aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa
diff options
context:
space:
mode:
authormcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>2010-07-02 07:14:41 +0000
committermcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>2010-07-02 07:14:41 +0000
commit68af85701b6f797b0d662b89b95e043ee949defd (patch)
tree070935cdd1144aeeb8ce6adddd0da34a72e6ffef /id/server/idserverlib/src/main/java/at/gv/egovernment/moa
parent3d707db8bf4ec346b8ab6185b8e5ac5403bf2b0a (diff)
downloadmoa-id-spss-68af85701b6f797b0d662b89b95e043ee949defd.tar.gz
moa-id-spss-68af85701b6f797b0d662b89b95e043ee949defd.tar.bz2
moa-id-spss-68af85701b6f797b0d662b89b95e043ee949defd.zip
Merged branch 1.4.7_MOASP_TSL back into trunk.
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1165 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java417
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java126
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java94
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java287
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java286
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java116
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java194
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java158
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java29
37 files changed, 2351 insertions, 201 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 971fbcef2..fcaa4f053 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -19,7 +19,6 @@ import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Calendar;
@@ -34,7 +33,6 @@ import java.util.Vector;
import javax.xml.transform.TransformerException;
-import org.apache.axis.AxisFault;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -90,7 +88,6 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
@@ -176,9 +173,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
+ throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
ConnectionParameter bkuConnParam =
AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
@@ -193,7 +190,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (!oaParam.getBusinessService()) {
if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
} else {
if (!isEmpty(target)) {
Logger.info("Ignoring target parameter thus application type is \"businessService\"");
@@ -220,7 +217,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// bkuSelectionType==HTMLSelect
String bkuSelectTag;
try {
- bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
+ bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
} catch (Throwable ex) {
throw new AuthenticationException(
"auth.11",
@@ -273,9 +270,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Creates an HTML form for querying the identity link from the
* security layer implementation.
* <br>Form parameters include
- * <ul>
+ * <ul>
* <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>the data URL where the security layer implementation sends it response to</li>
+ * <li>the data URL where the security layer implementation sends it response to</li>
* </ul>
* </ul>
* @param authURL URL of the servlet to be used as data URL
@@ -302,7 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (isEmpty(sessionID)) {
if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication", "AuthURL");
+ throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
//check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
String boolStr =
@@ -311,7 +308,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA);
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
}
AuthenticationSession session;
OAAuthParameter oaParam;
@@ -327,7 +324,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.00", new Object[] { oaURL });
if (!oaParam.getBusinessService()) {
if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
} else {
target = null;
}
@@ -411,8 +408,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Verifies all additional infoboxes returned from the BKU</li>
* <li>Creates an authentication block to be signed by the user</li>
* <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the
- * security layer implementation</li>
+ * containg the authentication block, meant to be returned to the
+ * security layer implementation</li>
* </ul>
*
* @param sessionID ID of associated authentication session data
@@ -441,6 +438,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.01", new Object[] { sessionID });
session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ // check if an identity link was found
+ // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform (SL1.2))
+ CharSequence se = "ErrorCode>2911".substring(0);
+ boolean b = xmlInfoboxReadResponse.contains(se);
+ if (b) { // no identity link found
+ Logger.info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID.");
+ return null;
+ }
+ // spezifikationsgemäßer (SL1.2) Errorcode
+ se = "ErrorCode>4002";
+ b = xmlInfoboxReadResponse.contains(se);
+ if (b) { // Unbekannter Infoboxbezeichner
+ Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID.");
+ return null;
+ }
+
// parses the <InfoboxReadResponse>
IdentityLink identityLink =
new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
@@ -495,6 +509,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ //BZ.., calculate bPK for signing to be already present in AuthBlock
+ IdentityLink identityLink = session.getIdentityLink();
+ if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(
+ identityLink.getIdentificationValue(),
+ session.getTarget());
+ identityLink.setIdentificationValue(bpkBase64);
+ }
+ //..BZ
+
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session);
@@ -514,6 +540,186 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
+ * Returns a CreateXMLSignatureRequest for the foreign ID.<br>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param infoboxReadResponseParameters The parameters from the response returned from
+ * the BKU
+ * @param cert The certificate of the foreign ID
+ * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+
+
+ AuthenticationSession session = getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+
+
+ return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam);
+ }
+
+ public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
+ throws
+ ConfigurationException,
+ BuildException,
+ ValidateException {
+
+
+ if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
+ if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
+ getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ //BZ.., calculate bPK for signing to be already present in AuthBlock
+// IdentityLink identityLink = session.getIdentityLink();
+// if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+// // only compute bPK if online application is a public service and we have the Stammzahl
+// String bpkBase64 = new BPKBuilder().buildBPK(
+// identityLink.getIdentificationValue(),
+// session.getTarget());
+// identityLink.setIdentificationValue(bpkBase64);
+// }
+ //..BZ
+
+
+ // builds the AUTH-block
+ String authBlock = buildAuthenticationBlock(session);
+// session.setAuthBlock(authBlock);
+ // builds the <CreateXMLSignatureRequest>
+ String[] transformsInfos = oaParam.getTransformsInfos();
+ if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+ // no OA specific transforms specified, use default ones
+ transformsInfos = authConf.getTransformsInfos();
+ }
+ String createXMLSignatureRequest =
+ new CreateXMLSignatureRequestBuilder().build(authBlock,
+ oaParam.getKeyBoxIdentifier(),
+ transformsInfos,
+ oaParam.getSlVersion12());
+ return createXMLSignatureRequest;
+}
+
+ /**
+ * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses response enclosed in <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies signature by calling the MOA SP component</li>
+ * <li>Returns the signer certificate</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param createXMLSignatureResponseParameters The parameters from the response returned from
+ * the BKU including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ */
+ public X509Certificate verifyXMLSignature(String sessionID, Map createXMLSignatureResponseParameters)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
+
+
+ String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE);
+
+ System.out.println(xmlCreateXMLSignatureResponse);
+
+ if (isEmpty(xmlCreateXMLSignatureResponse))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
+
+ AuthenticationSession session = getSession(sessionID);
+ /*if (session.getTimestampIdentityLink() != null)
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });*/
+ //session.setTimestampIdentityLink();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+
+ // parses the <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse createXMLSignatureResponse = p.parseResponseDsig();
+
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest =
+ new VerifyXMLSignatureRequestBuilder().buildDsig(
+ createXMLSignatureResponse, authConf.getMoaSpAuthBlockTrustProfileID());
+
+ // invokes the call
+ Element domVerifyXMLSignatureResponse =
+ new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse =
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+
+
+ //int code = verifyXMLSignatureResponse.getSignatureCheckCode();
+
+ return verifyXMLSignatureResponse.getX509certificate();
+
+ }
+
+ /**
+ * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses response enclosed in <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies signature by calling the MOA SP component</li>
+ * <li>Returns the signer certificate</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param readInfoboxResponseParameters The parameters from the response returned from
+ * the BKU including the <code>&lt;ReadInfoboxResponse&gt;</code>
+ */
+ public X509Certificate getCertificate(String sessionID, Map readInfoboxResponseParameters)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
+
+
+ String xmlReadInfoboxResponse = (String)readInfoboxResponseParameters.get(PARAM_XMLRESPONSE);
+
+ if (isEmpty(xmlReadInfoboxResponse))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE});
+
+ // parses the <CreateXMLSignatureResponse>
+ InfoboxReadResponseParser p = new InfoboxReadResponseParser(xmlReadInfoboxResponse);
+ X509Certificate cert = p.parseCertificate();
+
+ return cert;
+
+ }
+
+ /**
* Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
* @param session authentication session
*
@@ -523,16 +729,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* to be appended to the AUTH-Block.
