); } catch (IOException e) { Logger.error("Received SignerCertificate is not valid", e); @@ -527,7 +532,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) { try { - InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false); + InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false); IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); buildOAspecificIdentityLink(oaParam, authData, idl); @@ -542,12 +547,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { // set mandate attributes - authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); + authData.setMandateReferenceValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { try { byte[] mandate = Base64Utils.decode( - (extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); + (extractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); if (authData.getMISMandate() == null) authData.setMISMandate(new MISMandate()); @@ -588,9 +593,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { legalperson.getIdentification().add(legalID ); mandator.setCorporateBody(legalperson ); - legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); - legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); - idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); + legalperson.setFullName(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); + legalID.setType(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); + idvalue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); //build natural person short mandate } else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) || @@ -610,18 +615,18 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Value idValue = new Value(); persID.setValue(idValue ); - String[] pvp2GivenName = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); + String[] pvp2GivenName = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); for(int i=0; i roles = Arrays.asList(pvpRoles.split(";")); + for (String role : roles) { + authData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole(role)); + } + } + } + //set STORK attributes if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) { - authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME)); + authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME)); authData.setForeigner(true); } @@ -712,10 +728,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { String oaTarget = null; if (oaParam.getBusinessService()) { - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK) || + oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_STORK)) oaTarget = oaParam.getIdentityLinkDomainIdentifier(); - else - oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + else { + Logger.warn("BusinessIdentifier can not be clearly assigned, because it starts without a prefix."); + return false; + + } } else { oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); @@ -891,22 +912,10 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (oaParam.getBusinessService()) { //since we have foreigner, wbPK is not calculated in BKU if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - + authData.setBPK(new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr)); + authData.setBPKType(registerAndOrdNr); + } else { authData.setBPK(baseID); authData.setBPKType(baseIDType); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 6fd327add..050706d7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -26,6 +26,7 @@ import java.io.Serializable; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; +import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -129,6 +130,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String authBlock = null; private List encbPKList = null; + private List roles = null; private boolean useMandate = false; private MISMandate mandate = null; @@ -688,6 +690,24 @@ public class AuthenticationData implements IAuthData, Serializable { public void setEncbPKList(List encbPKList) { this.encbPKList = encbPKList; } + + /** + * @return the roles + */ + public List getAuthenticationRoles() { + return roles; + } + + /** + * @param roles the roles to set + */ + public void addAuthenticationRole(AuthenticationRole role) { + if (this.roles == null) + this.roles = new ArrayList(); + + this.roles.add(role); + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 8ce33021d..0d55dbdd1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -69,6 +69,8 @@ public interface IAuthData { byte[] getSignerCertificate(); String getAuthBlock(); + List getAuthenticationRoles(); + boolean isPublicAuthority(); String getPublicAuthorityCode(); boolean isQualifiedCertificate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 1e38bd4ff..03cb6c1c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -276,11 +276,27 @@ public class DispatcherServlet extends AuthServlet{ Logger.info("PreProcessing of SSO interfederation response complete. "); - //request is a not valid interfederation response -> Restart local authentication + //request is a not valid interfederation response } else if (protocolRequest != null && MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { - Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() - + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); + + OAAuthParameter oaParams = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) { + // -> send end error to service provider + Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() + + " FAILED. Sending error message to service provider."); + MOAIDException e = new MOAIDException("auth.27", new