aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBojan Suzic <bojan.suzic@iaik.tugraz.at>2015-05-19 13:45:11 +0200
committerBojan Suzic <bojan.suzic@iaik.tugraz.at>2015-05-19 13:45:11 +0200
commitb7c5a35d0f5a960bfaf8008ec2661f21764d2e2d (patch)
tree3f7251047b2222a7cbe6a25aafa058c273a115fe
parent6207deba1c063a20f2ce92f1f09e1d27b3783cec (diff)
downloadmoa-id-spss-b7c5a35d0f5a960bfaf8008ec2661f21764d2e2d.tar.gz
moa-id-spss-b7c5a35d0f5a960bfaf8008ec2661f21764d2e2d.tar.bz2
moa-id-spss-b7c5a35d0f5a960bfaf8008ec2661f21764d2e2d.zip
integrating attribute correlation check for eidentifier, when present; updating mandate data; extending error messages
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java24
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties5
6 files changed, 80 insertions, 38 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 371cfb1d7..42e9bf25d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -50,7 +50,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
- * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
+ * The AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
* The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes.
* Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user
* interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes.
@@ -80,8 +80,6 @@ public class AttributeCollector implements IAction {
}
- // TODO extract attribute response and check if it corresponds to the container
-
if (httpReq.getParameter("SAMLResponse") != null) {
Logger.info("Got SAML response from external attribute provider.");
@@ -106,7 +104,7 @@ public class AttributeCollector implements IAction {
STORKAuthnResponse authnResponse = null;
- // check if valid authn request is contained
+ // check if valid authn response is contained
try {
authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, httpReq.getRemoteAddr());
} catch (STORKSAMLEngineException ex) {
@@ -115,6 +113,22 @@ public class AttributeCollector implements IAction {
STORK2Response.setSTORKAuthnResponseToken(decSamlToken);
+ // check if the attributes are provided for the same person from request
+ // requires presence of eIdentifier for unambigious correlation
+ Logger.debug("Checking if the attribute relates to the correct person..");
+ try {
+ String remoteEIdentifier= authnResponse.getPersonalAttributeList().get("eIdentifier").getValue().get(0);
+ String localEidentifier= container.getResponse().getStorkAuthnResponse().getPersonalAttributeList().get("eIdentifier").getValue().get(0);
+ if (!remoteEIdentifier.equals(localEidentifier)) {
+ Logger.error("The attribute is not provided for the same person!");
+ throw new MOAIDException("stork.25", null);
+ }
+ } catch (NullPointerException ex) {
+ Logger.warn("Could not check the correlation of attributes from external provider. Ignoring the check.");
+ //Logger.debug(ex);
+ //throw new MOAIDException("stork.04", null); // TODO revise message, raise exception when ehvd checked
+ }
+
if (authnResponse.getPersonalAttributeList().size() > 0) {
Logger.info("Response from external attribute provider contains " + authnResponse.getPersonalAttributeList().size() + " attributes.");
container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
index 9207cc2dc..a3fac0f6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
@@ -165,7 +165,8 @@ public abstract class MandateContainer {
}
public void setPhysicalRepresentativeBirthDate(String physicalRepresentativeBirthDate) {
- this.physicalRepresentativeBirthDate = physicalRepresentativeBirthDate;
+ // making it conform to STORK dateOfBirth specifications, removing dash
+ this.physicalRepresentativeBirthDate = physicalRepresentativeBirthDate.replaceAll("-","");
}
public String getAnnotation() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 59e1dbeca..c529a8465 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -41,7 +41,6 @@ import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.*;
-import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import javax.servlet.http.HttpServletRequest;
@@ -54,14 +53,14 @@ import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import java.io.StringWriter;
-import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.regex.Pattern;
/**
- *
+ * Entry point for mandate retrieval. Processes MIS data and transforms into STORK mandate attribute.