*/
private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getName();
- String gebDat = identityLink.getDateOfBirth();
- String identificationValue = identityLink.getIdentificationValue();
- String identificationType = identityLink.getIdentificationType();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ IdentityLink identityLink = session.getIdentityLink();
+ String issuer = identityLink.getName();
+ String gebDat = identityLink.getDateOfBirth();
+ String identificationValue = identityLink.getIdentificationValue();
+ String identificationType = identityLink.getIdentificationType();
+
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
+ //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+ //String oaURL = session.getPublicOAURLPrefix();
+ String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(
issuer,
@@ -824,19 +1033,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
* <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
* <li>Parses authentication block enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
* <li>Verifies authentication block by calling the MOA SP component</li>
* <li>Creates authentication data</li>
* <li>Creates a corresponding SAML artifact</li>
* <li>Stores authentication data in the authentication data store
- * indexed by the SAML artifact</li>
+ * indexed by the SAML artifact</li>
* <li>Deletes authentication session</li>
* <li>Returns the SAML artifact, encoded BASE64</li>
* </ul>
*
* @param sessionID session ID of the running authentication session
* @param xmlCreateXMLSignatureReadResponse String representation of the
- * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
* @return SAML artifact needed for retrieving authentication data, encoded BASE64
*/
public String verifyAuthenticationBlock(
@@ -851,9 +1060,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
ValidateException {
if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
if (isEmpty(xmlCreateXMLSignatureReadResponse))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
// parses <CreateXMLSignatureResponse>
@@ -874,11 +1083,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
// debug output
-
+
// invokes the call
Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
// debug output
-
+
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
@@ -1015,6 +1224,150 @@ public class AuthenticationServer implements MOAIDAuthConstants {
"Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
}
+
+ /**
+ * Gets the foreign authentication data.<br>
+ * <ul>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store
+ * indexed by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+ */
+ public String getForeignAuthenticationData(
+ String sessionID)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ServiceException,
+ ValidateException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+
+ AuthenticationSession session = getSession(sessionID);
+ //AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ try {
+ String serializedAssertion = DOMUtils.serializeNode(session.getIdentityLink().getSamlAssertion());
+ session.setAuthBlock(serializedAssertion);
+ } catch (TransformerException e) {
+ throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ } catch (IOException e) {
+ throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ }
+ // post processing of the infoboxes
+ Iterator iter = session.getInfoboxValidatorIterator();
+ boolean formpending = false;
+ if (iter != null) {
+ while (!formpending && iter.hasNext()) {
+ Vector infoboxValidatorVector = (Vector) iter.next();
+ String identifier = (String) infoboxValidatorVector.get(0);
+ String friendlyName = (String) infoboxValidatorVector.get(1);
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+ InfoboxValidationResult infoboxValidationResult = null;
+ try {
+ infoboxValidationResult = infoboxvalidator.validate(session.getIdentityLink().getSamlAssertion());
+ } catch (ValidateException e) {
+ Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
+ throw new ValidateException(
+ "validator.44", new Object[] {friendlyName});
+ }
+ if (!infoboxValidationResult.isValid()) {
+ Logger.info("Validation of " + identifier + " infobox failed.");
+ throw new ValidateException(
+ "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+ }
+ String form = infoboxvalidator.getForm();
+ if (ParepUtils.isEmpty(form)) {
+ AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
+ } else {
+ return "Redirect to Input Processor";
+ }
+ }
+ }
+
+ // Exchange person data information by a mandate if needed
+ List oaAttributes = session.getExtendedSAMLAttributesOA();
+ IdentityLink replacementIdentityLink = null;
+ if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) {
+ // look if we have a mandate
+ boolean foundMandate = false;
+ Iterator it = oaAttributes.iterator();
+ while (!foundMandate && it.hasNext()) {
+ ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
+ if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) {
+ Object value = samlAttribute.getValue();
+ if (value instanceof Element) {
+ Element mandate = (Element) value;
+ replacementIdentityLink = new IdentityLink();
+ Element mandator = ParepUtils.extractMandator(mandate);
+ String dateOfBirth = "";
+ Element prPerson = null;
+ String familyName = "";
+ String givenName = "";
+ String identificationType = "";
+ String identificationValue = "";
+ if (mandator != null) {
+ boolean physical = ParepUtils.isPhysicalPerson(mandator);
+ if (physical) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ familyName = ParepUtils.extractMandatorFullName(mandator);
+ }
+ identificationType = ParepUtils.getIdentification(mandator, "Type");
+ identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+ if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
+ // now we calculate the wbPK and do so if we got it from the BKU
+ identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
+ identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
+ ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
+ }
+
+ }
+ replacementIdentityLink.setDateOfBirth(dateOfBirth);
+ replacementIdentityLink.setFamilyName(familyName);
+ replacementIdentityLink.setGivenName(givenName);
+ replacementIdentityLink.setIdentificationType(identificationType);
+ replacementIdentityLink.setIdentificationValue(identificationValue);
+ replacementIdentityLink.setPrPerson(prPerson);
+ try {
+ replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
+ } catch (Exception e) {
+ throw new ValidateException("validator.64", null);
+ }
+ } else {
+ Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\"");
+ throw new ValidateException("validator.64", null);
+ }
+ }
+ }
+ }
+
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
+ X509Certificate cert = session.getForeignSignerCertificate();
+ vsresp.setX509certificate(cert);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
+ String samlArtifact =
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ storeAuthenticationData(samlArtifact, authData);
+
+ // invalidates the authentication session
+ sessionStore.remove(sessionID);
+ Logger.info(
+ "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
+ }
+
/**
* Builds the AuthenticationData object together with the
* corresponding <code>&lt;saml:Assertion&gt;</code>
@@ -1076,13 +1429,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setWBPK(identityLink.getIdentificationValue());
} else {
authData.setBPK(identityLink.getIdentificationValue());
+
+ //BZ.., calculation of bPK already before sending AUTHBlock
+ /*
if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
// only compute bPK if online application is a public service and we have the Stammzahl
String bpkBase64 = new BPKBuilder().buildBPK(
identityLink.getIdentificationValue(),
session.getTarget());
authData.setBPK(bpkBase64);
- }
+ }*/
+
}
String ilAssertion =
oaParam.getProvideIdentityLink()
@@ -1186,7 +1543,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param id Session ID
* @return AuthenticationSession created
* @exception AuthenticationException
- * thrown when an <code>AuthenticationSession</code> is running
+ * thrown when an <code>AuthenticationSession</code> is running
* already for the given session ID
*/
private static AuthenticationSession newSession() throws AuthenticationException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 5aa1bf45e..88859dc3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -54,6 +54,10 @@ public interface MOAIDAuthConstants {
public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */
+ public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
+ public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
/** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
index 398a6731d..f4827c189 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
@@ -29,8 +29,10 @@ public class WrongParametersException extends MOAIDException {
/**
* Constructor
*/
- public WrongParametersException(String call, String parameter) {
- super("auth.05", new Object[] {call, parameter});
+ public WrongParametersException(String call, String parameter, String errorID) {
+ super(errorID, new Object[] {call, parameter});
+ //super("auth.5", new Object[] {call, parameter});
+ //super("auth.12", new Object[] {call, parameter});
}
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index f9d8e7091..d684c16c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -18,11 +18,21 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
import java.util.List;
+import org.w3c.dom.Element;
+
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
/**
* Builder for the authentication block <code>&lt;saml:Assertion&gt;</code>
@@ -66,6 +76,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" </saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
+
+ private static String PR_IDENTIFICATION_ATTRIBUTE =
+ " <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
+ " <pr:Value>{0}</pr:Value>" + NL +
+ " <pr:Type>{1}</pr:Type>" + NL +
+ " </pr:Identification>" + NL;
+
/**
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
*/
@@ -123,20 +140,72 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
+
+ //BZ.., reading OA parameters
+ OAAuthParameter oaParam;
+ try {
+ oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+ //..BZ
+
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
- // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
- gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
- wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+ // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+ gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+ wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+
+ //BZ.., adding type of wbPK domain identifier
+ ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute =
+ new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
+ //..BZ
+
} else {
- // We do not have a wbPK, therefore no SAML-Attribute is provided
- session.setSAMLAttributeGebeORwbpk(false);
+ // We do not have a wbPK, therefore no SAML-Attribute is provided
+ session.setSAMLAttributeGebeORwbpk(false);
}
} else {
- gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+ // OA is a govermental application
+ //BZ..
+ String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+ //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+ gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
+ //..BZ
+
+ //BZ.., no business service, adding bPK
+
+ Element bpkSamlValueElement;
+ try {
+ bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement();
+ } catch (Exception e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+ ExtendedSAMLAttribute bpkAttribute =
+ new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(bpkAttribute);
+ //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+ wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+ //..BZ
}
+ //BZ.., adding friendly name of OA
+ String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
+
+ ExtendedSAMLAttribute oaFriendlyNameAttribute =
+ new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+ //..BZ
+
String assertion;
try {
assertion = MessageFormat.format(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
new file mode 100644
index 000000000..9227d5303
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
@@ -0,0 +1,126 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+
+/**
+ * Builder for CreateXMLSignatureRequest to sign data from a foreign
+ * eID card.