Object[]{}); + IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); + if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest)) + handleErrorNoRedirect(e.getMessage(), e, req, + resp); + + return; + + } else + //-> Restart local authentication + Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() + + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); //request is a new authentication request } else if (protocolRequest != null && diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index daa70efce..a4d63b144 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -381,14 +381,15 @@ public class AuthenticationManager extends AuthServlet { //get IDP metadata try { OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); Logger.info("Switch to local authentication on this IDP ... "); perfomLocalAuthentication(request, response, target); return; - } - + } + EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). getEntityDescriptor(target.getRequestedIDP()); @@ -417,7 +418,7 @@ public class AuthenticationManager extends AuthServlet { authReq.setID(gen.generateIdentifier()); //send passive AuthnRequest - authReq.setIsPassive(true); + authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation()); authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 0da846f9e..cf20db7d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -664,7 +664,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { } else { Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + " from interfederated IDP."); - + } } catch (IOException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 47c297914..1f3e86ff6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -41,7 +41,7 @@ public interface PVPConstants { public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; - public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/"; + public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; public static final String URN_OID_PREFIX = "urn:oid:"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index 6296d102f..91888df5c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -49,6 +49,7 @@ import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; @@ -66,7 +67,7 @@ import at.gv.egovernment.moa.util.Constants; */ public class AttributQueryBuilder { - public static List buildSAML2AttributeList(OAAuthParameter oa, Iterator iterator) { + public static List buildSAML2AttributeList(IOAAuthParameters oa, Iterator iterator) { Logger.debug("Build OA specific Attributes for AttributQuery request"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index a16fed9cd..c5ad26744 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -36,6 +36,7 @@ import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.core.Subject; +import org.opensaml.xml.XMLObject; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -48,7 +49,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class AssertionAttributeExtractor { private Assertion assertion = null; - private Map attributs = new HashMap(); + private Map> attributs = new HashMap>(); private PersonalAttributeList storkAttributes = new PersonalAttributeList(); private final List minimalAttributeNameList = Arrays.asList( @@ -74,13 +75,21 @@ public class AssertionAttributeExtractor { for (Attribute attr : attrStat.getAttributes()) { if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { List storkAttrValues = new ArrayList(); - storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent()); + for (XMLObject el : attr.getAttributeValues()) + storkAttrValues.add(el.getDOM().getTextContent()); + PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), false, storkAttrValues , "Available"); storkAttributes.put(attr.getName(), storkAttr ); - } else - attributs.put(attr.getName(), attr.getAttributeValues().get(0).getDOM().getTextContent()); + } else { + List attrList = new ArrayList(); + for (XMLObject el : attr.getAttributeValues()) + attrList.add(el.getDOM().getTextContent()); + + attributs.put(attr.getName(), attrList); + + } } } @@ -129,7 +138,15 @@ public class AssertionAttributeExtractor { } - public String getAttribute(String attributeName) { + public String getSingleAttributeValue(String attributeName) { + if (attributs.containsKey(attributeName)) + return attributs.get(attributeName).get(0); + else + return null; + + } + + public List getAttributeValues(String attributeName) { return attributs.get(attributeName); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a1525db0a..10b325234 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -54,7 +54,7 @@ public class AttributeProviderFactory { result.add("EHvdAttributeProvider"); result.add("SignedDocAttributeRequestProvider"); result.add("MandateAttributeRequestProvider"); - + result.add("PVPAuthenticationProvider"); return result; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 95597e0ad..aa018d5a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -455,7 +455,7 @@ public class AuthenticationRequest implements IAction { // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 076139018..f4b02ee2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -22,13 +22,23 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; +import java.util.ArrayList; import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -205,30 +215,32 @@ public class MOASTORKRequest extends RequestImpl { return this.storkAuthnRequest.getCitizenCountryCode(); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() - */ - @Override - public String getRequestedIDP() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse() - */ - @Override - public MOAResponse getInterfederationResponse() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() */ @Override public List getRequestedAttributes() { - // TODO Auto-generated method stub - return null; +// //TODO: only for testing with MOA-ID as PVP Stammportal +// IOAAuthParameters oa; +// try { +// List reqAttr = new ArrayList(); +// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); +// +// oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); +// oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); +// +// DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; +// tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); +// +// return AttributQueryBuilder.buildSAML2AttributeList(tmp, reqAttr.iterator()); +// +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// return null; +// } + + return new ArrayList(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java index 95af3565e..88c59ccf9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java @@ -129,6 +129,7 @@ public class PVPAuthenticationProvider extends AttributeProvider { authRequest.setCountry(spCountryCode); authRequest.setSpCountry(spCountryCode); authRequest.setSpApplication(spApplication); + authRequest.setProviderName(spApplication); authRequest.setSpSector(spSector); authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList()); -- cgit v1.2.3 From 73cdf1fbc4794e173e97da67557a44c2026e1ad6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:47:52 +0200 Subject: Refactore STORK attribute generation from AuthData --- .../id/protocols/stork2/MOAAttributeProvider.java | 75 +++++++++++++++++----- 1 file changed, 60 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index a0ec1eb45..d7d6601c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -25,23 +25,31 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKStatusCode; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; +import javassist.expr.Instanceof; + /** * @author bsuzic * Date: 2/19/14, Time: 4:42 PM + * + * @author tlenz + * Date: 23.10.14 */ public class MOAAttributeProvider { - private final IdentityLink identityLink; + private final IAuthData authData; private static final Map storkAttributeSimpleMapping; private static final Map storkAttributeFunctionMapping; private final MOASTORKRequest moastorkRequest; @@ -50,17 +58,18 @@ public class MOAAttributeProvider { Map tempSimpleMap = new HashMap(); tempSimpleMap.put("givenName", "getGivenName"); tempSimpleMap.put("surname", "getFamilyName"); - tempSimpleMap.put("dateOfBirth", "getDateOfBirth"); + tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth"); storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); Map tempFunctionMap = new HashMap(); tempFunctionMap.put("eIdentifier", "geteIdentifier"); + tempFunctionMap.put("ECApplicationRole","getECApplicationRole"); storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } - public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) { - this.identityLink = identityLink; + public MOAAttributeProvider(IAuthData authData, MOASTORKRequest moastorkRequest) { + this.authData = authData; this.moastorkRequest = moastorkRequest; - Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue()); + Logger.debug("identity " + authData.getIdentificationType() + " " + authData.getIdentificationValue()); } public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { @@ -68,8 +77,8 @@ public class MOAAttributeProvider { if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); try { - Method method = identityLink.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); - populateAttributeWithMethod(method, identityLink, attributeList, storkAttribute, requestedAttribute.isRequired()); + Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); + populateAttributeWithMethod(method, authData, attributeList, storkAttribute, requestedAttribute.isRequired()); } catch (NoSuchMethodException e) { Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); e.printStackTrace(); @@ -91,27 +100,63 @@ public class MOAAttributeProvider { } private String geteIdentifier() { - Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); + Logger.debug("Using base urn for identification value: " + authData.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); try { - return new BPKBuilder().buildStorkeIdentifier(identityLink, moastorkRequest.getStorkAuthnRequest().getSpCountry()); + return new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), + moastorkRequest.getStorkAuthnRequest().getSpCountry()); } catch (BuildException be) { Logger.error("Stork eid could not be constructed; " + be.getMessage()); return null; // TODO error } } + private List getECApplicationRole() { + List storkRoles = null; + + if (authData.getAuthenticationRoles() != null + && authData.getAuthenticationRoles().size() > 0) { + + + //TODO: implement PVP role -> STORK role mapping +// storkRoles = new ArrayList(); +// storkRoles.add("CIRCABC/viewer"); + + } + + return storkRoles; + } private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { try { - String attributeValue = method.invoke(object, new Class[]{}).toString(); + Object attributeValue = method.invoke(object, new Class[]{}).toString(); + PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName(storkAttribute); - - newAttribute.setStatus("Available"); newAttribute.setIsRequired(isRequired); - Logger.info("Got attribute value: " + attributeValue); - newAttribute.setValue(new ArrayList(Collections.singletonList(attributeValue))); - attributeList.add(newAttribute); + + if (attributeValue != null) { + newAttribute.setStatus(STORKStatusCode.STATUS_AVAILABLE.name()); + Logger.info("Got