From c48b11484a7c0b71a4259a33de279a9501a5cdef Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Oct 2014 13:04:03 +0200 Subject: update AuthData builder --- .../id/auth/builder/AuthenticationDataBuilder.java | 135 +++++++++++++++------ 1 file changed, 96 insertions(+), 39 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 0510f545a..cd2bfcf91 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -361,6 +361,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setBPK(pvpbPK.split(":")[1]); } + boolean foundEncryptedbPKForOA = false; if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { List encbPKList = Arrays.asList( extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";")); @@ -377,6 +378,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { + oaParam.getPublicURLPrefix() + " Start decryption process ..."); PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey(); + foundEncryptedbPKForOA = true; if (privKey != null) { try { String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey); @@ -411,54 +413,82 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } } - if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 && - MiscUtil.isEmpty(authData.getIdentificationValue())) { + if (MiscUtil.isEmpty(authData.getIdentificationValue()) && + MiscUtil.isEmpty(authData.getBPK()) && + !foundEncryptedbPKForOA) { Logger.info("Federated assertion include no bPK, encrypted bPK or baseID"); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME + + " or " + PVPConstants.ENC_BPK_LIST_NAME); - try { - EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); - if (eGovClientsConfig != null) { - SZRClient szrclient = new SZRClient(eGovClientsConfig); + } + + //check if received bPK matchs to online application configuration + //and no encrypted bPK is found for this oa + if (!matchsReceivedbPKToOnlineApplication(oaParam, authData) + && !foundEncryptedbPKForOA) { + Logger.info("Received bPK/wbPK does not match to online application"); + + if (MiscUtil.isEmpty(authData.getIdentificationValue())) { + Logger.info("No baseID found. Connect SZR to reveive baseID ..."); + try { + EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig(); + if (eGovClientsConfig != null) { + SZRClient szrclient = new SZRClient(eGovClientsConfig); + + Logger.debug("Create SZR request to get baseID ... "); + PersonInfoType personInfo = new PersonInfoType(); + at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); + personInfo.setPerson(person); + at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); + person.setName(name); + at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType(); + person.setIdentification(idValue); + + //set bPK or wbPK + idValue.setValue(authData.getBPK()); + idValue.setType(authData.getBPKType()); + + //set person information + name.setGivenName(authData.getGivenName()); + name.setFamilyName(authData.getFamilyName()); + if (authData.getDateOfBirth() != null) + person.setDateOfBirth(authData.getFormatedDateOfBirth()); + + //request szr and store baseID + authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); + authData.setIdentificationType(Constants.URN_PREFIX_BASEID); + + } else { + Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } + + } catch (ConfigurationException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - Logger.debug("Create SZR request to get baseID ... "); - PersonInfoType personInfo = new PersonInfoType(); - at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); - personInfo.setPerson(person); - at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); - person.setName(name); + } catch (EgovUtilException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); + throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - name.setGivenName(authData.getGivenName()); - name.setFamilyName(authData.getFamilyName()); - if (authData.getDateOfBirth() != null) - person.setDateOfBirth(authData.getFormatedDateOfBirth()); - - authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); - authData.setIdentificationType(Constants.URN_PREFIX_BASEID); - - } else { - Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); + } catch (SZRException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME + " or " + PVPConstants.EID_SOURCE_PIN_NAME); } - - } catch (ConfigurationException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - - } catch (EgovUtilException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - - } catch (SZRException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - } - + + //build OA specific bPK/wbPK information + buildOAspecificbPK(oaParam, authData, + authData.getIdentificationValue(), + authData.getIdentificationType()); + } if (MiscUtil.isEmpty(authData.getBPK())) { @@ -672,6 +702,33 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setPublicAuthority(false); } + /** + * @param oaParam + * @param authData + * @return + */ + private static boolean matchsReceivedbPKToOnlineApplication( + IOAAuthParameters oaParam, AuthenticationData authData) { + + String oaTarget = null; + if (oaParam.getBusinessService()) { + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) + oaTarget = oaParam.getIdentityLinkDomainIdentifier(); + else + oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); + + } + + + if (oaTarget.equals(authData.getBPKType())) + return true; + else + return false; + } + private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, IOAAuthParameters oaParam) throws BuildException, ConfigurationException { -- cgit v1.2.3