Merge branch 'eSense_eIDAS_development' into moa-id-3.2_(OPB)

Conflicts:
	id/server/idserverlib/pom.xml
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
	id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java

2 files changed, 213 insertions, 14 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 57a5316e8..fe29dd2b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,7 +32,9 @@ import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map.Entry;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -62,6 +64,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameTy
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
@@ -69,6 +72,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -790,16 +794,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	
 		//set STORK attributes
 		if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {				
-			authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));				
-			authData.setForeigner(true);
+			try {
+				authData.setGenericData(AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+						extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
+				authData.setForeigner(true);
+				
+			} catch (SessionDataStorageException e) {
+				Logger.warn("STORK Response can not stored into generic authData.", e);
+				
+			}				
 			
-		}
-	
-		if (!extractor.getSTORKAttributes().isEmpty()) {
-			authData.setStorkAttributes(extractor.getSTORKAttributes());
-			authData.setForeigner(true);
 			
 		}
+	
+//		if (!extractor.getSTORKAttributes().isEmpty()) {
+//			authData.setStorkAttributes(extractor.getSTORKAttributes());
+//			authData.setForeigner(true);
+//			
+//		}
 				
 		authData.setSsoSession(true);
 		authData.setInterfederatedSSOSession(true);
@@ -889,10 +901,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 		authData.setBkuURL(session.getBkuURL());
 		
-		authData.setStorkAttributes(session.getStorkAttributes());
-		authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
-		authData.setStorkRequest(session.getStorkAuthnRequest());
-		
+		//copy all generic authentication information to authData
+		if (session.getGenericSessionDataStorage() != null &&  
+				!session.getGenericSessionDataStorage().isEmpty()) {
+			Iterator<Entry<String, Object>> copyInterator = session.getGenericSessionDataStorage().entrySet().iterator();
+			while (copyInterator.hasNext()) {
+				Entry<String, Object> element = copyInterator.next();
+				try {
+					authData.setGenericData(element.getKey(), element.getValue());
+					
+				} catch (SessionDataStorageException e) {
+					Logger.warn("Can not add generic authData with key:" + element.getKey(), e);
+					
+				}				
+			}									
+		}
+								
 		authData.setSignerCertificate(session.getEncodedSignerCertificate());
 		authData.setAuthBlock(session.getAuthBlock());
 		
@@ -923,9 +947,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 			
 			if (MiscUtil.isEmpty(authData.getCcc())) {
-				if (authData.getStorkAuthnRequest() != null) {
-					authData.setCcc(authData.getStorkAuthnRequest().getCitizenCountryCode());
-					Logger.info("Can not extract country from certificate -> Use country from STORK request.");
+				String storkCCC = authData.getGenericData(
+						AuthenticationSessionStorageConstants.STORK_CCC, String.class);
+				
+				if (MiscUtil.isNotEmpty(storkCCC)) {
+					authData.setCcc(storkCCC);
+					Logger.info("Can not extract country from certificate -> Use country:" + storkCCC + " from STORK request.");
 					
 				}
 								
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
new file mode 100644
index 000000000..e321c9d05
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureVerificationUtils {
+	  /** shortcut for XMLNS namespace URI */
+	  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+	  /** shortcut for MOA namespace URI */
+	  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+	  /** The DSIG-Prefix */
+	  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+	  
+	  /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+	  private Document requestDoc_;
+	  /** the <code>VerifyXMLsignatureRequest</code> root element */
+	  private Element requestElem_;
+	
+	  
+	  public SignatureVerificationUtils() throws BuildException {
+		  try {
+		        DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();        
+		        requestDoc_ = docBuilder.newDocument();
+		        requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+		        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+		        requestDoc_.appendChild(requestElem_); 
+		        
+		  } catch (Throwable t) {
+		        throw new BuildException(
+		          "builder.00", 
+		          new Object[] {"VerifyXMLSignatureRequest", t.toString()}, 
+		          t);
+		  }
+	  }
+	  
+	  public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {		  
+		  try {
+			  //build signature-verification request
+			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
+
+			  //send signature-verification to MOA-SP 
+			  Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+			  		.verifyXMLSignature(domVerifyXMLSignatureRequest);
+			
+			// parses the <VerifyXMLSignatureResponse>
+			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+					domVerifyXMLSignatureResponse).parseData();
+			
+			return verifyXMLSignatureResponse;
+			  
+		  } catch (ParseException e) {
+			  Logger.error("Build signature-verification request FAILED." ,e);
+			  throw e;
+			
+		  } catch (ServiceException e) {
+			  Logger.error("MOA-SP signature verification FAILED." ,e);
+			  throw e;
+			  
+		}
+		 				  
+	  }
+	  
+	/**
+	   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+	   * from an IdentityLink with a known trustProfileID which 
+	   * has to exist in MOA-SP
+	   * @param signature - The XML signature as byte[]
+	   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+	   * 
+	   * @return Element - The complete request as Dom-Element
+	   * 
+	   * @throws ParseException
+	   */
+	  private Element build(byte[] signature, String trustProfileID)
+	    throws ParseException 
+	  { 
+	    try {
+	      // build the request
+	      Element verifiySignatureInfoElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+	      requestElem_.appendChild(verifiySignatureInfoElem);
+	      Element verifySignatureEnvironmentElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+	      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+	      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+	      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+
+	      // insert the base64 encoded signature	      
+	      String base64EncodedAssertion = Base64Utils.encode(signature);
+	      //replace all '\r' characters by no char.
+	      StringBuffer replaced = new StringBuffer();
+	      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+	        char c = base64EncodedAssertion.charAt(i);
+	        if (c != '\r') {
+	          replaced.append(c);
+	        }
+	      }
+	      base64EncodedAssertion = replaced.toString();
+	      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+	      base64ContentElem.appendChild(base64Content);      
+	     
+	      // specify the signature location
+	      Element verifySignatureLocationElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+	      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+	      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+	      verifySignatureLocationElem.appendChild(signatureLocation);      
+	      
+	      // signature manifest params
+	      Element signatureManifestCheckParamsElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+	      requestElem_.appendChild(signatureManifestCheckParamsElem);
+	      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+
+	      Element returnHashInputDataElem = 
+	        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+	      requestElem_.appendChild(returnHashInputDataElem);
+
+	      //add trustProfileID
+	      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+	      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+	      requestElem_.appendChild(trustProfileIDElem);
+	    } catch (Throwable t) {
+	      throw new ParseException("builder.00", 
+	        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+	    }
+
+	    return requestElem_;
+	  }
+}