attribute value: " + attributeValue); + + if (attributeValue instanceof String) + newAttribute.setValue(new ArrayList(Collections.singletonList((String)attributeValue))); + + else if (attributeValue instanceof List) { + List attributeValueList = (List) attributeValue; + if (attributeValueList.size() > 0 && attributeValueList.get(0) instanceof String) + newAttribute.setValue((List) attributeValueList); + + } else { + Logger.error("Receive an unsupported type for attribute " + storkAttribute); + + } + attributeList.add(newAttribute); + + } else { + Logger.info("Attribute " + storkAttribute + " is not available."); + newAttribute.setStatus(STORKStatusCode.STATUS_NOT_AVAILABLE.name()); + } + } catch (InvocationTargetException e) { Logger.error("Invocation target exception while getting attribute: " + storkAttribute); e.printStackTrace(); -- cgit v1.2.3 From 77cf01db81c74ebbe0e0d2da58e22c5f7c861ab5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:48:32 +0200 Subject: add new classes for Role management --- .../moa/id/data/AuthenticationRole.java | 110 +++++++++++++++++++++ .../moa/id/data/AuthenticationRoleFactory.java | 76 ++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java new file mode 100644 index 000000000..91514ca62 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java @@ -0,0 +1,110 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * @author tlenz + * + */ +public class AuthenticationRole { + + private String roleName = null; + private List> params = null; + + public AuthenticationRole(String roleName) { + this.roleName = roleName; + } + + public void addParameter(String key, String value) { + if (params == null) + params = new ArrayList>(); + params.add(new Entry(key, value)); + + } + + /** + * @return the roleName + */ + public String getRoleName() { + return roleName; + } + + /** + * @return the params + */ + public List> getParams() { + return params; + } + + /** + * @return the params + */ + public Iterator> getParamsInterator() { + return params.iterator(); + } + + static class Entry implements Map.Entry { + + private K key; + private V value; + + Entry(K k, V v) { + key = k; + value = v; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getKey() + */ + @Override + public K getKey() { + return key; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getValue() + */ + @Override + public V getValue() { + return value; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#setValue(java.lang.Object) + */ + @Override + public V setValue(V newValue) { + V oldValue = value; + value = newValue; + return oldValue; + } + + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java new file mode 100644 index 000000000..7d4dc6eff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthenticationRoleFactory { + + public static AuthenticationRole buildFormPVPole(String pvprole) { + AuthenticationRole role = null; + + int first = pvprole.indexOf("("); + + if (first < 0) { + //no role paramters found + role = new AuthenticationRole(pvprole.trim()); + Logger.debug("Add authentication role with name=" + pvprole.trim()); + + } else { + role = new AuthenticationRole(pvprole.substring(0, first).trim()); + Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); + String params = pvprole.substring(first + 1, pvprole.length() - 1); + + List param = Arrays.asList(params.split(",")); + String test = new String(); + for (String el : param) { + test = test.concat(el); + if (!test.endsWith("\\") || + (test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) { + String[] keyValue = test.split("="); + if (keyValue.length < 2) { + role.addParameter(keyValue[0].trim(), ""); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()); + + } else { + role.addParameter(keyValue[0].trim(), keyValue[1].trim()); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() + + " value=" + keyValue[1].trim()); + + } + + test = new String(); + } + } + } + + return role; + } +} -- cgit v1.2.3 From 33be86224cfb2dd95a0654b92ae2e36ae1b3a85b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:49:59 +0200 Subject: add authentication role management --- .../moa/id/data/AuthenticationRole.java | 110 --------------------- .../moa/id/data/AuthenticationRoleFactory.java | 76 -------------- 2 files changed, 186 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java deleted file mode 100644 index 91514ca62..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -/** - * @author tlenz - * - */ -public class AuthenticationRole { - - private String roleName = null; - private List> params = null; - - public AuthenticationRole(String roleName) { - this.roleName = roleName; - } - - public void addParameter(String key, String value) { - if (params == null) - params = new ArrayList>(); - params.add(new Entry(key, value)); - - } - - /** - * @return the roleName - */ - public String getRoleName() { - return roleName; - } - - /** - * @return the params - */ - public List> getParams() { - return params; - } - - /** - * @return the params - */ - public Iterator> getParamsInterator() { - return params.iterator(); - } - - static class Entry implements Map.Entry { - - private K key; - private V value; - - Entry(K k, V v) { - key = k; - value = v; - } - - /* (non-Javadoc) - * @see java.util.Map.Entry#getKey() - */ - @Override - public K getKey() { - return key; - } - - /* (non-Javadoc) - * @see java.util.Map.Entry#getValue() - */ - @Override - public V getValue() { - return value; - } - - /* (non-Javadoc) - * @see java.util.Map.Entry#setValue(java.lang.Object) - */ - @Override - public V setValue(V newValue) { - V oldValue = value; - value = newValue; - return oldValue; - } - - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java deleted file mode 100644 index 7d4dc6eff..