Merge branch 'moa2_0_tlenz' of https://gitlab.iaik.tugraz.at/afitzek/moa-idspss into moa2_0_tlenz

Conflicts: id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-05 09:46:38 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-05 09:46:38 +0200
commit: e3667b6ccf1ae70a8c93b0af7a5bcf505831b073 (patch)
tree: 85f74fd2bcf1745dfc8537db7c5c7d2468b46a75 /id/server/idserverlib/src/main/java/at/gv/egovernment
parent: cf5cf7c5baa823329d38e764ea53efe8f291d367 (diff)
parent: eb33e9afb53314c8ab1e0854c587a808e8605fad (diff)
download: moa-id-spss-e3667b6ccf1ae70a8c93b0af7a5bcf505831b073.tar.gz
moa-id-spss-e3667b6ccf1ae70a8c93b0af7a5bcf505831b073.tar.bz2
moa-id-spss-e3667b6ccf1ae70a8c93b0af7a5bcf505831b073.zip
6 files changed, 99 insertions, 14 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 89adbce3f..ff2cee559 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2301,9 +2301,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		
 		try {
 			
-			//TODO: resign the IdentityLink!!!
-			
-			
 			if (session.getUseMandate() && session.isOW()) {
 				MISMandate mandate = session.getMISMandate();
 				authData.setBPK(mandate.getOWbPK());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index 6004f251f..1624a59c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -25,10 +25,13 @@
 package at.gv.egovernment.moa.id.auth.parser;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.xml.transform.TransformerException;
+
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
@@ -157,6 +160,7 @@ public class CreateXMLSignatureResponseParser {
       Element dsigSignatureNode = (Element) list.item(0);
       
       Element dsigSignatureElement = (Element) dsigSignatureNode;
+      
       cResp.setDsigSignature(dsigSignatureElement);
     }
     catch (Throwable t) {
@@ -201,6 +205,11 @@ public class CreateXMLSignatureResponseParser {
       SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
       samlAttributes.toArray(result);
       cResp.setSamlAttributes(result);
+      
+      NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+      Element dsigSignatureNode = (Element) list.item(0); 
+      cResp.setDsigSignature(dsigSignatureNode);
+      
     }
     catch (Throwable t) {
       throw new ParseException("parser.01", new Object[] { t.toString()}, t);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 4ddad2429..2c957603b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -151,6 +151,8 @@ public class VerifyXMLSignatureResponseParser {
     VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
 
     try {
+    	
+      String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
       respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
       Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
       respData.setQualifiedCertificate(e!=null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index d0fb1f87f..b2ef2d000 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -24,9 +24,14 @@
 
 package at.gv.egovernment.moa.id.auth.validator;
 
+import java.util.Calendar;
+import java.util.GregorianCalendar;
 import java.util.Iterator;
 import java.util.List;
 
+import javax.xml.bind.DatatypeConverter;
+
+import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -59,11 +64,25 @@ public class CreateXMLSignatureResponseValidator {
   /** Xpath expression to the dsig:Signature element */
   private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
   
-  //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
-     
+  private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
+  private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime";
+  
+  
+  private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min
+  
  /** Singleton instance. <code>null</code>, if none has been created. */
   private static CreateXMLSignatureResponseValidator instance;
 
+  private static SimpleNamespaceContext NS_CONTEXT;
+  static {
+    NS_CONTEXT = new SimpleNamespaceContext();
+    NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
+    NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI);
+    NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI);
+    NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI);
+  }
+
+  
   /**
    * Constructor for a singleton CreateXMLSignatureResponseValidator.
    * @return an instance of CreateXMLSignatureResponseValidator
@@ -550,8 +569,36 @@ public class CreateXMLSignatureResponseValidator {
   
   public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
 	
-	  //TODO: insert Time validation!!!!
-	  
+	  Element dsigSignatureElement = csresp.getDsigSignature();
+	  if (dsigSignatureElement == null) {
+		  throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
+	  }
+	  else {
+		  Element signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_1_1_SIGNINGTIME_PATH);
+		  if (signingTimeElem == null) {
+			  signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_3_2_SIGNINGTIME_PATH);
+			  if (signingTimeElem == null)
+				  throw new ValidateException("validator.68", null) ;
+		  }
+			  
+			  
+		  String signingTimeStr = signingTimeElem.getTextContent();
+		  if (signingTimeStr == null)
+			  throw new ValidateException("validator.68", null) ;
+			  
+		  Calendar signingTimeCal = DatatypeConverter.parseDate(signingTimeStr);
+		  Calendar serverTimeCal = new GregorianCalendar();
+		  
+		  long diff = Math.abs(signingTimeCal.getTimeInMillis() - serverTimeCal.getTimeInMillis());
+		  
+		  if (diff > MAX_DIFFERENCE_IN_MILLISECONDS)
+			  throw new ValidateException("validator.69", new Object[] {"mehr als " + MAX_DIFFERENCE_IN_MILLISECONDS + " Millisekunden"}) ;
+
+		  Logger.debug("Compare \"" + signingTimeCal.getTime() + "\" (SigningTime) with \"" + serverTimeCal.getTime() + "\" (server time)");
+			
+		  
+	  }
+		  
   }
   
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index bc53a876c..28288815a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -830,6 +830,23 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 		  return prop;
   }
   
+  public boolean isIdentityLinkResigning() {
+	  String prop = props.getProperty("configuration.resignidentitylink", "false");
+	  if (Boolean.valueOf(prop))
+		  return true;
+	  else
+		  return false;
+  }
+  
+  public String getIdentityLinkResigningKey() {
+	  String prop = props.getProperty("configuration.resignidentitylink.keygroup");
+	  
+	  if (MiscUtil.isNotEmpty(prop))
+		  return prop;
+	  else
+		  return null;
+  }
+  
   /**
    * Retruns the STORK Configuration
    * @return STORK Configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index fec2d2b35..ee0b4e7e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -193,14 +194,26 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 					.getAuthBlock() : "";
 					
 			//set IdentityLink for assortion
-			String ilAssertion = saml1parameter.isProvideIdentityLink() ? authData.getIdentityLink()
-					.getSerializedSamlAssertion()
-					: "";
-			if (!saml1parameter.isProvideStammzahl()) {
-				ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
-						.getIdentificationValue(), "");
+			String ilAssertion = "";
+			if (saml1parameter.isProvideIdentityLink()) {		
+				if (session.getBusinessService()) {
+					IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+					
+					Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
+								.getSamlAssertion());
+					
+					ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+					
+				} else {
+					ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
+					
+					if (!saml1parameter.isProvideStammzahl())
+						ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
+								.getIdentificationValue(), "");
+					
+				}
 			}
-			
+
 			String samlAssertion;
 			
 			if (session.getUseMandate()) {
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-05 09:46:38 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-05 09:46:38 +0200
commit	e3667b6ccf1ae70a8c93b0af7a5bcf505831b073 (patch)
tree	85f74fd2bcf1745dfc8537db7c5c7d2468b46a75 /id/server/idserverlib/src/main/java/at/gv/egovernment
parent	cf5cf7c5baa823329d38e764ea53efe8f291d367 (diff)
parent	eb33e9afb53314c8ab1e0854c587a808e8605fad (diff)
download	moa-id-spss-e3667b6ccf1ae70a8c93b0af7a5bcf505831b073.tar.gz moa-id-spss-e3667b6ccf1ae70a8c93b0af7a5bcf505831b073.tar.bz2 moa-id-spss-e3667b6ccf1ae70a8c93b0af7a5bcf505831b073.zip