From 9287a23dc52a83f31b7653bc1a44a8e86e357ce3 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Mon, 8 Jul 2013 13:32:45 +0200 Subject: Leftover merge stuff --- .../moa/id/auth/builder/LoginFormBuilder.java | 1 + .../servlet/GenerateIFrameTemplateServlet.java | 6 ++-- .../id/auth/servlet/VerifyCertificateServlet.java | 1 - .../id/config/auth/AuthConfigurationProvider.java | 6 +--- .../moa/id/moduls/AuthenticationManager.java | 2 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 1 + .../builder/assertion/PVP2AssertionBuilder.java | 39 ++++++++++++++++++---- .../builder/attributes/BPKAttributeBuilder.java | 3 +- .../attributes/EIDSectorForIDAttributeBuilder.java | 3 +- .../id/storage/AuthenticationSessionStoreage.java | 2 +- 10 files changed, 44 insertions(+), 20 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 83b7ae592..a81baafac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -5,6 +5,7 @@ import java.io.StringWriter; import org.apache.commons.io.IOUtils; +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 29d407dc7..e6eecd11b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -140,9 +140,9 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { //TODO: CHANGE to real OA config List bkuURIs = Arrays.asList( - "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html", - "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html", - "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html"); + "http://localhost:8080/moa-id-auth/template_onlineBKU.html", + "http://localhost:8080/moa-id-auth/template_handyBKU.html", + "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); // List bkuURIs = Arrays.asList( // "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 4c4671084..930fedfd4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -148,7 +148,6 @@ public class VerifyCertificateServlet extends AuthServlet { } else { // Foreign Identities Modus - session.setForeignMode(true); String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); // build dataurl (to the GetForeignIDSerlvet) String dataurl = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index d798ce9d6..d85d61bc7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -38,10 +38,6 @@ import org.hibernate.cfg.Configuration; import org.w3c.dom.Element; import org.w3c.dom.Node; -import test.tlenz.simpletest; - -import eu.stork.vidp.messages.common.STORKBootstrap; - import at.gv.egovernment.moa.id.commons.db.HibernateUtil; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; @@ -56,8 +52,8 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; +import eu.stork.vidp.messages.common.STORKBootstrap; /** * A class providing access to the Auth Part of the MOA-ID configuration data. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 5e792ab78..58fec9790 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -319,7 +319,7 @@ public class AuthenticationManager extends AuthServlet { } catch (MOADatabaseException e) { try { moasession = AuthenticationSessionStoreage.createSession(); - Logger.info("Create a new MOASession with sessionID=" + sessionID + "."); + Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + "."); } catch (MOADatabaseException e1) { Logger.error("Database Error! MOASession are not created."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 41aa459ec..9dcef5778 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -132,6 +132,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { try { PVPTargetConfiguration config = new PVPTargetConfiguration(); + MOARequest moaRequest = decoder.decodeRequest(request, response); RequestAbstractType samlReq = moaRequest.getSamlRequest(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 2038ef5a5..c438cb18c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -26,7 +26,12 @@ import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; @@ -39,8 +44,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; public class PVP2AssertionBuilder implements PVPConstants { - public static Assertion buildAssertion(AuthnRequest authnRequest, - AuthenticationSession authSession, EntityDescriptor peerEntity) throws PVP2Exception { + public static Assertion buildAssertion(AuthnRequest authnRequest, + AuthenticationSession authSession, EntityDescriptor peerEntity) + throws MOAIDException { Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); RequestedAuthnContext reqAuthnContext = authnRequest @@ -71,7 +77,7 @@ public class PVP2AssertionBuilder implements PVPConstants { if (!stork_qaa_1_4_found) { throw new QAANotSupportedException(STORK_QAA_1_4); } - + reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() .iterator(); StringBuilder authContextsb = new StringBuilder(); @@ -107,7 +113,7 @@ public class PVP2AssertionBuilder implements PVPConstants { authnStatement.setAuthnContext(authnContext); assertion.getAuthnStatements().add(authnStatement); - + SPSSODescriptor spSSODescriptor = peerEntity .getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -127,6 +133,9 @@ public class PVP2AssertionBuilder implements PVPConstants { Subject subject = SAML2Utils.createSAMLObject(Subject.class); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); boolean foundFormat = false; + + // TL: AuthData generation is moved to Assertion generation. + Iterator formatIt = spSSODescriptor.getNameIDFormats() .iterator(); while (formatIt.hasNext()) { @@ -180,11 +189,27 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.getAttributeStatements().add(attributeStatement); } + // TODO: LOAD oaParam from request and not from MOASession in case of + // SSO + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + authSession.getPublicOAURLPrefix()); + + AuthenticationData authData = AuthenticationServer + .buildAuthenticationData(authSession, oaParam, + oaParam.getTarget()); + + // TL: getIdentificationValue holds the baseID --> change to pBK + // subjectNameID.setValue(authData.getIdentificationValue()); + subjectNameID.setFormat(NameID.PERSISTENT); - subjectNameID.setNameQualifier(authSession.getAssertionAuthData() + //TODO: build IdType in authData + subjectNameID.setNameQualifier(authData .getIdentificationType()); - subjectNameID.setValue(authSession.getAssertionAuthData() - .getIdentificationValue()); + if (authSession.getBusinessService()) + subjectNameID.setValue(authData.getWBPK()); + else + subjectNameID.setValue(authData.getBPK()); // } subject.setNameID(subjectNameID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java index ae3715b57..c2c1c8687 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -11,7 +11,8 @@ public class BPKAttributeBuilder extends BaseAttributeBuilder { } public Attribute build(AuthenticationSession authSession) { - String bpk = authSession.getAssertionAuthData().getIdentificationValue(); + // TODO: authSession + oaParam => authData + String bpk = ""; //authSession.getAssertionAuthData().getIdentificationValue(); if(bpk.length() > BPK_MAX_LENGTH) { bpk = bpk.substring(0, BPK_MAX_LENGTH); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java index 9b0c0a289..785db286d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -11,8 +11,9 @@ public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder { } public Attribute build(AuthenticationSession authSession) { + // TODO: authSession + oaParam => authData return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME, authSession.getAssertionAuthData().getIdentificationType()); + EID_SECTOR_FOR_IDENTIFIER_NAME, ""/*authSession.getAssertionAuthData().getIdentificationType()*/); } public Attribute buildEmpty() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 70156deb7..44f0563b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -173,7 +173,7 @@ public class AuthenticationSessionStoreage { } catch (MOADatabaseException e) { Logger.info("No MOA Session with id: " + sessionID); - return null; + throw new MOADatabaseException("No MOA Session with id: " + sessionID); } catch (Throwable e) { Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); -- cgit v1.2.3