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.util.Arrays; -import java.util.List; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class AuthenticationRoleFactory { - - public static AuthenticationRole buildFormPVPole(String pvprole) { - AuthenticationRole role = null; - - int first = pvprole.indexOf("("); - - if (first < 0) { - //no role paramters found - role = new AuthenticationRole(pvprole.trim()); - Logger.debug("Add authentication role with name=" + pvprole.trim()); - - } else { - role = new AuthenticationRole(pvprole.substring(0, first).trim()); - Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); - String params = pvprole.substring(first + 1, pvprole.length() - 1); - - List param = Arrays.asList(params.split(",")); - String test = new String(); - for (String el : param) { - test = test.concat(el); - if (!test.endsWith("\\") || - (test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) { - String[] keyValue = test.split("="); - if (keyValue.length < 2) { - role.addParameter(keyValue[0].trim(), ""); - Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()); - - } else { - role.addParameter(keyValue[0].trim(), keyValue[1].trim()); - Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() - + " value=" + keyValue[1].trim()); - - } - - test = new String(); - } - } - } - - return role; - } -} -- cgit v1.2.3 From 4e2b4b026d1fb70d145643f7dfb906555ddb77c6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Oct 2014 13:53:12 +0200 Subject: Revert "add authentication role management" This reverts commit 33be86224cfb2dd95a0654b92ae2e36ae1b3a85b. --- .../moa/id/data/AuthenticationRole.java | 110 +++++++++++++++++++++ .../moa/id/data/AuthenticationRoleFactory.java | 76 ++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java new file mode 100644 index 000000000..91514ca62 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java @@ -0,0 +1,110 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * @author tlenz + * + */ +public class AuthenticationRole { + + private String roleName = null; + private List> params = null; + + public AuthenticationRole(String roleName) { + this.roleName = roleName; + } + + public void addParameter(String key, String value) { + if (params == null) + params = new ArrayList>(); + params.add(new Entry(key, value)); + + } + + /** + * @return the roleName + */ + public String getRoleName() { + return roleName; + } + + /** + * @return the params + */ + public List> getParams() { + return params; + } + + /** + * @return the params + */ + public Iterator> getParamsInterator() { + return params.iterator(); + } + + static class Entry implements Map.Entry { + + private K key; + private V value; + + Entry(K k, V v) { + key = k; + value = v; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getKey() + */ + @Override + public K getKey() { + return key; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#getValue() + */ + @Override + public V getValue() { + return value; + } + + /* (non-Javadoc) + * @see java.util.Map.Entry#setValue(java.lang.Object) + */ + @Override + public V setValue(V newValue) { + V oldValue = value; + value = newValue; + return oldValue; + } + + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java new file mode 100644 index 000000000..7d4dc6eff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthenticationRoleFactory { + + public static AuthenticationRole buildFormPVPole(String pvprole) { + AuthenticationRole role = null; + + int first = pvprole.indexOf("("); + + if (first < 0) { + //no role paramters found + role = new AuthenticationRole(pvprole.trim()); + Logger.debug("Add authentication role with name=" + pvprole.trim()); + + } else { + role = new AuthenticationRole(pvprole.substring(0, first).trim()); + Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); + String params = pvprole.substring(first + 1, pvprole.length() - 1); + + List param = Arrays.asList(params.split(",")); + String test = new String(); + for (String el : param) { + test = test.concat(el); + if (!test.endsWith("\\") || + (test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) { + String[] keyValue = test.split("="); + if (keyValue.length < 2) { + role.addParameter(keyValue[0].trim(), ""); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()); + + } else { + role.addParameter(keyValue[0].trim(), keyValue[1].trim()); + Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim() + + " value=" + keyValue[1].trim()); + + } + + test = new String(); + } + } + } + + return role; + } +} -- cgit v1.2.3 From 9c7c8c568ba83e0730e7667e09a221bc2e79afe2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 27 Oct 2014 10:16:58 +0100 Subject: store additional raw PVP role String --- .../at/gv/egovernment/moa/id/data/AuthenticationRole.java | 14 +++++++++++++- .../egovernment/moa/id/data/AuthenticationRoleFactory.java | 4 ++-- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java index 91514ca62..cde4ad7d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java @@ -34,10 +34,12 @@ import java.util.Map; public class AuthenticationRole { private String roleName = null; + private String rawRoleString = null; private List> params = null; - public AuthenticationRole(String roleName) { + public AuthenticationRole(String roleName, String rawRoleString) { this.roleName = roleName; + this.rawRoleString = rawRoleString; } public void addParameter(String key, String value) { @@ -68,6 +70,16 @@ public class AuthenticationRole { return params.iterator(); } + + /** + * @return the rawRoleString + */ + public String getRawRoleString() { + return rawRoleString; + } + + + static class Entry implements Map.Entry { private K key; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java index 7d4dc6eff..8915b2442 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java @@ -40,11 +40,11 @@ public class AuthenticationRoleFactory { if (first < 0) { //no role paramters found - role = new AuthenticationRole(pvprole.trim()); + role = new AuthenticationRole(pvprole.trim(), pvprole.trim()); Logger.debug("Add authentication role with name=" + pvprole.trim()); } else { - role = new AuthenticationRole(pvprole.substring(0, first).trim()); + role = new AuthenticationRole(pvprole.substring(0, first).trim(), pvprole.trim()); Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); String params = pvprole.substring(first + 1, pvprole.length() - 1); -- cgit v1.2.3 From 54f672c214839a655f66ea5caa804f4d4b68eb90 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:00:46 +0100 Subject: Update authdate generation from interfedered assertion information --- .../id/auth/builder/AuthenticationDataBuilder.java | 5 ++ .../moa/id/data/AuthenticationData.java | 23 ++++++ .../at/gv/egovernment/moa/id/data/IAuthData.java | 1 + .../pvp2x/builder/attributes/EIDSourcePIN.java | 2 +- .../pvp2x/builder/attributes/EIDSourcePINType.java | 2 +- .../pvp2x/utils/AssertionAttributeExtractor.java | 2 +- .../moa/id/util/PVPtoSTORKRoleMapper.java | 83 ++++++++++++++++++++++ 7 files changed, 115 insertions(+), 3 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 2c20e96ed..48933d5c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -352,6 +352,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.debug("Build AuthData from assertion starts ...."); + authData.setIsBusinessService(oaParam.getBusinessService()); + authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME)); authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME)); authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME)); @@ -706,6 +708,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } authData.setSsoSession(true); + authData.setInterfederatedSSOSession(true); if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null) authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate()); @@ -791,6 +794,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setForeigner(session.isForeigner()); authData.setQAALevel(session.getQAALevel()); + authData.setIsBusinessService(oaParam.getBusinessService()); + if (session.isForeigner()) { try { //TODO: replace with TSL lookup when TSL is ready! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 050706d7a..e20c805ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -27,6 +27,7 @@ import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; +import java.util.Arrays; import java.util.Date; import java.util.List; @@ -117,6 +118,8 @@ public class AuthenticationData implements IAuthData, Serializable { * the corresponding lt;saml:Assertion> */ + private boolean businessService; + /** * STORK attributes from response */ @@ -695,6 +698,12 @@ public class AuthenticationData implements IAuthData, Serializable { * @return the roles */ public List getAuthenticationRoles() { +// if (this.roles == null) { +// this.roles = new ArrayList(); +// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); +// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); +// } + return roles; } @@ -708,6 +717,20 @@ public class AuthenticationData implements IAuthData, Serializable { this.roles.add(role); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() + */ + @Override + public boolean isBusinessService() { + // TODO Auto-generated method stub + return this.businessService; + } + + public void setIsBusinessService(boolean flag) { + this.businessService = flag; + + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 0d55dbdd1..ebbf62ce7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -42,6 +42,7 @@ public interface IAuthData { Date getIssueInstant(); String getIssuer(); + boolean isBusinessService(); boolean isSsoSession(); boolean isInterfederatedSSOSession(); boolean isUseMandate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java index 16de43e11..1327c634b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -38,7 +38,7 @@ public class EIDSourcePIN implements IPVPAttributeBuilder { public ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeException { - if (oaParam.getBusinessService()) + if (authData.isBusinessService()) throw new AttributePolicyException(EID_SOURCE_PIN_NAME); else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java index 0681419fc..2145e3af7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -36,7 +36,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder { public ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeException { - if (oaParam.getBusinessService()) + if (authData.isBusinessService()) throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME); else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index c5ad26744..f0373e214 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -139,7 +139,7 @@ public class AssertionAttributeExtractor { } public String getSingleAttributeValue(String attributeName) { - if (attributs.containsKey(attributeName)) + if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0) return attributs.get(attributeName).get(0); else return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java new file mode 100644 index 