Merge remote-tracking branch 'remotes/origin/authnrequest_signrequest_split' into moa-2.1-Snapshot

4 files changed, 75 insertions, 31 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 5a2fda67f..ee1d1728a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -318,7 +318,7 @@ public class PEPSConnectorServlet extends AuthServlet {
 				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),

 																		  oaParam.getFriendlyName(), 

 																		  targetType, null, 

-																		  oaParam.getMandateProfiles());

+																		  oaParam.getMandateProfiles(), citizenSignature);

 			} catch (STORKException e) {

 				// this is really nasty but we work against the system here. We are supposed to get the gender attribute from

 				// stork. If we do not, we cannot register the person in the ERnP - we have to have the

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
index 129494cbe..e2f6e50b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -205,17 +205,17 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 			moaSession.setXMLVerifySignatureResponse(tmp);
 			try{
 				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
-				//Add signResponse
+				//Add SignResponse   TODO Add signature (extracted from signResponse)?
 				List<String> values = new ArrayList<String>();
-				//values.add(signResponseString);
-				values.add(citizenSignature);
+				values.add(signResponseString);
+//				values.add(citizenSignature);
 				Logger.debug("Assembling signedDoc attribute");
 				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values,
 						"Available");
 				personalAttributeList.add(signedDocAttribute);
-
+				
 				String authnContextClassRef = moaSession.getAuthnContextClassRef();
-				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef);
+				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
 			} catch (STORKException e) {
 				// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
 				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
@@ -487,7 +487,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 			}
 
 			try{
-				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
+				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(),citizenSignature);
 			} catch (STORKException e) {
 				// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
 				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
@@ -633,7 +633,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 		return null;
 	}
 
-	private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef) throws STORKException, MOAIDException
+	private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException
 	{
 		Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
 		Logger.debug("Citizen signature will be verified by SZR Gateway!");
@@ -666,7 +666,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 		identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList,
 				oaParam.getFriendlyName(), 
 				targetType, null, 
-				oaParam.getMandateProfiles());
+				oaParam.getMandateProfiles(),citizenSignature);
 		Logger.debug("SZR communication was successfull");
 
 		if (identityLink == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index 46fd06741..7113dcf70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -26,28 +26,19 @@
 package at.gv.egovernment.moa.id.auth.stork;

 

 import java.io.ByteArrayInputStream;

+import java.io.IOException;

+import java.io.InputStream;

 import java.util.List;

 import java.util.Vector;

 

-import javax.servlet.http.HttpServletRequest;

-import javax.servlet.http.HttpServletResponse;

-import javax.xml.namespace.QName;

+import javax.activation.DataSource;

+import javax.xml.transform.Source;

+import javax.xml.transform.TransformerConfigurationException;

+import javax.xml.transform.TransformerException;

+import javax.xml.transform.TransformerFactoryConfigurationError;

+import javax.xml.transform.stream.StreamSource;

 

-import org.opensaml.common.binding.BasicSAMLMessageContext;

-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;

-import org.opensaml.saml2.core.Assertion;

-import org.opensaml.saml2.metadata.RequestedAttribute;

-import org.opensaml.ws.transport.http.HTTPInTransport;

-import org.opensaml.ws.transport.http.HTTPOutTransport;

-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;

-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;

-import org.opensaml.xml.XMLObject;

-import org.opensaml.xml.schema.XSAny;

-import org.opensaml.xml.schema.XSString;

-import org.opensaml.xml.util.Base64;

-import org.opensaml.xml.util.XMLHelper;

-import org.w3c.dom.Element;

-import org.w3c.dom.NodeList;

+import org.apache.commons.io.IOUtils;

 

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;

@@ -57,12 +48,16 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;

 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;

 import at.gv.egovernment.moa.id.client.SZRGWClientException;

-import at.gv.egovernment.moa.id.util.XMLUtil;

 import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.util.Constants;

 import at.gv.egovernment.moa.util.DateTimeUtils;

 import at.gv.egovernment.moa.util.StringUtils;

 import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;

+import eu.stork.oasisdss.api.ApiUtils;

+import eu.stork.oasisdss.api.LightweightSourceResolver;

+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;

+import eu.stork.oasisdss.api.exceptions.UtilsException;

+import eu.stork.oasisdss.profile.SignResponse;

 import eu.stork.peps.auth.commons.IPersonalAttributeList;

 import eu.stork.peps.auth.commons.PersonalAttribute;

 

@@ -129,11 +124,12 @@ public class STORKResponseProcessor {
 	 * @param targetType the target type

 	 * @param targetValue the target value

 	 * @param filters the filters

+	 * @param citizenSignature2 

 	 * @return Identity Link

 	 * @throws STORKException the sTORK exception

 	 * @throws MOAIDException 

 	 */

-	public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException, MOAIDException {

+	public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters, String citizenSignature) throws STORKException, MOAIDException {

 		Logger.trace("Calling SZR Gateway with the following attributes:");

 

 		CreateIdentityLinkResponse identityLinkResponse = null;

@@ -142,7 +138,16 @@ public class STORKResponseProcessor {
 			Logger.trace("Starting call...");

 

 			// if there is no signedDoc attribute, we cannot go on

-			String citizenSignature = getAttributeValue("signedDoc", attributeList);

+			if(citizenSignature==null || citizenSignature.length()==0)

+			{

+				String signResponseString = getAttributeValue("signedDoc", attributeList);

+				

+				//Extract signature from SIgnResponse

+				Source response1 = new StreamSource(new java.io.StringReader(signResponseString));

+				SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);

+				citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);

+			}

+			

 			String fiscalNumber = getAttributeValue("fiscalNumber", attributeList, false);

 			

 			// if we have a signedDoc we test for a representation case

@@ -235,7 +240,27 @@ public class STORKResponseProcessor {
 		} catch (ParseException e) {

 			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

 			throw new MOAIDException("auth.25", null, e);

-			

+		} catch (ApiUtilsException e) {

+			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

+			throw new MOAIDException("auth.25", null, e);

+		} catch (IllegalArgumentException e) {

+			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

+			throw new MOAIDException("auth.25", null, e);

+		} catch (TransformerConfigurationException e) {

+			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

+			throw new MOAIDException("auth.25", null, e);

+		} catch (UtilsException e) {

+			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

+			throw new MOAIDException("auth.25", null, e);

+		} catch (TransformerException e) {

+			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

+			throw new MOAIDException("auth.25", null, e);

+		} catch (TransformerFactoryConfigurationError e) {

+			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

+			throw new MOAIDException("auth.25", null, e);

+		} catch (IOException e) {

+			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);

+			throw new MOAIDException("auth.25", null, e);

 		} 

     		    

     	return identityLink;

@@ -272,5 +297,20 @@ public class STORKResponseProcessor {
 		

 		return moaExtendedSAMLAttributeList;

 	}

+	

+	private static String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException

+	{

+		// fetch signed doc

+		DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);

+		if(ds == null){

+			throw new ApiUtilsException("No datasource found in response");

+		}				

+

+		InputStream incoming  = ds.getInputStream();

+		String citizenSignature = IOUtils.toString(incoming);

+		incoming.close();

+

+		return citizenSignature;

+	}

 

 }

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index c64c5b488..3bd827667 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -455,8 +455,12 @@ public class AuthenticationRequest implements IAction {
 
         try {
             for (PersonalAttribute personalAttribute : attrLst) {
+            	 try {
                 Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
                 moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
+            	 } catch (Exception e) {
+                     Logger.error("Exception, attributes: " + e.getMessage());
+                 }
             }
         } catch (Exception e) {
             Logger.error("Exception, attributes: " + e.getMessage());