+ *
+ */
+
+public class CreateXMLSignatureRequestBuilderForeign extends Builder {
+
+ /** special tag in the XML template to be substituted for the KeyboxIdentifier */
+ private static final String KEYBOXID_TAG = "<KEYBOXID>";
+ /** special tag in the XML template to be substituted for the content */
+ private static final String XMLCONTENT_TAG = "<XMLContent>";
+ /** private static int all contains the representation to replace all tags*/
+ private static final int ALL = -1;
+
+ /** default HTML template */
+ private static final String DEFAULT_XML_TEMPLATE =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
+ "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" +
+ "<sl:DataObjectInfo Structure=\"enveloping\">" +
+ "<sl:DataObject>" +
+ "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
+ "</sl:DataObject>" +
+ "<sl:TransformsInfo>" +
+ "<sl:FinalDataMetaInfo>" +
+ "<sl:MimeType>text/plain</sl:MimeType>" +
+ "</sl:FinalDataMetaInfo>" +
+ "</sl:TransformsInfo>" +
+ "</sl:DataObjectInfo>" +
+ "</sl:CreateXMLSignatureRequest>";
+
+ /** default HTML template */
+ private static final String DEFAULT_XHTML_TEMPLATE =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
+ "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" +
+ "<sl:DataObjectInfo Structure=\"enveloping\">" +
+ "<sl:DataObject>" +
+ "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
+ "</sl:DataObject>" +
+ "<sl:TransformsInfo>" +
+ "<sl:FinalDataMetaInfo>" +
+ "<sl:MimeType>application/xhtml+xml</sl:MimeType>" +
+ "</sl:FinalDataMetaInfo>" +
+ "</sl:TransformsInfo>" +
+ "</sl:DataObjectInfo>" +
+ "</sl:CreateXMLSignatureRequest>";
+
+ /**
+ * Constructor for CreateXMLSignatureRequestBuilderForeign.
+ */
+ public CreateXMLSignatureRequestBuilderForeign() {
+ super();
+ }
+ /**
+ * Builds the XML request.
+ *
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String build(
+ String keyboxIdentifier,
+ String xmlContent)
+ throws BuildException
+ {
+ String xmlRequest = DEFAULT_XHTML_TEMPLATE;
+ xmlRequest = replaceTag(xmlRequest, KEYBOXID_TAG, keyboxIdentifier, true, ALL);
+ //htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+ xmlRequest = replaceTag(xmlRequest, XMLCONTENT_TAG, xmlContent, true, ALL);
+ return xmlRequest;
+ }
+ /**
+ * Encodes a string for inclusion as a parameter in the form.
+ * Double quotes are substituted by <code>"&amp;quot;"</code>.
+ * @param s the string to be encoded
+ * @return the string encoded
+ * @throws BuildException on any exception encountered
+ */
+ public static String encodeParameter(String s) throws BuildException {
+ StringReader in = new StringReader(s);
+ StringWriter out = new StringWriter();
+ try {
+ for (int ch = in.read(); ch >= 0; ch = in.read()) {
+ if (ch == '"')
+ out.write("&quot;");
+ else if (ch == '<')
+ out.write("&lt;");
+ else if (ch == '>')
+ out.write("&gt;");
+ else if (ch == 'ä')
+ out.write("&auml;");
+ else if (ch == 'ö')
+ out.write("&ouml;");
+ else if (ch == 'ü')
+ out.write("&uuml;");
+ else if (ch == 'Ä')
+ out.write("&Auml;");
+ else if (ch == 'Ö')
+ out.write("&Ouml;");
+ else if (ch == 'Ü')
+ out.write("&Uuml;");
+ else if (ch == 'ß')
+ out.write("&szlig;");
+ else
+ out.write(ch);
+ }
+ }
+ catch (IOException ex) {
+ throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()});
+ }
+ return out.toString();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
new file mode 100644
index 000000000..60feb7d2f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
@@ -0,0 +1,94 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;InfoboxReadRequest&gt;</code> structure
+ * used for requesting the identity link from the security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id: InfoboxReadRequestBuilder.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public class InfoboxReadRequestBuilderCertificate implements Constants {
+
+
+ /**
+ * Constructor for InfoboxReadRequestBuilder.
+ */
+ public InfoboxReadRequestBuilderCertificate() {
+ }
+
+
+ /**
+ * Builds an <code>&lt;InfoboxReadRequest&gt;</code>.
+ *
+ * @param slVersion12 specifies whether the Security Layer version is
+ * version 1.2 or not
+ * @param businessService specifies whether the online application is a
+ * business service or not
+ * @param identityLinkDomainIdentifier the identification number of the business
+ * company; maybe <code>null</code> if the OA
+ * is a public service; must not be <code>null</code>
+ * if the OA is a business service
+ *
+ * @return <code>&lt;InfoboxReadRequest&gt;</code> as String
+ */
+ public String build(boolean slVersion12) {
+
+ String slPrefix;
+ String slNsDeclaration;
+
+ if (slVersion12) {
+ slPrefix = SL12_PREFIX;
+ slNsDeclaration = SL12_NS_URI;
+ } else {
+ slPrefix = SL10_PREFIX;
+ slNsDeclaration = SL10_NS_URI;
+ }
+
+ StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":InfoboxReadRequest xmlns:");
+ sb.append(slPrefix);
+ sb.append("=\"");
+ sb.append(slNsDeclaration);
+ sb.append("\">");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":InfoboxIdentifier>Certificates</");
+ sb.append(slPrefix);
+ sb.append(":InfoboxIdentifier>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":AssocArrayParameters>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":ReadValue Key=\"SecureSignatureKeypair\"/>");
+ sb.append("</");
+ sb.append(slPrefix);
+ sb.append(":AssocArrayParameters>");
+ sb.append("</");
+ sb.append(slPrefix);
+ sb.append(":InfoboxReadRequest>");
+
+ return sb.toString();
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index ffe4ad9b6..a14d0325f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -217,5 +217,67 @@ public class VerifyXMLSignatureRequestBuilder {
return requestElem_;
}
+
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from the signed data with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param csr - signed AUTH-Block
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ * @return Element - The complete request as Dom-Element
+ * @throws ParseException
+ */
+ public Element buildDsig(
+ CreateXMLSignatureResponse csr,
+ String trustProfileID)
+ throws BuildException { //samlAssertionObject
+
+ try {
+ // build the request
+// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:"
+// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+
+ Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+ verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+ xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+
+ // insert the dsig:Signature
+ xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true));
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+ // add the transform profile IDs
+ Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+ signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
+
+ } catch (Throwable t) {
+ throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+ }
+
+ return requestElem_;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 969e628f4..eca02a77b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -15,6 +15,8 @@
*/
package at.gv.egovernment.moa.id.auth.data;
+import iaik.x509.X509Certificate;
+
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
@@ -87,7 +89,11 @@ public class AuthenticationSession {
* service or not
*/
private boolean businessService;
-
+
+ /**
+ * Signer certificate of the foreign citizen
+ */
+ private X509Certificate signerCertificate;
/**
* SAML attributes from an extended infobox validation to be appended
* to the SAML assertion delivered to the final online application.
@@ -149,6 +155,14 @@ public class AuthenticationSession {
infoboxValidators = new ArrayList();
}
+ public X509Certificate getForeignSignerCertificate() {
+ return signerCertificate;
+ }
+
+ public void setForeignSignerCertificate(X509Certificate signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
/**
* Returns the identityLink.
* @return IdentityLink
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
index 81dc2f736..fc3831161 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
@@ -1,18 +1,3 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
package at.gv.egovernment.moa.id.auth.data;
import org.w3c.dom.Element;
@@ -35,6 +20,11 @@ private SAMLAttribute[] samlAttributes;
* the original saml:Assertion-Element
*/
private Element samlAssertion;
+
+ /**
+ * the original dsig:Signature-Element
+ */
+ private Element dsigSignature;
/**
* Returns the samlAssertion.
* @return Element
@@ -44,6 +34,14 @@ public Element getSamlAssertion() {
}
/**
+ * Returns the dsig:Signature
+ * @return Element
+ */
+public Element getDsigSignature() {
+ return dsigSignature;
+}
+
+/**
* Returns the samlAttribute.
* @return SAMLAttribute[]
*/
@@ -67,6 +65,10 @@ public void setSamlAssertion(Element samlAssertion) {
this.samlAssertion = samlAssertion;
}
+public void setDsigSignature(Element dsigSignature) {
+ this.dsigSignature = dsigSignature;
+}
+
/**
* Sets the samlAttribute.
* @param samlAttributes The samlAttributes to set
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index 74bad617c..d5b6f9aa9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
import java.util.List;
import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -129,6 +130,31 @@ public class CreateXMLSignatureResponseParser {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
}
}
+
+ /**
+ * Unmarshalls the <@link sigResponse> to an
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code> object.