000000000..20f541a1a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.util.Properties; + +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class PVPtoSTORKRoleMapper { + + private static final String MAPPING_RESOURCE = + "resources/properties/pvp-stork_role_mapping.properties"; + + private Properties mapping = null; + + private static PVPtoSTORKRoleMapper instance = null; + + public static PVPtoSTORKRoleMapper getInstance() { + if (instance == null) { + instance = new PVPtoSTORKRoleMapper(); + } + + return instance; + } + + private PVPtoSTORKRoleMapper() { + try { + mapping = new Properties(); + mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE)); + Logger.debug("PVP -> STORK Role mapping initialisation finished."); + + } catch (IOException e) { + Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e); + mapping = null; + + } + + + } + + /** + * @param el + * @return + */ + public String map(AuthenticationRole el) { + if (mapping != null) { + String ecRole = mapping.getProperty(el.getRawRoleString()); + if (MiscUtil.isNotEmpty(ecRole)) { + Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole); + return ecRole; + } + } + Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !"); + return null; + } +} -- cgit v1.2.3 From 4f49161f9e3999871fc75741803163f5dfa20692 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:01:31 +0100 Subject: print StackTrace if an general error occurs --- .../moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index fa5d252bd..3b01e91ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -121,7 +121,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } catch (Exception e) { Logger.error( "General Attribute generation failed! for " - + reqAttributName); + + reqAttributName, e); } } -- cgit v1.2.3 From af0f895ce9fac2fd5eb0faf4570881aace2198fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:04:43 +0100 Subject: update STORK specific attribute build process --- .../id/protocols/stork2/MOAAttributeProvider.java | 48 ++++++++++++++------- .../moa/id/protocols/stork2/MOASTORKRequest.java | 49 +++++++++++++--------- 2 files changed, 63 insertions(+), 34 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index d7d6601c9..021eaee37 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -25,8 +25,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.util.PVPtoSTORKRoleMapper; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKStatusCode; @@ -58,11 +61,11 @@ public class MOAAttributeProvider { Map tempSimpleMap = new HashMap(); tempSimpleMap.put("givenName", "getGivenName"); tempSimpleMap.put("surname", "getFamilyName"); - tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth"); storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); Map tempFunctionMap = new HashMap(); tempFunctionMap.put("eIdentifier", "geteIdentifier"); tempFunctionMap.put("ECApplicationRole","getECApplicationRole"); + tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth"); storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } @@ -112,23 +115,34 @@ public class MOAAttributeProvider { private List getECApplicationRole() { List storkRoles = null; - - if (authData.getAuthenticationRoles() != null + + if (true || authData.getAuthenticationRoles() != null && authData.getAuthenticationRoles().size() > 0) { - - - //TODO: implement PVP role -> STORK role mapping -// storkRoles = new ArrayList(); -// storkRoles.add("CIRCABC/viewer"); - - } - + + storkRoles = new ArrayList(); + PVPtoSTORKRoleMapper mapper = PVPtoSTORKRoleMapper.getInstance(); + for (AuthenticationRole el : authData.getAuthenticationRoles()) { + String storkRole = mapper.map(el); + if (MiscUtil.isNotEmpty(storkRole)) + storkRoles.add(storkRole); + + } + } return storkRoles; } + private String getFormatedDateOfBirth() { + if (authData.getDateOfBirth() != null) + return authData.getFormatedDateOfBirth(); + + else + return null; + + } + private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) { try { - Object attributeValue = method.invoke(object, new Class[]{}).toString(); + Object attributeValue = method.invoke(object, new Class[]{}); PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName(storkAttribute); @@ -143,9 +157,15 @@ public class MOAAttributeProvider { else if (attributeValue instanceof List) { List attributeValueList = (List) attributeValue; - if (attributeValueList.size() > 0 && attributeValueList.get(0) instanceof String) + if (attributeValueList.size() > 0 && attributeValueList.get(0) instanceof String) { newAttribute.setValue((List) attributeValueList); - + + } else { + Logger.info("Attribute " + storkAttribute + " is not available."); + newAttribute.setStatus(STORKStatusCode.STATUS_NOT_AVAILABLE.name()); + + } + } else { Logger.error("Receive an unsupported type for attribute " + storkAttribute); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index f4b02ee2d..a92d02e08 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -34,6 +35,7 @@ import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; @@ -51,6 +53,16 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; */ public class MOASTORKRequest extends RequestImpl { + public static final List DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.BPK_NAME, + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, + PVPConstants.GIVEN_NAME_NAME, + PVPConstants.PRINCIPAL_NAME_NAME, + PVPConstants.BIRTHDATE_NAME, + PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, + }); + /** The Constant serialVersionUID. */ private static final long serialVersionUID = 4581953368724501376L; @@ -220,27 +232,24 @@ public