at.gv.egovernment.moa.id.auth
Class AuthenticationServer

java.lang.Object
  at.gv.egovernment.moa.id.auth.AuthenticationServer

public class AuthenticationServer

extends Object

API for MOA ID Authentication Service.
AuthenticationSession is stored in a session store and retrieved by giving the session ID.

Constructor Summary

AuthenticationServer()
Constructor for AuthenticationServer.

Method Summary

void	cleanup() Cleans up expired session and authentication data stores.
static void	debugOutputXMLFile(String filename, org.w3c.dom.Element rootElem) Writes an XML structure to file for debugging purposes, encoding UTF-8.
static void	debugOutputXMLFile(String filename, String xmlString) Writes an XML structure to file for debugging purposes, encoding UTF-8.
AuthenticationData	getAuthenticationData(String samlArtifact) Retrieves AuthenticationData indexed by the SAML artifact.
static AuthenticationServer	getInstance() Returns the single instance of AuthenticationServer.
static AuthenticationSession	getSession(String id) Retrieves a session from the session store.
String	selectBKU(String authURL, String target, String oaURL, String bkuSelectionTemplateURL, String templateURL) Processes request to select a BKU.
void	setSecondsAuthDataTimeOut(long seconds) Sets the authDataTimeOut.
void	setSecondsSessionTimeOut(long seconds) Sets the sessionTimeOut.
String	startAuthentication(String authURL, String target, String oaURL, String templateURL, String bkuURL, String sessionID) Processes the beginning of an authentication session.
String	verifyAuthenticationBlock(String sessionID, String xmlCreateXMLSignatureReadResponse) Processes a <CreateXMLSignatureResponse> sent by the security layer implementation.
String	verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse) Processes an <InfoboxReadResponse> sent by the security layer implementation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationServer

public AuthenticationServer()

Constructor for AuthenticationServer.

Method Detail

getInstance

public static AuthenticationServer getInstance()

Returns the single instance of AuthenticationServer.

Returns:

the single instance of AuthenticationServer

selectBKU

public String selectBKU(String authURL,
                        String target,
                        String oaURL,
                        String bkuSelectionTemplateURL,
                        String templateURL)
                 throws WrongParametersException,
                        AuthenticationException,
                        ConfigurationException,
                        BuildException

Processes request to select a BKU.
Processing depends on value of AuthConfigurationProvider#getBKUSelectionType.
For bkuSelectionType==HTMLComplete, a returnURI for the "BKU Auswahl" service is returned.
For bkuSelectionType==HTMLSelect, an HTML form for BKU selection is returned.

Parameters:

authURL - base URL of MOA-ID Auth component

target - "Geschäftsbereich"

oaURL - online application URL requested

bkuSelectionTemplateURL - template for BKU selection form to be used in case of HTMLSelect; may be null

templateURL - URL providing an HTML template for the HTML form to be used for call startAuthentication

Returns:

for bkuSelectionType==HTMLComplete, the returnURI for the "BKU Auswahl" service; for bkuSelectionType==HTMLSelect, an HTML form for BKU selection

Throws:

WrongParametersException - upon missing parameters

AuthenticationException - when the configured BKU selection service cannot be reached, and when the given bkuSelectionTemplateURL cannot be reached

ConfigurationException - on missing configuration data

BuildException - while building the HTML form

startAuthentication

public String startAuthentication(String authURL,
                                  String target,
                                  String oaURL,
                                  String templateURL,
                                  String bkuURL,
                                  String sessionID)
                           throws WrongParametersException,
                                  AuthenticationException,
                                  ConfigurationException,
                                  BuildException

Processes the beginning of an authentication session.