+ *
+ * @return a <code>&lt;CreateXMLSignatureResponse&gt;</code> object
+ * @throws ParseException
+ */
+
+ public CreateXMLSignatureResponse parseResponseDsig() throws ParseException {
+ CreateXMLSignatureResponse cResp;
+ try {
+ cResp = new CreateXMLSignatureResponse();
+
+ NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+ Element dsigSignatureNode = (Element) list.item(0);
+
+ Element dsigSignatureElement = (Element) dsigSignatureNode;
+ cResp.setDsigSignature(dsigSignatureElement);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ return cResp;
+ }
/**
* Unmarshalls the <@link sigResponse> to an
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 954488173..b53a1a2dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -15,17 +15,31 @@
*/
package at.gv.egovernment.moa.id.auth.parser;
+import iaik.x509.X509Certificate;
+
import java.io.ByteArrayInputStream;
import java.io.InputStream;
+import java.security.cert.CertificateException;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.axis.encoding.Base64;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
+import com.sun.org.apache.xpath.internal.XPathAPI;
+
/**
* Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
*
@@ -175,6 +189,43 @@ public class InfoboxReadResponseParser {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
return ilParser.parseIdentityLink();
}
+
+ /**
+ * Returns the certificate given in the InfoboxReadResponse
+ * @return
+ * @throws ParseException
+ */
+ public X509Certificate parseCertificate() throws ParseException {
+ try {
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element nameSpaceNode = doc.createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.PD_PREFIX, Constants.PD_NS_URI);
+ nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ nameSpaceNode.setAttribute("xmlns:" + Constants.SL12_PREFIX, Constants.SL12_NS_URI);
+
+ Element base64ContentElement = (Element)XPathAPI.selectSingleNode(infoBoxElem_.getParentNode(), "//sl:Base64Content[1]", nameSpaceNode);
+
+ if (base64ContentElement == null) {
+ throw new ParseException("parser.01", new Object[] { "Could not find Base64Content for X509Certificate."});
+ }
+
+ String base64Content = DOMUtils.getText(base64ContentElement);
+
+ // Decode Base64 value to X509Certificate
+ byte[] content = Base64.decode(base64Content);
+ return new X509Certificate(content);
+
+ } catch (ParserConfigurationException e) {
+ throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+ } catch (TransformerException e) {
+ throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+ } catch (CertificateException e) {
+ throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 0656d37d3..bff0a3fca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -123,6 +123,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
* Logs all servlet parameters for debugging purposes.
*/
protected void logParameters(HttpServletRequest req) {
+ //@TODO Parameter?
for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
String parname = (String)params.nextElement();
Logger.debug("Parameter " + parname + req.getParameter(parname));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
new file mode 100644
index 000000000..0599c79bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -0,0 +1,287 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.axis.encoding.Base64;
+import org.apache.commons.fileupload.FileUploadException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetForeignIDServlet extends AuthServlet {
+
+ /**
+ * Constructor for GetForeignIDServlet.
+ */
+ public GetForeignIDServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET GetForeignIDServlet");
+
+
+ }
+
+ /**
+ * Verifies the identity link and responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/xml"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST GetForeignIDServlet");
+
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ String redirectURL = null;
+ X509Certificate cert = null;
+ AuthenticationSession session = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters);
+
+// Element signature = AuthenticationServer.getInstance().getDsigElement
+// (sessionID, parameters);
+
+// if (signature == null) {
+ if (cert == null) {
+ handleError("Error retrieving signature from foreign eID card.", null, req, resp);
+ }
+ else {
+
+ // make SZR request
+ //Element samlAssertion = getIdentityLink(signature);
+ Element samlAssertion = getIdentityLink(cert);
+
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLink identitylink = ilParser.parseIdentityLink();
+ session.setIdentityLink(identitylink);
+
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+
+ }
+ catch (ParseException ex) {
+ handleError(null, ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ catch (SZRGWClientException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ /**
+ * Does the request to the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param dateofbirth
+ * @return Identity link assertion
+ * @throws SZRGWClientException
+ */
+ /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
+ private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+ //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+ Logger.debug("Connection Parameters: " + connectionParameters);
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (GeneralSecurityException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (PKIException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+
+
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+
+ }
+ // create request
+ Document doc = buildGetIdentityLinkRequest(cert);
+ Element request = doc.getDocumentElement();
+ CreateIdentityLinkResponse response = null;
+
+ //try {
+ response = client.createIdentityLinkResponse(request);
+ //} catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ // client = new SZRGWClient(url);
+ // response = client.createIdentityLinkResponse(request);
+ // }
+
+
+ return response.getAssertion();
+
+ }
+
+ /**
+ * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param birthday
+ * @return
+ */
+ private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+
+ try {
+ byte[] certbyte = cert.getEncoded();
+ String certstring = Base64.encode(certbyte);
+
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+ doc.appendChild(getIdentityLink);
+
+ Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+ getIdentityLink.appendChild(x509certificate);
+ Text certbase64 = doc.createTextNode(certstring);
+ x509certificate.appendChild(certbase64);
+
+ return doc;
+ } catch (ParserConfigurationException e) {
+ e.printStackTrace();
+ } catch (CertificateEncodingException e) {
+ e.printStackTrace();
+ }
+ return null;
+
+ }
+
+ /**
+ * Checks a parameter.
+ * @param param parameter
+ * @return true if the parameter is null or empty
+ */
+ private boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 894b05428..317af3e06 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -73,7 +73,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
} catch (FileUploadException e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
- }
+ }
String sessionID = req.getParameter(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
@@ -124,7 +124,8 @@ public class ProcessValidatorInputServlet extends AuthServlet {
} catch (FileUploadException e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
- }
+ }
+ //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
@@ -142,13 +143,15 @@ public class ProcessValidatorInputServlet extends AuthServlet {
String htmlForm = null;
boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+ //@TODO Parameter
String inputProcessorSignForm = req.getParameter("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
if (doInputProcessorSign) {
- // Test if we have a user input form sign template
+ // Test if we have a user input form sign template
+ //@TODO Parameter
String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
String inputProcessorSignTemplate = null;
OAAuthParameter oaParam =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 78c028767..09b3ae15f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -74,6 +75,7 @@ public class SelectBKUServlet extends AuthServlet {
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
+
String target = req.getParameter(PARAM_TARGET);
String oaURL = req.getParameter(PARAM_OA);
String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
@@ -84,6 +86,16 @@ public class SelectBKUServlet extends AuthServlet {
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
try {
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+
+
String returnValue = AuthenticationServer.getInstance().selectBKU(
authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 961511ee7..8165f90f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -61,18 +62,36 @@ public class StartAuthenticationServlet extends AuthServlet {
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
+
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
- try {
+
+
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+
+
String getIdentityLinkForm =
AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
+
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 43947f6f0..824df9ca8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -16,9 +16,7 @@
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
-import java.util.Iterator;
import java.util.Map;
-import java.util.Vector;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -28,11 +26,10 @@ import org.apache.commons.fileupload.FileUploadException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -99,10 +96,16 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
+ //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
String redirectURL = null;
try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
new file mode 100644
index 000000000..c9c1e794d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.axis.encoding.Base64;
+import org.apache.commons.fileupload.FileUploadException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class VerifyCertificateServlet extends AuthServlet {
+
+ /**
+ * Constructor for VerifyCertificateServlet.
+ */
+ public VerifyCertificateServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyCertificateServlet");
+
+
+ }
+
+ /**
+ * Gets the signer certificate from the InfoboxReadRequest and
+ * responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyCertificateServlet");
+
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ //@TODO Parameter
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ AuthenticationSession session = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+
+ System.out.println(cert);
+
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert);
+
+ System.out.println(createXMLSignatureRequest);
+
+ // build dataurl (to the GetForeignIDSerlvet)
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_GET_FOREIGN_ID,
+ session.getSessionID());
+
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+
+// Logger.debug("Send CreateXMLSignatureRequest to BKU");
+// String keyboxIdentifier = "SecureSignatureKeypair";
+// //String keyboxIdentifier = "CertifiedKeypair";
+// String xmlContent = "<html xmlns=\"http://www.w3.org/1999/xhtml\"> " +
+// "<head><title>CreateXMLSignatureRequest</title>" +
+// "<style type=\"text/css\"/></head>" +
+// "<body>" +
+// "<p>I hereby request to access this e-government application by using my " +
+// "domestic electronic identity. </p>" +
+// "<p>I further affirm that I am not yet registered with the Austrian Central " +
+// "Residents Registry and that I am not obliged to register with the Austrian " +
+// "Central Residents Registry according to Austrian law.</p>" +
+// "<p>In the event I am not yet registered with the Supplementary Register, I " +
+// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>" +
+// "</body></html>";
+//
+// // create the CreateXMLSignatureRequest
+// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilderForeign().build(
+// keyboxIdentifier,
+// xmlContent);
+//
+// // build dataurl (to the GetForeignIDSerlvet)
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_GET_FOREIGN_ID,
+// session.getSessionID());
+//
+// ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+//
+
+
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+ /**
+ * Does the request to the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param dateofbirth
+ * @return Identity link assertion
+ * @throws SZRGWClientException
+ */
+ /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
+ private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+ //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+ Logger.debug("Connection Parameters: " + connectionParameters);
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (GeneralSecurityException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (PKIException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+
+
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+
+ }
+ // create request
+ Document doc = buildGetIdentityLinkRequest(cert);
+ Element request = doc.getDocumentElement();
+ CreateIdentityLinkResponse response = null;
+
+ //try {
+ response = client.createIdentityLinkResponse(request);
+ //} catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ // client = new SZRGWClient(url);
+ // response = client.createIdentityLinkResponse(request);
+ // }
+
+
+ return response.getAssertion();
+
+ }
+
+ /**
+ * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+ * @param givenname
+ * @param familyname
+ * @param birthday
+ * @return
+ */
+ private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+
+ try {
+ byte[] certbyte = cert.getEncoded();
+ String certstring = Base64.encode(certbyte);
+
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+ doc.appendChild(getIdentityLink);
+
+ Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+ getIdentityLink.appendChild(x509certificate);
+ Text certbase64 = doc.createTextNode(certstring);
+ x509certificate.appendChild(certbase64);
+
+ return doc;
+ } catch (ParserConfigurationException e) {
+ e.printStackTrace();
+ } catch (CertificateEncodingException e) {
+ e.printStackTrace();
+ }
+ return null;
+
+ }
+
+ /**
+ * Checks a parameter.