class MOASTORKRequest extends RequestImpl { */ @Override public List getRequestedAttributes() { -// //TODO: only for testing with MOA-ID as PVP Stammportal -// IOAAuthParameters oa; -// try { -// List reqAttr = new ArrayList(); -// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); -// -// oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); -// oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); -// -// DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; -// tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); -// -// return AttributQueryBuilder.buildSAML2AttributeList(tmp, reqAttr.iterator()); -// -// } catch (ConfigurationException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// return null; -// } + //TODO: only for testing with MOA-ID as PVP Stammportal + IOAAuthParameters oa; + try { + oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); + + DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; + tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); + + return AttributQueryBuilder.buildSAML2AttributeList(tmp, DEFAULTREQUESTEDATTRFORINTERFEDERATION.iterator()); + + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + return null; + } - return new ArrayList(); + //return new ArrayList(); } } -- cgit v1.2.3 From 53c6beba7017b74955818f4768b76133f08e784e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Oct 2014 12:06:22 +0100 Subject: Update third-party libs - some implementation updates was required --- .../gv/egovernment/moa/id/client/SZRGWClient.java | 26 +++++-- .../stork2/CorporateBodyMandateContainer.java | 7 -- .../moa/id/protocols/stork2/MandateContainer.java | 2 +- .../stork2/PhyPersonMandateContainer.java | 4 -- .../protocols/stork2/SimpleNamespaceContext.java | 83 ++++++++++++++++++++++ 5 files changed, 104 insertions(+), 18 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java index c675885c9..9e4f3fa36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java @@ -38,9 +38,14 @@ import at.gv.util.wsdl.szrgw.SZRGWType; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import com.sun.xml.ws.developer.JAXWSProperties; import javax.xml.ws.BindingProvider; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; + public class SZRGWClient { private SSLSocketFactory sslContext = null; @@ -57,9 +62,6 @@ public class SZRGWClient { SZRGWService service = new SZRGWService(url, new QName("http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", "SZRGWService")); SZRGWType port = service.getSZRGWPort(); - - - BindingProvider bindingProvider = (BindingProvider) port; Map requestContext = bindingProvider.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl); @@ -72,12 +74,24 @@ public class SZRGWClient { throw new SZRGWClientException(); } - requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext); + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + + httpClientPolicy.setConnectionTimeout(36000); + httpClientPolicy.setReceiveTimeout(32000); + + http.setClient(httpClientPolicy); + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(sslContext); + + http.setTlsClientParameters(tlsParams ); + // check for lax hostname if (true) { Logger.trace("LaxHostnameVerifier enabled. This setting is not recommended to use."); - requestContext.put(JAXWSProperties.HOSTNAME_VERIFIER, new LaxHostNameVerifier()); + tlsParams.setHostnameVerifier(new LaxHostNameVerifier()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java index b358436ae..3e16db7d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java @@ -24,17 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.HashMap; - /** * Physical person representing corporate body * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java index 25350e686..e6c58b503 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java @@ -24,11 +24,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; + import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java index 853d17318..ba89663ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java @@ -24,14 +24,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.logging.Logger; -import javanet.staxutils.SimpleNamespaceContext; import org.xml.sax.InputSource; -import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.util.HashMap; /** * Physical person representing physical person diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java new file mode 100644 index 000000000..2c2df3e54 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map.Entry; +import java.util.Set; + +import javax.xml.namespace.NamespaceContext; + +/** + * @author tlenz + * + */ +public class SimpleNamespaceContext implements NamespaceContext { + + HashMap prefMap = null; + /** + * @param prefMap + */ + SimpleNamespaceContext(HashMap prefMap) { + this.prefMap = prefMap; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getNamespaceURI(java.lang.String) + */ + @Override + public String getNamespaceURI(String prefix) { + if (prefMap.containsKey(prefix)) + return prefMap.get(prefix); + else + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefix(java.lang.String) + */ + @Override + public String getPrefix(String namespaceURI) { + if (prefMap.containsValue(namespaceURI)) { + Set> set = prefMap.entrySet(); + for (Entry el : set) { + if (el.getValue().equals(namespaceURI)) + return el.getKey(); + + } + } + + return null; + } + + /* (non-Javadoc) + * @see javax.xml.namespace.NamespaceContext#getPrefixes(java.lang.String) + */ + @Override + public Iterator getPrefixes(String namespaceURI) { + // TODO Auto-generated method stub + return null; + } + +} -- cgit v1.2.3