aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-01-27 16:27:02 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-01-27 16:27:02 +0100
commitcea2f395ec773b386ec628d60120752cf320f6b6 (patch)
tree2145dbbe25f0b4f99c89e60834176ea8fa1d435c /id/server/idserverlib/src/main/java/at/gv/egovernment
parent653fd79254188db598c0b980640fab912c9e39f7 (diff)
downloadmoa-id-spss-cea2f395ec773b386ec628d60120752cf320f6b6.tar.gz
moa-id-spss-cea2f395ec773b386ec628d60120752cf320f6b6.tar.bz2
moa-id-spss-cea2f395ec773b386ec628d60120752cf320f6b6.zip
add PVP2 Demo Application
change SZRGWClient to JAXWs
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java109
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java8
6 files changed, 192 insertions, 42 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index af23d4c78..278f93f14 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -54,6 +54,7 @@ import org.apache.xpath.XPathAPI;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
+import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -95,10 +96,12 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.client.SZRGWClient;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -125,6 +128,8 @@ import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
@@ -1689,58 +1694,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return Identity link assertion
* @throws SZRGWClientException
*/
- public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+ public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse
+ getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
- SZRGWClient client = new SZRGWClient();
+ SZRGWClient client = null;
- try {
+ try {
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (GeneralSecurityException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (PKIException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- }
- }
+ client = new SZRGWClient(connectionParameters);
+
+
+ CreateIdentityLinkRequest request = new CreateIdentityLinkRequest();
+ request.setSignature(DOMUtils.serializeNode(signature).getBytes());
+
+ CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());
+
+
+
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// try {
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// } catch (IOException e) {
+// Logger.error("Could not initialize SSL Factory", e);
+// throw new SZRGWClientException("Could not initialize SSL Factory");
+// } catch (GeneralSecurityException e) {
+// Logger.error("Could not initialize SSL Factory", e);
+// throw new SZRGWClientException("Could not initialize SSL Factory");
+// } catch (PKIException e) {
+// Logger.error("Could not initialize SSL Factory", e);
+// throw new SZRGWClientException("Could not initialize SSL Factory");
+// }
+// }
Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
}
catch (ConfigurationException e) {
Logger.warn(e);
Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
- }
+ } catch (TransformerException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
- // create request
- CreateIdentityLinkResponse response = null;
- Element request = null;
- try {
- Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
- request = doc.getDocumentElement();
-
- // send request
- response = client.createIdentityLinkResponse(request);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- try {
- response = client.createIdentityLinkResponse(request);
- }
- catch (SZRGWClientException e1) {
- throw new SZRGWClientException(e1);
- }
- }
+// // create request
+// CreateIdentityLinkResponse response = null;
+// Element request = null;
+// try {
+// Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
+// request = doc.getDocumentElement();
+//
+// // send request
+// response = client.createIdentityLinkResponse(request, connectionParameters.getUrl());
+//
+//
+//
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+//// try {
+//// response = client.createIdentityLinkResponse(request);
+//// }
+//// catch (SZRGWClientException e1) {
+//// throw new SZRGWClientException(e1);
+//// }
+// }
- return response;
+ return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index a87e9a8c0..a6e595239 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -351,6 +351,9 @@ public class STORKResponseProcessor {
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ } catch (at.gv.egovernment.moa.id.client.SZRGWClientException e) {
+ Logger.error("Error connecting SZR-Gateway: ", e);
+ throw new STORKException("Error connecting SZR-Gateway: ", e);
}
return identityLink;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java
new file mode 100644
index 000000000..a4fe4ab7b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.client;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+
+public class LaxHostNameVerifier implements HostnameVerifier {
+
+ /*
+ * (non-Javadoc)
+ * @see javax.net.ssl.HostnameVerifier#verify(java.lang.String, javax.net.ssl.SSLSession)
+ */
+ public boolean verify(String arg0, SSLSession arg1) {
+ return true;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
new file mode 100644
index 000000000..37c2ebae0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
@@ -0,0 +1,81 @@
+package at.gv.egovernment.moa.id.client;
+
+import java.net.URL;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.xml.namespace.QName;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.wsdl.szrgw.SZRGWService;
+import at.gv.util.wsdl.szrgw.SZRGWType;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+
+import com.sun.xml.ws.developer.JAXWSProperties;
+import javax.xml.ws.BindingProvider;
+
+public class SZRGWClient {
+
+ private SSLSocketFactory sslContext = null;
+
+ public SZRGWClient(ConnectionParameter szrgwconnection) throws SZRGWClientException {
+ initial(szrgwconnection);
+ }
+
+ public CreateIdentityLinkResponse sentCreateIDLRequest(CreateIdentityLinkRequest request, String serviceUrl) throws SZRGWClientException {
+ MiscUtil.assertNotNull(request, "createIDLRequest");
+ MiscUtil.assertNotNull(serviceUrl, "serviceURL");
+
+ URL url = SZRGWClient.class.getResource("/resources/wsdl/szrgw/szrgw.wsdl");
+ SZRGWService service = new SZRGWService(url, new QName("http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", "SZRGWService"));
+ SZRGWType port = service.getSZRGWPort();
+
+
+
+
+ BindingProvider bindingProvider = (BindingProvider) port;
+ Map<String, Object> requestContext = bindingProvider.getRequestContext();
+ requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl);
+
+
+ // check for ssl
+ if (serviceUrl.toLowerCase().startsWith("https")) {
+ Logger.trace("Using ssl for SZRGW client request.");
+ if (sslContext == null) {
+ throw new SZRGWClientException("SSL context from configuration is empty. Please configure an SSL context in the configuration first.", null);
+ }
+
+ requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext);
+
+ // check for lax hostname
+ if (true) {
+ Logger.trace("LaxHostnameVerifier enabled. This setting is not recommended to use.");
+ requestContext.put(JAXWSProperties.HOSTNAME_VERIFIER, new LaxHostNameVerifier());
+ }
+ }
+
+
+ return port.szrgwOperation(request);
+
+ }
+
+
+ private void initial(ConnectionParameter szrgwconnection) throws at.gv.egovernment.moa.id.client.SZRGWClientException{
+ try {
+ sslContext = SSLUtils.getSSLSocketFactory(
+ AuthConfigurationProvider.getInstance(),
+ szrgwconnection);
+
+ } catch (Exception e) {
+ Logger.warn("SZRGW Client initialization FAILED.", e);
+ throw new SZRGWClientException("SZRGW Client initialization FAILED.", null);
+
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
new file mode 100644
index 000000000..4eb268ce9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.client;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+
+public class SZRGWClientException extends MOAIDException{
+
+ private static final long serialVersionUID = 1L;
+
+ public SZRGWClientException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public SZRGWClientException(SZRGWClientException e1) {
+ super("", null, e1);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 1c7b1c718..c80dbf321 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -27,9 +27,12 @@ import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.signature.impl.KeyInfoBuilder;
import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -83,6 +86,11 @@ public class MetadataAction implements IAction {
Signature signature = CredentialProvider
.getIDPSignature(metadataSigningCredential);
+// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
+// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
+// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
+// signature.setKeyInfo(metadataKeyInfo );
+
idpEntitiesDescriptor.setSignature(signature);
IDPSSODescriptor idpSSODescriptor = SAML2Utils