+ * Additionally provides eIdentifier attribute (if requested) in order to enable identity correlation
*/
public class MandateRetrievalRequest implements IAction {
@@ -78,8 +77,13 @@ public class MandateRetrievalRequest implements IAction {
this.QAALevel = translateQAALevel(authData.getQAALevel());
// preparing original content and removing sensitive data from it
- this.originalContent = authData.getMISMandate().getMandate(); // TODO ERROR
- //Logger.debug("Original content " + StringUtils.newStringUtf8(authData.getMISMandate().getMandate()));
+ try {
+ this.originalContent = authData.getMISMandate().getMandate();
+ } catch (Exception e) {
+ Logger.error("Could not extract mandate");
+ Logger.debug(e);
+ throw new MOAIDException("stork.26", new Object[]{});
+ }
String originalMandate = StringUtils.newStringUtf8(authData.getMISMandate().getMandate()).replaceAll("<pd:Value>.*?==</pd:Value><pd:Type>urn:publicid:gv.at:baseid</pd:Type>","<pd:Value></pd:Value><pd:Type></pd:Type>");;
Logger.debug("Removing personal identification value and type from original mandate ");
originalContent = StringUtils.getBytesUtf8(originalMandate);
@@ -97,13 +101,13 @@ public class MandateRetrievalRequest implements IAction {
this.moaStorkRequest = (MOASTORKRequest) req;
} else {
Logger.error("Internal error - did not receive MOASTORKRequest as expected");
- throw new MOAIDException("stork.16", new Object[]{}); // TODO
+ throw new MOAIDException("stork.27", new Object[]{});
}
if (!(moaStorkRequest.isAttrRequest() || moaStorkRequest.getStorkAttrQueryRequest() == null)) {
Logger.error("Did not receive attribute request as expected");
- throw new MOAIDException("stork.16", new Object[]{}); // TODO
+ throw new MOAIDException("stork.27", new Object[]{});
}
MandateContainer mandateContainer = null;
@@ -115,7 +119,7 @@ public class MandateRetrievalRequest implements IAction {
mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex2) {
Logger.error("Could not extract data and create mandate container.");
- throw new MOAIDException("stork.16", new Object[]{}); // TODO
+ throw new MOAIDException("stork.27", new Object[]{});
}
}
@@ -123,26 +127,21 @@ public class MandateRetrievalRequest implements IAction {
IPersonalAttributeList attributeList = new PersonalAttributeList();
+ // according to new mapping, only mandate attribute is directly relevant
for (PersonalAttribute currentAttribute : sourceAttributeList) {
- Logger.debug("Evaluating currentattribute " + currentAttribute.getName());
- if (currentAttribute.getName().equals("mandateContent")) {
+ Logger.debug("Evaluating attributes, current attribute: " + currentAttribute.getName());
+ if (currentAttribute.getName().equals("mandateContent")) { // deprecated
MandateContentType mandateContent = getMandateContent(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, mandateContent));
- } else if (currentAttribute.getName().equals("representative")) { // TODO CHECK IN DETAIL
+ } else if (currentAttribute.getName().equals("representative")) { // deprecated
RepresentationPersonType representative = getRepresentative(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, representative));
-
- //attributeList.add(getRepresentative(mandateContainer, currentAttribute));
} else if (currentAttribute.getName().equals("represented")) {
- //attributeList.add(getRepresented(mandateContainer, currentAttribute));
RepresentationPersonType represented = getRepresented(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, represented));
-
} else if (currentAttribute.getName().equals("mandate")) {
- //attributeList.add(getMandateType(mandateContainer, currentAttribute));
MandateType mandateType = getMandateType(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, mandateType));
-
} else if (currentAttribute.getName().equals("legalName")) {
String legalName = getLegalName(mandateContainer, currentAttribute);
if (legalName.length() > 0) {
@@ -180,6 +179,11 @@ public class MandateRetrievalRequest implements IAction {
}
}
+ if (currentAttribute.getName().equals("eIdentifier")) {
+ attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(geteIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), moaStorkRequest.getStorkAttrQueryRequest().getSpCountry())), AttributeStatusType.AVAILABLE.value()));
+ Logger.info("Adding eIdentifier for mandate holder using SP country: " + moaStorkRequest.getStorkAttrQueryRequest().getSpCountry());
+ }
+
}
@@ -228,7 +232,7 @@ public class MandateRetrievalRequest implements IAction {
if (qaaLevel.equals(PVPConstants.STORK_QAA_1_4))
return 4;
Logger.error("Wrong QAA Number format");
- throw new MOAIDException("stork.16", new Object[]{});
+ throw new MOAIDException("stork.28", new Object[]{});
}
private String geteLPIdentifier(MandateContainer mandateContainer, PersonalAttribute currentAttribute) throws MOAIDException {
@@ -237,11 +241,20 @@ public class MandateRetrievalRequest implements IAction {
return represented.getELPIdentifier();
} else if (currentAttribute.isRequired()) {
Logger.error("Cannot provide eLPIdentifier for natural person.");
- throw new MOAIDException("stork.19", new Object[]{currentAttribute.getName()}); // TODO
+ throw new MOAIDException("stork.29", new Object[]{currentAttribute.getName()});
}
return "";
}
+ private String geteIdentifier(String identificationType, String identificationValue, String destinationCountry) throws MOAIDException {
+ BPKBuilder bpkBuilder = new BPKBuilder();
+ try {
+ return bpkBuilder.buildStorkeIdentifier(identificationType, identificationValue, destinationCountry);
