From 3bbc64da1cd1a70fd255442574b354dad49bf3ed Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 3 Jun 2008 12:37:28 +0000 Subject: Changes for load balancing and szr-gateway communication git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1082 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/builder/SAMLArtifactBuilder.java | 55 ++++++++++++++-------- .../parep/client/szrgw/CreateMandateRequest.java | 29 ++++++++++-- .../parep/client/szrgw/SZRGWConstants.java | 2 + 3 files changed, 63 insertions(+), 23 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 27e19e830..b5d18b451 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -4,6 +4,9 @@ import java.io.ByteArrayOutputStream; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; /** @@ -15,6 +18,11 @@ import at.gv.egovernment.moa.util.Base64Utils; */ public class SAMLArtifactBuilder { + /** + * The generic configuration parameter for an alternative SourceID. + */ + private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; + /** * Constructor for SAMLArtifactBuilder. */ @@ -36,25 +44,34 @@ public class SAMLArtifactBuilder { * @return the 42-byte SAML artifact, encoded BASE64 */ public String build(String authURL, String sessionID) throws BuildException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] sourceID = md.digest(authURL.getBytes()); - byte[] assertionHandle = md.digest(sessionID.getBytes()); - ByteArrayOutputStream out = new ByteArrayOutputStream(42); - out.write(0); - out.write(1); - out.write(sourceID, 0, 20); - out.write(assertionHandle, 0, 20); - byte[] samlArtifact = out.toByteArray(); - String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - return samlArtifactBase64; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, - ex); - } + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] sourceID; + // alternative sourceId + String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + if (!ParepUtils.isEmpty(alternativeSourceID)) { + // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; + sourceID = md.digest(alternativeSourceID.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); + } else { + sourceID = md.digest(authURL.getBytes()); + } + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + return samlArtifactBase64; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, + ex); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index fe8e263ff..3077ba185 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -6,6 +6,7 @@ import java.util.List; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -204,11 +205,31 @@ public class CreateMandateRequest { Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE); // representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); // representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + //Old Version 0.0.1 of SZR-Gateway +// representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); +// representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); +// representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); - representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); - representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); - representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); - + //New since version 0.0.2 of SZR-Gateway: + // we need to send an identity link and must replace its identification value + representativeElem.appendChild(representativeElem.getOwnerDocument().importNode(params.getIdentityLink(), true)); + try { + Element nameSpaceNode = representativeElem.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + Element identificationValueElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value", nameSpaceNode); + if (identificationValueElement != null) { + identificationValueElement.setTextContent(identificationValue); + } + Element identificationTypeElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type", nameSpaceNode); + if (identificationTypeElement != null) { + identificationTypeElement.setTextContent(identificationType); + } + } catch (Exception e) { + throw new SZRGWClientException("validator.63", null); + } this.representative = representativeElem; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index 006b2b9f2..cc0cc4862 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -10,6 +10,8 @@ public interface SZRGWConstants { //PersonData public static final String PD_PREFIX = "pr:"; public static final String PD_POSTFIX = ":pr"; + public static final String SAML_PREFIX = "saml:"; + public static final String SAML_POSTFIX = ":saml"; public static final String PERSON = "Person"; public static final String PHYSICALPERSON = "PhysicalPerson"; public static final String CORPORATEBODY = "CorporateBody"; -- cgit v1.2.3