aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-07-08 15:43:30 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-07-08 15:43:30 +0200
commit1b7824b212684d859c17780b790b205d22fb7b40 (patch)
tree4f254864bc514d1f944dec0e120d2c651ff45f35
parent640ed79e8f7596d14fad4770f7483f39f614c371 (diff)
parent8594d17a97f1e53a81719141ce70f55d6269553e (diff)
downloadmoa-id-spss-1b7824b212684d859c17780b790b205d22fb7b40.tar.gz
moa-id-spss-1b7824b212684d859c17780b790b205d22fb7b40.tar.bz2
moa-id-spss-1b7824b212684d859c17780b790b205d22fb7b40.zip
Merge remote-tracking branch 'remotes/origin/authnrequest_signrequest_split' into moa-2.1-Snapshot
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java4
4 files changed, 75 insertions, 31 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 5a2fda67f..ee1d1728a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -318,7 +318,7 @@ public class PEPSConnectorServlet extends AuthServlet {
identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
oaParam.getFriendlyName(),
targetType, null,
- oaParam.getMandateProfiles());
+ oaParam.getMandateProfiles(), citizenSignature);
} catch (STORKException e) {
// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
// stork. If we do not, we cannot register the person in the ERnP - we have to have the
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
index 129494cbe..e2f6e50b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -205,17 +205,17 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
moaSession.setXMLVerifySignatureResponse(tmp);
try{
IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
- //Add signResponse
+ //Add SignResponse TODO Add signature (extracted from signResponse)?
List<String> values = new ArrayList<String>();
- //values.add(signResponseString);
- values.add(citizenSignature);
+ values.add(signResponseString);
+// values.add(citizenSignature);
Logger.debug("Assembling signedDoc attribute");
PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values,
"Available");
personalAttributeList.add(signedDocAttribute);
-
+
String authnContextClassRef = moaSession.getAuthnContextClassRef();
- SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef);
+ SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
} catch (STORKException e) {
// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
// stork. If we do not, we cannot register the person in the ERnP - we have to have the
@@ -487,7 +487,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
}
try{
- SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
+ SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(),citizenSignature);
} catch (STORKException e) {
// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
// stork. If we do not, we cannot register the person in the ERnP - we have to have the
@@ -633,7 +633,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
return null;
}
- private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef) throws STORKException, MOAIDException
+ private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException
{
Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
Logger.debug("Citizen signature will be verified by SZR Gateway!");
@@ -666,7 +666,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList,
oaParam.getFriendlyName(),
targetType, null,
- oaParam.getMandateProfiles());
+ oaParam.getMandateProfiles(),citizenSignature);
Logger.debug("SZR communication was successfull");
if (identityLink == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index 46fd06741..7113dcf70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -26,28 +26,19 @@
package at.gv.egovernment.moa.id.auth.stork;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.List;
import java.util.Vector;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.namespace.QName;
+import javax.activation.DataSource;
+import javax.xml.transform.Source;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.stream.StreamSource;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSAny;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
+import org.apache.commons.io.IOUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -57,12 +48,16 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
-import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.UtilsException;
+import eu.stork.oasisdss.profile.SignResponse;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -129,11 +124,12 @@ public class STORKResponseProcessor {
* @param targetType the target type
* @param targetValue the target value
* @param filters the filters
+ * @param citizenSignature2
* @return Identity Link
* @throws STORKException the sTORK exception
* @throws MOAIDException
*/
- public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException, MOAIDException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters, String citizenSignature) throws STORKException, MOAIDException {
Logger.trace("Calling SZR Gateway with the following attributes:");
CreateIdentityLinkResponse identityLinkResponse = null;
@@ -142,7 +138,16 @@ public class STORKResponseProcessor {
Logger.trace("Starting call...");
// if there is no signedDoc attribute, we cannot go on
- String citizenSignature = getAttributeValue("signedDoc", attributeList);
+ if(citizenSignature==null || citizenSignature.length()==0)
+ {
+ String signResponseString = getAttributeValue("signedDoc", attributeList);
+
+ //Extract signature from SIgnResponse
+ Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
+ SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
+ citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+ }
+
String fiscalNumber = getAttributeValue("fiscalNumber", attributeList, false);
// if we have a signedDoc we test for a representation case
@@ -235,7 +240,27 @@ public class STORKResponseProcessor {
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
throw new MOAIDException("auth.25", null, e);
-
+ } catch (ApiUtilsException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (IllegalArgumentException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (TransformerConfigurationException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (UtilsException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (TransformerException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (TransformerFactoryConfigurationError e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (IOException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
}
return identityLink;
@@ -272,5 +297,20 @@ public class STORKResponseProcessor {
return moaExtendedSAMLAttributeList;
}
+
+ private static String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException
+ {
+ // fetch signed doc
+ DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+ if(ds == null){
+ throw new ApiUtilsException("No datasource found in response");
+ }
+
+ InputStream incoming = ds.getInputStream();
+ String citizenSignature = IOUtils.toString(incoming);
+ incoming.close();
+
+ return citizenSignature;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index c64c5b488..3bd827667 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -455,8 +455,12 @@ public class AuthenticationRequest implements IAction {
try {
for (PersonalAttribute personalAttribute : attrLst) {
+ try {
Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
+ } catch (Exception e) {
+ Logger.error("Exception, attributes: " + e.getMessage());
+ }
}
} catch (Exception e) {
Logger.error("Exception, attributes: " + e.getMessage());