+ } catch (BuildException be) {
+ Logger.error("Could not build STORK eIdentifier while generating mandate assertion.");
+ throw new MOAIDException("stork.29", new Object[]{});
+ }
+ }
private PersonalAttribute marshallComplexAttribute(PersonalAttribute currentAttribute, Object obj) { // TODO refactor
StringWriter stringWriter = new StringWriter();
@@ -456,7 +469,6 @@ public class MandateRetrievalRequest implements IAction {
private String getRepresentedStorkeIdentifier(MandateContainer mandateContainer) throws MOAIDException {
- //String identificationType, String identificationValue
if (!(mandateContainer instanceof PhyPersonMandateContainer)) {
Logger.error("Physical person mandate container missing");
throw new MOAIDException("stork.20", new Object[]{}); // TODO
@@ -479,13 +491,7 @@ public class MandateRetrievalRequest implements IAction {
throw new MOAIDException("stork.20", new Object[]{}); // TODO
}
- BPKBuilder bpkBuilder = new BPKBuilder();
- try {
- return bpkBuilder.buildStorkeIdentifier(phyPersonMandateContainer.getPhyPersMandatorIdentificationType(), phyPersonMandateContainer.getPhyPersMandatorIdentificationValue(), this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry());
- } catch (BuildException be) {
- Logger.error("Could not build STORK eIdentifier while generating mandate assertion.");
- throw new MOAIDException("stork.20", new Object[]{}); // TODO
- }
+ return geteIdentifier(phyPersonMandateContainer.getPhyPersMandatorIdentificationType(), phyPersonMandateContainer.getPhyPersMandatorIdentificationValue(), this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry());
}
private String getRepresentingStorkeIdentifier(MandateContainer mandateContainer) throws MOAIDException {
@@ -522,6 +528,7 @@ public class MandateRetrievalRequest implements IAction {
Logger.error("Could not build STORK eIdentifier while generating mandate assertion.");
throw new MOAIDException("stork.20", new Object[]{}); // TODO
}
+
}
private RepresentationPersonType getRepresentative(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
index ba89663ab..c715b65eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
@@ -109,7 +109,8 @@ public class PhyPersonMandateContainer extends MandateContainer {
}
public void setPhyPersMandatorBirthDate(String phyPersMandatorBirthDate) {
- this.phyPersMandatorBirthDate = phyPersMandatorBirthDate;
+ // making it conform to STORK dateOfBirth specifications, removing dash
+ this.phyPersMandatorBirthDate = phyPersMandatorBirthDate.replaceAll("-","");
}
public String getPhyPersMandatorIdentificationValue() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
index f4d963645..f671f0807 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
@@ -73,6 +73,7 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
return "MandateAttributeRequestProvider";
}
+ // TODO check if used
@Override
protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName());
@@ -85,10 +86,14 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName());
throw new UnsupportedAttributeException();
}
- PersonalAttributeList result = new PersonalAttributeList();
- //return result;
-
+ // check if there is eIdentifier included and add if necessary
+// if (!requestedAttributes.containsKey("eIdentifier")) {
+// PersonalAttribute eIdentifier = new PersonalAttribute();
+ // eIdentifier.setName("eIdentifier");
+// eIdentifier.setIsRequired(true);
+// requestedAttributes.add(eIdentifier);
+// }
Logger.info("Thrown external request by: " + getAttrProviderName());
throw new ExternalAttributeRequestRequiredException(this);
@@ -111,10 +116,12 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
// continue with other attribute providers if there are no attributes current provider is able to handle
if (requestedAttributes.size() == 0) {
- Logger.info("Attribute(s) " + attributes.toString() + " not supported by the provider: " + getAttrProviderName());
+ Logger.info("Attribute(s) " + attributes.toString() + " not supported by the provider: " + getAttrProviderName());
throw new UnsupportedAttributeException();
}
+
+
Logger.info("Thrown external request by: " + getAttrProviderName());
throw new ExternalAttributeRequestRequiredException(this);
}
@@ -144,7 +151,14 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
}
-
+ // TODO ensure that other providers request eidentifier
+ // check if there is eIdentifier included and add if necessary
+ if (!requestedAttributes.containsKey("eIdentifier")) {
+ PersonalAttribute eIdentifier = new PersonalAttribute();
+ eIdentifier.setName("eIdentifier");
+ eIdentifier.setIsRequired(true);
+ requestedAttributes.add(eIdentifier);
+ }
//generate AttrQueryRequest
STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index ad01644a1..0d91fc2c0 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -232,6 +232,11 @@ stork.21=Der angeforderte QAA-level {0} ist h\u00F6her als der QAA-level der Aut
stork.22=Der STORK Authentifizierung erfordert die Auswahl des Herkunftslandes der Betroffenen.
stork.23=Die STORK Authentifizierung f\u00FCr "{0}" wird nicht unterst\u00FCtzt.
stork.24=Die STORK Authentifizierungsantwort enth\uFFFDlt leere Angaben zum Geschlecht.
+stork.25=Die Attribute referenzieren verschiedene Personen.
+stork.26=Fehler bei der Extrahierung von Vollmachtendaten.
+stork.27=Fehler bei der Verarbeitung von STORKRequest.
+stork.28=Fehler bei der Umwandelung von QAA Daten.
+stork.29=Fehler bei der Generierung von STORK-Attribut (eIdentifier/eLPIdentifier)
pvp2.00={0} ist kein gueltiger consumer service index
pvp2.01=Fehler beim kodieren der PVP2 Antwort