From ae26c0ede1058643bfd2d1c1e7847cef452a1b54 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 16 Aug 2016 10:58:18 +0200
Subject: add SSO/SLO container functionality to eIDAS protocol impl. to
 support SSO functionality

---
 .../eidas/eIDASAuthenticationRequest.java          | 57 +++++++++++++++++++---
 1 file changed, 51 insertions(+), 6 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 033052eed..0f17eccab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.StringWriter;
+import java.security.MessageDigest;
 import java.text.SimpleDateFormat;
 
 import javax.servlet.http.HttpServletRequest;
@@ -46,13 +47,16 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGen
 import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -63,6 +67,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
 import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 import eu.eidas.auth.commons.protocol.IResponseMessage;
 import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.SamlNameIdFormat;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
 
@@ -91,6 +96,8 @@ public class eIDASAuthenticationRequest implements IAction {
 			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
 		
 		
+		String subjectNameID = null;
+		
 		//gather attributes
 		ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();		
 		ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder();
@@ -110,9 +117,17 @@ public class eIDASAuthenticationRequest implements IAction {
 					case Constants.eIDAS_ATTR_CURRENTGIVENNAME: 
 						newValue = authData.getGivenName();
 						break;			
-					case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: 
+					case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: 						
 						newValue = authData.getBPK();
 						isUniqueID = true;
+						
+						//generate a transient unique identifier if it is requested
+						String reqNameIDFormat = eidasRequest.getEidasRequest().getNameIdFormat();
+						if (MiscUtil.isNotEmpty(reqNameIDFormat) 
+								&& reqNameIDFormat.equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
+							newValue = generateTransientNameID(newValue);
+																			
+						subjectNameID = newValue;
 						break;
 					case Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER:
 						newValue = new MandateLegalPersonSourcePinAttributeBuilder().build(
@@ -177,9 +192,7 @@ public class eIDASAuthenticationRequest implements IAction {
 		
 		//set success statuscode
 		responseBuilder.statusCode(StatusCode.SUCCESS_URI);
-
-		
-		
+	
 		//build response
 		AuthenticationResponse response = responseBuilder.build();
 		
@@ -247,8 +260,24 @@ public class eIDASAuthenticationRequest implements IAction {
 			throw new MOAIDException("eIDAS.13", new Object[]{e.getMessage()}, e);
 			
         }
-		
-		return null;
+
+        SLOInformationInterface ssoContainer = null;
+        try {
+        	ssoContainer = new SLOInformationImpl(
+        			req.getAuthURL(), 
+        			eidasRequest.getEidasRequest().getIssuer(), 
+        			null, 
+        			subjectNameID, 
+        			eidasRequest.getEidasRequest().getNameIdFormat(), 
+        			EIDASProtocol.NAME);
+        	
+        } catch (Exception e) {
+        	Logger.error("Can not generate container with SSO information!", e);
+        	
+        }
+               
+       	return ssoContainer; 
+        			
 	}
 
 	@Override
@@ -262,4 +291,20 @@ public class eIDASAuthenticationRequest implements IAction {
 	}
 
 
+	private String generateTransientNameID(String nameID) {
+		String random = Random.nextLongRandom();
+		
+		try {
+			MessageDigest md = MessageDigest.getInstance("SHA-1");
+			byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));			
+			return Base64Utils.encode(hash);
+			
+		} catch (Exception e) {
+			Logger.error("Can not generate transient personal identifier!", e);
+			return null;
+			
+		}
+		
+	}
+	
 }
-- 
cgit v1.2.3