+ * @param param parameter
+ * @return true if the parameter is null or empty
+ */
+ private boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 329749e96..4f98e85e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -25,8 +25,13 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -60,7 +65,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
/**
* Verifies the identity link and responds with a new
- * <code>CreateXMLSignatureRequest</code>.
+ * <code>CreateXMLSignatureRequest</code> or a new <code>
+ * InfoboxReadRequest</code> (in case of a foreign eID card).
* <br>
* Request parameters:
* <ul>
@@ -88,13 +94,56 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
+ //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
+
+
+
try {
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+
+ if (createXMLSignatureRequestOrRedirect == null) {
+
+ System.out.println("Send InfoboxReadRequest to BKU to get signer certificate.");
+ // no identity link found
+ try {
+
+ Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+ // create the InfoboxReadRequest to get the certificate
+ String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+ // build dataurl (to the GetForeignIDSerlvet)
+ String dataurl =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_CERTIFICATE,
+ session.getSessionID());
+
+
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate", dataurl);
+
+ }
+ catch(Exception e) {
+ handleError(null, e, req, resp);
+ }
+
+ }
+ else {
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+ }
+
+ }
+ catch (ParseException ex) {
+ handleError(null, ex, req, resp);
}
+
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 99c49ca09..072b6c48f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -26,6 +26,7 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.StringUtils;
@@ -70,7 +71,7 @@ public class CreateXMLSignatureResponseValidator {
* @throws ValidateException
*/
public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
- throws ValidateException {
+ throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
@@ -123,57 +124,60 @@ public class CreateXMLSignatureResponseValidator {
SAMLAttribute samlAttribute;
if (session.getSAMLAttributeGebeORwbpk()) {
- // check the first attribute ("Geschaeftsbereich" or "wbPK")
- samlAttribute = samlAttributes[0];
- if (businessService) {
- if (!samlAttribute.getName().equals("wbPK")) {
- if (samlAttribute.getName().equals("Geschaeftsbereich")) {
- throw new ValidateException("validator.26", null);
- } else {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
- }
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundWBPK = true;
- try {
- Element attrValue = (Element)samlAttribute.getValue();
- String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
- String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
- if (!value.equals(identityLink.getIdentificationValue())) {
- throw new ValidateException("validator.28", null);
- }
- if (!type.equals(identityLink.getIdentificationType())) {
- throw new ValidateException("validator.28", null);
- }
- } catch (Exception ex) {
- throw new ValidateException("validator.29", null);
- }
- } else {
- throw new ValidateException("validator.30", null);
- }
- } else {
- if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
- if (samlAttribute.getName().equals("wbPK")) {
- throw new ValidateException("validator.26", null);
- } else {
- throw new ValidateException(
- "validator.37",
- new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
- }
- }
- if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundGB = true;
- if (!gbTarget.equals((String)samlAttribute.getValue())) {
- throw new ValidateException("validator.13", null);
- }
- } else {
- throw new ValidateException("validator.12", null);
- }
- }
+ // check the first attribute ("Geschaeftsbereich" or "wbPK")
+ samlAttribute = samlAttributes[0];
+ if (businessService) {
+ if (!samlAttribute.getName().equals("wbPK")) {
+ if (samlAttribute.getName().equals("Geschaeftsbereich")) {
+ throw new ValidateException("validator.26", null);
+ } else {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
+ }
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundWBPK = true;
+ try {
+ Element attrValue = (Element)samlAttribute.getValue();
+ String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
+ String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
+ if (!value.equals(identityLink.getIdentificationValue())) {
+ throw new ValidateException("validator.28", null);
+ }
+ if (!type.equals(identityLink.getIdentificationType())) {
+ throw new ValidateException("validator.28", null);
+ }
+ } catch (Exception ex) {
+ throw new ValidateException("validator.29", null);
+ }
+ } else {
+ throw new ValidateException("validator.30", null);
+ }
+ } else {
+ if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
+ if (samlAttribute.getName().equals("wbPK")) {
+ throw new ValidateException("validator.26", null);
+ } else {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
+ }
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundGB = true;
+ //BZ..
+ gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")";
+ //..BZ
+ if (!gbTarget.equals((String)samlAttribute.getValue())) {
+ throw new ValidateException("validator.13", null);
+ }
+ } else {
+ throw new ValidateException("validator.12", null);
+ }
+ }
} else {
- offset--;
+ offset--;
}
// check the second attribute (must be "OA")
@@ -234,11 +238,11 @@ public class CreateXMLSignatureResponseValidator {
Object actualValue = samlAttribute.getValue();
try {
if (expectedValue instanceof String) {
- // replace \r\n because text might be base64-encoded
- String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
- expValue = StringUtils.replaceAll(expValue,"\n","");
- String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
- actValue = StringUtils.replaceAll(actValue,"\n","");
+ // replace \r\n because text might be base64-encoded
+ String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
+ expValue = StringUtils.replaceAll(expValue,"\n","");
+ String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
+ actValue = StringUtils.replaceAll(actValue,"\n","");
if (!expValue.equals(actValue)) {
throw new ValidateException(
"validator.38",
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
new file mode 100644
index 000000000..6448f9392
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway GetIdentityLink Response.
+ *
+ */
+public class CreateIdentityLinkResponse {
+
+ private Element assertion;
+
+ public Element getAssertion() {
+ return assertion;
+ }
+
+ public void setAssertion(Element assertion) {
+ this.assertion = assertion;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index 6c367594b..0c84a9b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -16,20 +16,20 @@
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.logging.Logger;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.logging.Logger;
/**
@@ -41,7 +41,6 @@ import at.gv.egovernment.moa.logging.Logger;
* <li>Detailed Request</li>
* </ol>
*
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class SZRGWClient {
/**
@@ -136,6 +135,110 @@ public class SZRGWClient {
//e.printStackTrace();
throw new SZRGWClientException(e);
}
+ }
+
+ /**
+ * Gets a identity link.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException {
+
+ Logger.info("Connecting to SZR-gateway.");
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+
+ //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+ client.executeMethod(method);
+ CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
+
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+ //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+
+ //check if errorresponse
+ boolean isError = checkErrorResponse(doc.getDocumentElement());
+
+ if (isError) {
+ String error = getErrorCodeandMessage(doc.getDocumentElement());
+ throw new SZRGWClientException(error);
+ }
+ else {
+ response.setAssertion(doc.getDocumentElement());
+ }
+
+ return response;
+ } catch(Exception e) {
+ e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+
+ }
+
+ /**
+ * Returns an errorstring containing errorcode and info from SZR-GW error response
+ * @param element
+ * @return
+ */
+ private String getErrorCodeandMessage(Element element) {
+ String error = "Fehler im SZR-Gateway: ";
+
+ String code = "";
+ NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorCode");
+ for (int i = 0; i < list.getLength(); i++) {
+ Element elem = (Element)list.item(i);
+ code += elem.getTextContent() + "/";
+ }
+
+ String info = "";
+ list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
+ for (int i = 0; i < list.getLength(); i++) {
+ Element elem = (Element)list.item(i);
+ info += elem.getTextContent() + "/";
+ }
+
+ error += code + " " + info;
+ return error;
+ }
+
+ /**
+ * Checks if response from SZR-GW is errorresponse or not
+ * @param element
+ * @return
+ */
+ private boolean checkErrorResponse(Element element) {
+
+ NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
+
+ if (list.getLength() == 0)
+ return false;
+ else
+ return true;
}
/*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index d22fef5e7..7cc33ca52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -98,7 +98,7 @@ public class ConfigurationBuilder {
protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL";
/** an XPATH-Expression */
- public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
+ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
/** an XPATH-Expression */
protected static final String AUTH_MOA_SP_XPATH =
@@ -122,6 +122,12 @@ public class ConfigurationBuilder {
ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
/** an XPATH-Expression */
+ public static final String AUTH_FOREIGN_IDENTITIES_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities";
+
+
+
+ /** an XPATH-Expression */
protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
/** an XPATH-Expression */
protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
@@ -182,10 +188,10 @@ public class ConfigurationBuilder {
- /**
- * main configuration file directory name used to configure MOA-ID
- */
- protected String rootConfigFileDir_;
+ /**
+ * main configuration file directory name used to configure MOA-ID
+ */
+ protected String rootConfigFileDir_;
/** The root element of the MOA-ID configuration */
protected Element configElem_;
@@ -220,6 +226,18 @@ public class ConfigurationBuilder {
if (authBKU==null) return null;
return buildConnectionParameter(authBKU);
}
+
+ /**
+ * Build a ConnectionParameter containing all information
+ * of the foreignid element in the authentication component
+ * @return ConnectionParameter of the authentication component foreignid element
+ */
+ public ConnectionParameter buildForeignIDConnectionParameter() {
+ Element foreignid = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_XPATH);
+ if (foreignid==null) return null;
+ return buildConnectionParameter(foreignid);
+
+ }
/**
* Method buildAuthBKUSelectionType.