• Starts an authentication session
• Creates an <InfoboxReadRequest>
• Creates an HTML form for querying the identity link from the security layer implementation.
  Form parameters include
  • the <InfoboxReadRequest>
  • the data URL where the security layer implementation sends it response to

Parameters:

authURL - URL of the servlet to be used as data URL

target - "Geschäftsbereich" of the online application requested

oaURL - online application URL requested

bkuURL - URL of the "Bürgerkartenumgebung" to be used; may be null; in this case, the default location will be used

templateURL - URL providing an HTML template for the HTML form generated

Returns:

HTML form

Throws:

AuthenticationException

WrongParametersException

ConfigurationException

BuildException

See Also:

GetIdentityLinkFormBuilder, InfoboxReadRequestBuilder

verifyIdentityLink

public String verifyIdentityLink(String sessionID,
                                 String xmlInfoboxReadResponse)
                          throws AuthenticationException,
                                 ParseException,
                                 ConfigurationException,
                                 ValidateException,
                                 ServiceException

Processes an <InfoboxReadResponse> sent by the security layer implementation.

• Validates given <InfoboxReadResponse>
• Parses identity link enclosed in <InfoboxReadResponse>
• Verifies identity link by calling the MOA SP component
• Checks certificate authority of identity link
• Stores identity link in the session
• Creates an authentication block to be signed by the user
• Creates and returns a <CreateXMLSignatureRequest> containg the authentication block, meant to be returned to the security layer implementation

Parameters:

sessionID - ID of associated authentication session data

xmlInfoboxReadResponse - String representation of the <InfoboxReadResponse>

Returns:

String representation of the <CreateXMLSignatureRequest>

Throws:

AuthenticationException

ParseException

ConfigurationException

ValidateException

ServiceException

verifyAuthenticationBlock

public String verifyAuthenticationBlock(String sessionID,
                                        String xmlCreateXMLSignatureReadResponse)
                                 throws AuthenticationException,
                                        BuildException,
                                        ParseException,
                                        ConfigurationException,
                                        ServiceException,
                                        ValidateException

Processes a <CreateXMLSignatureResponse> sent by the security layer implementation.

• Validates given <CreateXMLSignatureResponse>
• Parses <CreateXMLSignatureResponse> for error codes
• Parses authentication block enclosed in <CreateXMLSignatureResponse>
• Verifies authentication block by calling the MOA SP component
• Creates authentication data
• Creates a corresponding SAML artifact
• Stores authentication data in the authentication data store indexed by the SAML artifact
• Deletes authentication session
• Returns the SAML artifact, encoded BASE64

Parameters:

sessionID - session ID of the running authentication session

xmlCreateXMLSignatureReadResponse - String representation of the <CreateXMLSignatureResponse>

Returns:

SAML artifact needed for retrieving authentication data, encoded BASE64

Throws:

AuthenticationException

BuildException

ParseException

ConfigurationException

ServiceException

ValidateException

getAuthenticationData

public AuthenticationData getAuthenticationData(String samlArtifact)
                                         throws AuthenticationException

Retrieves AuthenticationData indexed by the SAML artifact. The AuthenticationData is deleted from the store upon end of this call.

Returns:

AuthenticationData

Throws:

AuthenticationException

getSession

public static AuthenticationSession getSession(String id)
                                        throws AuthenticationException

Retrieves a session from the session store.

Parameters:

id - session ID

Returns:

AuthenticationSession stored with given session ID, null if session ID unknown

Throws:

AuthenticationException

cleanup

public void cleanup()

Cleans up expired session and authentication data stores.

setSecondsSessionTimeOut

public void setSecondsSessionTimeOut(long seconds)

Sets the sessionTimeOut.

setSecondsAuthDataTimeOut

public void setSecondsAuthDataTimeOut(long seconds)

Sets the authDataTimeOut.

debugOutputXMLFile

public static void debugOutputXMLFile(String filename,
                                      org.w3c.dom.Element rootElem)

Writes an XML structure to file for debugging purposes, encoding UTF-8.

Parameters:

filename - file name

rootElem - root element in DOM tree

debugOutputXMLFile

public static void debugOutputXMLFile(String filename,
                                      String xmlString)

Writes an XML structure to file for debugging purposes, encoding UTF-8.

Parameters:

filename - file name

xmlString - XML string