@@ -407,7 +425,7 @@ public class ConfigurationBuilder {
{
String bkuSelectionTemplateURL =
- XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
+ XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
String templateURL =
XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
String inputProcessorSignTemplateURL =
@@ -425,6 +443,7 @@ public class ConfigurationBuilder {
String publicURLPrefix = oAElem.getAttribute("publicURLPrefix");
oap.setPublicURLPrefix(publicURLPrefix);
oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
+ oap.setFriendlyName(oAElem.getAttribute("friendlyName"));
// get the type of the online application
String oaType = oAElem.getAttribute("type");
@@ -447,12 +466,15 @@ public class ConfigurationBuilder {
throw new ConfigurationException("config.02", null);
}
if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) {
- oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
+ oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
+ //BZ.., setting type of IdLinkDomainIdentifier
+ oap.setIdentityLinkDomainIdentifierType(identificationNumberChild.getLocalName());
+ //..BZ
} else {
- // If we have business service and want to dealt with GDA, the security layer can be advised to calulate
- // the Health Professional Identifier HPI instead of the wbPK
+ // If we have business service and want to dealt with GDA, the security layer can be advised to calulate
+ // the Health Professional Identifier HPI instead of the wbPK
Logger.info("OA uses HPI for Identification");
- oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
+ oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
}
// if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file
@@ -514,7 +536,7 @@ public class ConfigurationBuilder {
protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) {
String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL);
if (templateURL != null) {
- templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
+ templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
}
return templateURL;
}
@@ -533,7 +555,7 @@ public class ConfigurationBuilder {
XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
- result.getAcceptedServerCertificates(), rootConfigFileDir_));
+ result.getAcceptedServerCertificates(), rootConfigFileDir_));
result.setUrl(
XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
@@ -541,10 +563,10 @@ public class ConfigurationBuilder {
XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
result.setClientKeyStore(FileUtils.makeAbsoluteURL(
- result.getClientKeyStore(), rootConfigFileDir_));
+ result.getClientKeyStore(), rootConfigFileDir_));
result.setClientKeyStorePassword(
- XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
+ XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
if ((result.getAcceptedServerCertificates()==null)
&& (result.getUrl()=="")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index 9193a591e..a61a3de97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -118,4 +118,13 @@ public class ConnectionParameter {
this.clientKeyStorePassword = clientKeyStorePassword;
}
+ public String toString() {
+ String s = "* ConnectionParameter *\n";
+ s += "URL: " + url + "\n";
+ s += "acceptedServerCertificates: " + acceptedServerCertificates + "\n";
+ s += "clientKeyStore: " + clientKeyStore + "\n";
+ s += "clientKeyStorePassword: " + clientKeyStorePassword;
+
+ return s;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index b55164eed..f5aa9225a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -41,6 +41,11 @@ public class OAParameter {
private String publicURLPrefix;
/**
+ * specifies a human readable name of the Online Application
+ */
+ private String friendlyName;
+
+ /**
* Returns the type of the online application.
* @return the type of the online application.
*/
@@ -87,5 +92,24 @@ public class OAParameter {
public void setPublicURLPrefix(String publicURLPrefix) {
this.publicURLPrefix = publicURLPrefix;
}
+
+
+ /**
+ * Gets the friendly name of the OA
+ * @return Friendly Name of the OA
+ */
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ /**
+ * Sets the friendly name of the OA
+ * @param friendlyName
+ */
+ public void setFriendlyName(String friendlyName) {
+ this.friendlyName = friendlyName;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
new file mode 100644
index 000000000..af28be56a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
@@ -0,0 +1,67 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class TargetToSectorNameMapper implements TargetsAndSectorNames {
+
+ private static Map targetMap = new HashMap(41);
+
+ static {
+ targetMap.put(TARGET_AR, TARGET_AR_SECTOR);
+ targetMap.put(TARGET_AS, TARGET_AS_SECTOR);
+ targetMap.put(TARGET_BF, TARGET_BF_SECTOR);
+ targetMap.put(TARGET_BR, TARGET_BR_SECTOR);
+ targetMap.put(TARGET_BW, TARGET_BW_SECTOR);
+ targetMap.put(TARGET_EA, TARGET_EA_SECTOR);
+ targetMap.put(TARGET_EF, TARGET_EF_SECTOR);
+ targetMap.put(TARGET_GH, TARGET_GH_SECTOR);
+ targetMap.put(TARGET_GS, TARGET_GS_SECTOR);
+ targetMap.put(TARGET_GS_RE, TARGET_GS_RE_SECTOR);
+ targetMap.put(TARGET_HR, TARGET_HR_SECTOR);
+ targetMap.put(TARGET_JR, TARGET_JR_SECTOR);
+ targetMap.put(TARGET_KI, TARGET_KI_SECTOR);
+ targetMap.put(TARGET_KL, TARGET_KL_SECTOR);
+ targetMap.put(TARGET_KU, TARGET_KU_SECTOR);
+ targetMap.put(TARGET_LF, TARGET_LF_SECTOR);
+ targetMap.put(TARGET_LV, TARGET_LV_SECTOR);
+ targetMap.put(TARGET_OI, TARGET_OI_SECTOR);
+ targetMap.put(TARGET_PV, TARGET_PV_SECTOR);
+ targetMap.put(TARGET_RD, TARGET_RD_SECTOR);
+ targetMap.put(TARGET_RT, TARGET_RT_SECTOR);
+ targetMap.put(TARGET_SA, TARGET_SA_SECTOR);
+ targetMap.put(TARGET_SF, TARGET_SF_SECTOR);
+ targetMap.put(TARGET_SO, TARGET_SO_SECTOR);
+ targetMap.put(TARGET_SO_VR, TARGET_SO_VR_SECTOR);
+ targetMap.put(TARGET_SR_RG, TARGET_SR_RG_SECTOR);
+ targetMap.put(TARGET_SV, TARGET_SV_SECTOR);
+ targetMap.put(TARGET_UW, TARGET_UW_SECTOR);
+ targetMap.put(TARGET_VT, TARGET_VT_SECTOR);
+ targetMap.put(TARGET_VV, TARGET_VV_SECTOR);
+ targetMap.put(TARGET_WT, TARGET_WT_SECTOR);
+ targetMap.put(TARGET_ZP, TARGET_ZP_SECTOR);
+ targetMap.put(TARGET_BR, TARGET_BR_SECTOR);
+ targetMap.put(TARGET_HR, TARGET_HR_SECTOR);
+ targetMap.put(TARGET_KI, TARGET_KI_SECTOR);
+ targetMap.put(TARGET_OI, TARGET_OI_SECTOR);
+ targetMap.put(TARGET_PV, TARGET_PV_SECTOR);
+ targetMap.put(TARGET_RD, TARGET_RD_SECTOR);
+ targetMap.put(TARGET_VS, TARGET_VS_SECTOR);
+ targetMap.put(TARGET_VS_RG, TARGET_VS_RG_SECTOR);
+ targetMap.put(TARGET_ZU, TARGET_ZU_SECTOR);
+
+ }
+
+ public static String getSectorNameViaTarget(String target) {
+
+ return targetMap.get(target) != null ? (String) targetMap.get(target) : "";
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
new file mode 100644
index 000000000..c30e7b2b6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
@@ -0,0 +1,194 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * This interface contains all actual possible targets in Austria (shortcuts and friendly names)
+ * Bereichskennung and Tätigkeitsbereich
+ * @author bzwattendorfer
+ *
+ */
+public interface TargetsAndSectorNames {
+
+ /** Bereichskennung AR */
+ public static String TARGET_AR = "AR";
+ /** Tätigkeitsbereich AR */
+ public static String TARGET_AR_SECTOR = "Arbeit";
+
+ /** Bereichskennung AS */
+ public static String TARGET_AS = "AS";
+ /** Tätigkeitsbereich AS */
+ public static String TARGET_AS_SECTOR = "Amtliche Statistik";
+
+ /** Bereichskennung BF */
+ public static String TARGET_BF = "BF";
+ /** Tätigkeitsbereich BF */
+ public static String TARGET_BF_SECTOR = "Bildung und Forschung";
+
+ /** Bereichskennung BW */
+ public static String TARGET_BW = "BW";
+ /** Tätigkeitsbereich BW */
+ public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
+
+ /** Bereichskennung EA */
+ public static String TARGET_EA = "EA";
+ /** Tätigkeitsbereich EA */
+ public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+
+ /** Bereichskennung EF */
+ public static String TARGET_EF = "EF";
+ /** Tätigkeitsbereich EF */
+ public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
+
+ /** Bereichskennung GH */
+ public static String TARGET_GH = "GH";
+ /** Tätigkeitsbereich GH */
+ public static String TARGET_GH_SECTOR = "Gesundheit";
+
+ /** Bereichskennung GS */
+ public static String TARGET_GS = "GS";
+ /** Tätigkeitsbereich GS */
+ public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
+
+ /** Bereichskennung GS-RE */
+ public static String TARGET_GS_RE = "GS-RE";
+ /** Tätigkeitsbereich GS-RE */
+ public static String TARGET_GS_RE_SECTOR = "Restitution";
+
+ /** Bereichskennung JR */
+ public static String TARGET_JR = "JR";
+ /** Tätigkeitsbereich JR */
+ public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
+
+ /** Bereichskennung KL */
+ public static String TARGET_KL = "KL";
+ /** Tätigkeitsbereich KL */
+ public static String TARGET_KL_SECTOR = "Kultus";
+
+ /** Bereichskennung KU */
+ public static String TARGET_KU = "KU";
+ /** Tätigkeitsbereich KU */
+ public static String TARGET_KU_SECTOR = "Kunst und Kultur";
+
+ /** Bereichskennung LF */
+ public static String TARGET_LF = "LF";
+ /** Tätigkeitsbereich LF */
+ public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
+
+ /** Bereichskennung LV */
+ public static String TARGET_LV = "LV";
+ /** Tätigkeitsbereich LV */
+ public static String TARGET_LV_SECTOR = "Landesverteidigung";
+
+ /** Bereichskennung RT */
+ public static String TARGET_RT = "RT";
+ /** Tätigkeitsbereich RT */
+ public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
+ "Medien sowie Telekommunikation";
+
+ /** Bereichskennung SA */
+ public static String TARGET_SA = "SA";
+ /** Tätigkeitsbereich SA */
+ public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
+
+ /** Bereichskennung SF */
+ public static String TARGET_SF = "SF";
+ /** Tätigkeitsbereich SF */
+ public static String TARGET_SF_SECTOR = "Sport und Freizeit";
+
+ /** Bereichskennung SO */
+ public static String TARGET_SO = "SO";
+ /** Tätigkeitsbereich SO */
+ public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
+
+ /** Bereichskennung SO-VR */
+ public static String TARGET_SO_VR = "SO-VR";
+ /** Tätigkeitsbereich SO-VR */
+ public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
+
+ /** Bereichskennung SR-RG */
+ public static String TARGET_SR_RG = "SR-RG";
+ /** Tätigkeitsbereich SR-RG */
+ public static String TARGET_SR_RG_SECTOR = "Strafregister";
+
+ /** Bereichskennung SV */
+ public static String TARGET_SV = "SV";
+ /** Tätigkeitsbereich SV */
+ public static String TARGET_SV_SECTOR = "Sozialversicherung";
+
+ /** Bereichskennung UW */
+ public static String TARGET_UW = "UW";
+ /** Tätigkeitsbereich UW */
+ public static String TARGET_UW_SECTOR = "Umwelt";
+
+ /** Bereichskennung VT */
+ public static String TARGET_VT = "VT";
+ /** Tätigkeitsbereich VT */
+ public static String TARGET_VT_SECTOR = "Verkehr und Technik";
+
+ /** Bereichskennung VV */
+ public static String TARGET_VV = "VV";
+ /** Tätigkeitsbereich VV */
+ public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+
+ /** Bereichskennung WT */
+ public static String TARGET_WT = "WT";
+ /** Tätigkeitsbereich WT */
+ public static String TARGET_WT_SECTOR = "Wirtschaft";
+
+ /** Bereichskennung ZP */
+ public static String TARGET_ZP = "ZP";
+ /** Tätigkeitsbereich ZP */
+ public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+
+ /** Bereichskennung BR */
+ public static String TARGET_BR = "BR";
+ /** Tätigkeitsbereich BR */
+ public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+
+ /** Bereichskennung HR */
+ public static String TARGET_HR = "HR";
+ /** Tätigkeitsbereich HR */
+ public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
+
+ /** Bereichskennung KI */
+ public static String TARGET_KI = "KI";
+ /** Tätigkeitsbereich KI */
+ public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
+
+ /** Bereichskennung OI */
+ public static String TARGET_OI = "OI";
+ /** Tätigkeitsbereich OI */
+ public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+
+ /** Bereichskennung PV */
+ public static String TARGET_PV = "PV";
+ /** Tätigkeitsbereich PV */
+ public static String TARGET_PV_SECTOR = "Personalverwaltung";
+
+ /** Bereichskennung RD */
+ public static String TARGET_RD = "RD";
+ /** Tätigkeitsbereich RD */
+ public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
+
+ /** Bereichskennung VS */
+ public static String TARGET_VS = "VS";
+ /** Tätigkeitsbereich VS */
+ public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+
+ /** Bereichskennung VS-RG */
+ public static String TARGET_VS_RG = "VS-RG";
+ /** Tätigkeitsbereich VS-RG */
+ public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
+
+ /** Bereichskennung ZU */
+ public static String TARGET_ZU = "ZU";
+ /** Tätigkeitsbereich ZU */
+ public static String TARGET_ZU_SECTOR = "Zustellungen";
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index fc988f161..a25bc1af5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -119,6 +119,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* parameters for connection to MOA SP component
*/
private ConnectionParameter moaSpConnectionParameter;
+
+
/**
* trust profile ID to be used for verifying the identity link signature via MOA ID SP
*/
@@ -157,6 +159,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
*/
private ConnectionParameter bKUConnectionParameter;
+ /**
+ * parameter for connection to SZR-GW GetIdentityLink
+ */
+ private ConnectionParameter foreignIDConnectionParameter;
+
/**
* Return the single instance of configuration data.
*
@@ -256,6 +263,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
defaultVerifyInfoboxParameters =
builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
}
+
+
+ foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
defaultChainingMode = builder.getDefaultChainingMode();
@@ -368,6 +378,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
public ConnectionParameter getMoaSpConnectionParameter() {
return moaSpConnectionParameter;
}
+
+ /**
+ * Return a ConnectionParameter bean containing all information
+ * of the authentication component foreigid element
+ * @return ConnectionParameter of the authentication component foreignid element
+ */
+ public ConnectionParameter getForeignIDConnectionParameter() {
+ return foreignIDConnectionParameter;
+ }
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c095d9fc1..c352fae6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -46,26 +46,26 @@ public class OAAuthParameter extends OAParameter {
* security layer as input for wbPK computation
*/
private String identityLinkDomainIdentifier;
- /**
- * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
- */
+ /**
+ * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
+ */
private String keyBoxIdentifier;
/**
* transformations for rendering in the secure viewer of the security layer
* implementation; multiple transformation can be given for different mime types
*/
private String[] transformsInfos;
- /**
- * determines whether "Stammzahl" is to be included in the authentication data
- */
+ /**
+ * determines whether "Stammzahl" is to be included in the authentication data
+ */
private boolean provideStammzahl;
- /**
- * determines whether AUTH block is to be included in the authentication data
- */
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
private boolean provideAuthBlock;
- /**
- * determines whether identity link is to be included in the authentication data
- */
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
private boolean provideIdentityLink;
/**
* determines whether the certificate is to be included in the authentication data
@@ -89,6 +89,12 @@ public class OAAuthParameter extends OAParameter {
private VerifyInfoboxParameters verifyInfoboxParameters;
/**
+ * BZ
+ * Type for authentication number (e.g. Firmenbuchnummer)
+ */
+ private String identityLinkDomainIdentifierType;
+
+ /**
* Returns <code>true</code> if the Security Layer version is version 1.2,
* otherwise <code>false</code>.
* @return <code>true</code> if the Security Layer version is version 1.2,
@@ -156,13 +162,13 @@ public class OAAuthParameter extends OAParameter {
return provideCertificate;
}
- /**
- * Returns the key box identifier.
- * @return String
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
+ /**
+ * Returns the key box identifier.
+ * @return String
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
/**
* Returns the BkuSelectionTemplate url.
@@ -259,31 +265,31 @@ public class OAAuthParameter extends OAParameter {
this.provideCertificate = provideCertificate;
}
- /**
- * Sets the key box identifier.
- * @param keyBoxIdentifier to set
- */
- public void setKeyBoxIdentier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
+ /**
+ * Sets the key box identifier.
+ * @param keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
/**
* Sets the BkuSelectionTemplate url.
* @param bkuSelectionTemplateURL The url string specifying the location
* of a BkuSelectionTemplate.
*/
- public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
- this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
- }
+ public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
+ this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
+ }
/**
* Sets the Template url.
* @param templateURL The url string specifying the location
* of a Template.
*/
- public void setTemplateURL(String templateURL) {
- this.templateURL = templateURL;
- }
+ public void setTemplateURL(String templateURL) {
+ this.templateURL = templateURL;
+ }
/**
* Sets the input processor sign form template url.
@@ -303,5 +309,21 @@ public class OAAuthParameter extends OAParameter {
public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
this.verifyInfoboxParameters = verifyInfoboxParameters;
}
+
+ /**
+ * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ */
+ public String getIdentityLinkDomainIdentifierType() {
+ return identityLinkDomainIdentifierType;
+ }
+
+ /**
+ * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+ * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
+ */
+ public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
+ this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 7f0dfe509..b8b53e7f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -103,7 +103,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
httpsConn.setSSLSocketFactory(sslSocketFactory);
if (cbDisableHostnameVerification)
- httpsConn.setHostnameVerifier(new HostnameNonVerifier());
+ httpsConn.setHostnameVerifier(new HostnameNonVerifier());
}
return conn;
@@ -163,7 +163,6 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
return true;
}
-
/**
* @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index d13a6829c..badee38ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -36,8 +36,9 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
/**
* Constructor
*/
- public DefaultLoginParameterResolver() {
- }
+ //public DefaultLoginParameterResolver() {
+ //}
+ //@TODO: Änderung von 1.4.4
/**
* Configuration mehtod (not used)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
index 6810c9223..f3527055d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -119,7 +119,8 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
String parameter[] = new String[2];
for (Iterator iter = parameters.iterator(); iter.hasNext();) {
- parameter = (String[]) iter.next();
+ parameter = (String[]) iter.next();
+
if(query.indexOf(parameter[0]) >= 0) iter.remove();
}
}
@@ -253,6 +254,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
*/
//JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
+
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
index 4af2561b2..7e27082a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -162,13 +162,14 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
// JSSE Abhängigkeit
private class HostnameNonVerifier implements HostnameVerifier {
- /**
- * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
- */
+
public boolean verify(String hostname, SSLSession session) {
return true;
}
+ /**
+ * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
+ */
// public boolean verify(String arg0, String arg1) {
// return true;
// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index b986d7c2c..0cd0a0b7a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -117,6 +117,7 @@ public class ProxyServlet extends HttpServlet {
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Logger.debug("getRequestURL:" + req.getRequestURL().toString());
+ //@TODO Parameter
try {
if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
// check if SAML Artifact was already used in this session (in case of page reload)
@@ -175,7 +176,8 @@ public class ProxyServlet extends HttpServlet {
String binding = "";
if (session.getAttribute(ATT_BROWSERREQU)==null) {
-
+
+ //@TODO Parameter
samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
// String target = req.getParameter(PARAM_TARGET); parameter given but not processed
@@ -496,7 +498,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
Vector parameters = new Vector();
-
+//@TODO Parameter
for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
String paramName = (String) enu.nextElement();
if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
new file mode 100644
index 000000000..684291c59
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -0,0 +1,158 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+
+public class ParamValidatorUtils {
+
+ /**
+ * Checks if the given target is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidTarget(String target) {
+
+ // if non parameter is given return true
+ if (target == null)
+ return true;
+
+ Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
+ Matcher matcher = pattern.matcher(target);
+ return matcher.matches();
+ }
+
+ /**
+ * Checks if the given bkuURI is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidBKUURI(String bkuURI) {
+
+ // if non parameter is given return true
+ if (bkuURI == null)
+ return true;
+
+ // check if bkuURI is a valid URL
+ try {
+ new URL(bkuURI);
+ return true;
+ } catch (MalformedURLException e) {
+ return false;
+ }
+ }
+
+ /**
+ * Checks if the given template is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidTemplate(String template) {
+
+ // if non parameter is given return true
+ if (template == null)
+ return true;
+
+ // check if template is a valid URL
+ try {
+ new URL(template);
+ return true;
+ } catch (MalformedURLException e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ /**
+ * Checks if the given template is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSessionID(String sessionID) {
+
+ // if non parameter is given return true
+ if (sessionID == null)
+ return true;
+
+ Pattern pattern = Pattern.compile("[0-9-]*");
+ Matcher matcher = pattern.matcher(sessionID);
+ return matcher.matches();
+
+
+ }
+
+ /**
+ * Checks if the given oa is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidOA(String oa) {
+
+ // if non parameter is given return true
+ if (oa == null)
+ return true;
+
+ // check if oa is a valid URL
+ try {
+ new URL(oa);
+ return true;
+ } catch (MalformedURLException e) {
+ return false;
+ }
+ }
+
+ /**
+ * Checks if <BKU>, <XMLRequest>, <DataURL>, <CertInfoXMLRequest>,
+ * <CertInfoDataURL> placeholders are contained in the given string.
+ * The placeholder <PushInfobox> is not checked, as it is only required,
+ * if other infoboxes as identity link will be treated.
+ * @param data
+ * @return
+ */
+ private static boolean checkPlaceHolders(String data) {
+
+ boolean bku = data.contains("<BKU>");
+ boolean xmlrequest = data.contains("<XMLRequest>");
+ boolean dataurl = data.contains("<DataURL>");
+ boolean certinfoxmlrequest = data.contains("<CertInfoXMLRequest>");
+ boolean certinfodataurl = data.contains("<CertInfoDataURL>");
+
+ System.out.println("Check Data: ");
+ System.out.println("bku: " + bku);
+ System.out.println("xmlrequest: " + xmlrequest);
+ System.out.println("dataurl: " + dataurl);
+ System.out.println("certinfoxmlrequest: " + certinfoxmlrequest);
+ System.out.println("certinfodataurl: " + certinfodataurl);
+
+
+ //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl;
+ return true;
+
+ }
+
+
+ /**
+ * Converts an input stream to a string
+ * @param is
+ * @return
+ * @throws Exception
+ */
+ private static String convertStreamToString(InputStream is) throws Exception {
+ BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+ StringBuilder sb = new StringBuilder();
+ String line = null;
+ while ((line = reader.readLine()) != null) {
+ sb.append(line);
+ }
+ is.close();
+ return sb.toString();
+ }
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index e287e7118..8799082b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -69,10 +69,10 @@ public class SSLUtils {
*/
public static void initialize() {
sslSocketFactories = new HashMap();
- // JSSE Abhängigkeit
- //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- Security.addProvider(new IAIK());
- //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ // JSSE Abhängigkeit
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ //Security.addProvider(new IAIK());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 7fa3fe8f0..1915ce40a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -73,6 +73,35 @@ public class ServletUtils {
Logger.debug("REDIRECT TO: " + redirectURL);
}
+ }
+ /**
+ * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
+ * depending on the requests starting text.
+ *
+ * @param resp The httpServletResponse
+ * @param session The current AuthenticationSession
+ * @param createXMLSignatureRequestOrRedirect The request
+ * @param servletGoal The servlet to which the redirect should happen
+ * @param servletName The servlet name for debug purposes
+ * @throws MOAIDException
+ * @throws IOException
+ */
+ public static void writeCreateXMLSignatureRequest(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
+ throws MOAIDException,
+ IOException
+ {
+ resp.setStatus(307);
+ resp.addHeader("Location", dataURL);
+
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST " + servletName);
+
}
}