diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-01-23 12:21:56 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-01-23 12:21:56 +0100 |
commit | 349caa6f3b097117f6957f503c779d68a5283a06 (patch) | |
tree | 015fd4bd40b00c721d8659c2f65c54d682e10a01 /id/server/idserverlib/src/main/java/at | |
parent | 2195b00332cc6cba95f9ebec67dfdb230ee600f8 (diff) | |
parent | 81f8e1dc93570ff15f122f1c30fe6cb90e3158f0 (diff) | |
download | moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.tar.gz moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.tar.bz2 moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.zip |
Merge STORK2 fakeIDL extension into development branch
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
6 files changed, 102 insertions, 17 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 5fb4d6be8..5d816be1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -992,7 +992,13 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); Element resignedilAssertion; - resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion()); + + AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + if (config.isIdentityLinkResigning()) { + resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey()); + } else { + resignedilAssertion = businessServiceIdl.getSamlAssertion(); + } IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index e2802c1d2..a5783bfb7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -106,7 +106,7 @@ public class IdentityLinkAssertionParser { + PDATA + "Person"; /** Xpath expression to the PersonData GivenName element */ - private static final String PERSON_GIVEN_NAME_XPATH = + public static final String PERSON_GIVEN_NAME_XPATH = PERSON_XPATH + "/" + PDATA @@ -114,7 +114,7 @@ public class IdentityLinkAssertionParser { + PDATA + "GivenName"; /** Xpath expression to the PersonData FamilyName element */ - private static final String PERSON_FAMILY_NAME_XPATH = + public static final String PERSON_FAMILY_NAME_XPATH = PERSON_XPATH + "/" + PDATA @@ -122,7 +122,7 @@ public class IdentityLinkAssertionParser { + PDATA + "FamilyName"; /** Xpath expression to the PersonData DateOfBirth element */ - private static final String PERSON_DATE_OF_BIRTH_XPATH = + public static final String PERSON_DATE_OF_BIRTH_XPATH = PERSON_XPATH + "/" + PDATA diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4cd192070..10d0ddbc4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -48,6 +48,8 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.core.StatusCode;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
@@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -64,9 +67,12 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.xsd.xmldsig.SignatureType;
import at.gv.util.xsd.xmldsig.X509DataType;
import eu.stork.oasisdss.api.ApiUtils;
@@ -360,14 +366,61 @@ public class PEPSConnectorServlet extends AuthServlet { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
- Logger.debug("Starting connecting SZR Gateway");
- //contact SZR Gateway
IdentityLink identityLink = null;
try {
- identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ if(config.isStorkFakeIdLActive() && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) {
+ // create fake IdL
+ // - fetch IdL template from resources
+ InputStream s = PEPSConnectorServlet.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
+ Element idlTemplate = DOMUtils.parseXmlValidating(s);
+
+ identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
+
+ // replace data
+ Element idlassertion = identityLink.getSamlAssertion();
+ // - set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ if(!STORKResponseProcessor.hasAttribute("eIdentifier", attributeList))
+ throw new STORKException("eIdentifier is missing");
+ String eIdentifier = STORKResponseProcessor.getAttributeValue("eIdentifier", attributeList, false);
+ prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+ // - set last name
+ Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+ if(!STORKResponseProcessor.hasAttribute("surname", attributeList))
+ throw new STORKException("surname is missing");
+ String familyName = STORKResponseProcessor.getAttributeValue("surname", attributeList, false);
+ prFamilyName.getFirstChild().setNodeValue(familyName);
+
+ // - set first name
+ Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+ if(!STORKResponseProcessor.hasAttribute("givenName", attributeList))
+ throw new STORKException("givenName is missing");
+ String givenName = STORKResponseProcessor.getAttributeValue("givenName", attributeList, false);
+ prGivenName.getFirstChild().setNodeValue(givenName);
+
+ // - set date of birth
+ Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+ if(!STORKResponseProcessor.hasAttribute("dateOfBirth", attributeList))
+ throw new STORKException("dateOfBirth is missing");
+ String dateOfBirth = STORKResponseProcessor.getAttributeValue("dateOfBirth", attributeList, false);
+ prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
+
+ identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
+
+ //resign IDL
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey());
+ identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+ } else {
+ //contact SZR Gateway
+ Logger.debug("Starting connecting SZR Gateway");
+ identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
oaParam.getFriendlyName(),
targetType, null,
oaParam.getMandateProfiles(), citizenSignature);
+ }
} catch (STORKException e) {
// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
// stork. If we do not, we cannot register the person in the ERnP - we have to have the
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 7113dcf70..ea1526ff0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -102,7 +102,7 @@ public class STORKResponseProcessor { private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException {
return getAttributeValue(attributeName, attributeList, true);
}
- private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList, boolean throwException) throws STORKException {
+ public static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList, boolean throwException) throws STORKException {
try {
String result = attributeList.get(attributeName).getValue().get(0);
Logger.trace(attributeName + " : " + result);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index dae5ffcef..2a016fa8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -53,6 +53,7 @@ import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; import java.util.ArrayList; +import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -1007,6 +1008,39 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return null; } + /** + * Checks if is fakeIdL is activated. + * + * @return true, if fake IdLs are available for stork + */ + public boolean isStorkFakeIdLActive() { + String prop = props.getProperty("stork.fakeIdL.active", "false"); + return Boolean.valueOf(prop); + } + + /** + * Gets the countries which will receive a fake IdL + * + * @return the countries + */ + public List<String> getStorkFakeIdLCountries() { + String prop = props.getProperty("stork.fakeIdL.countries", ""); + return Arrays.asList(prop.replaceAll(" ", "").split(",")); + } + + /** + * Gets the resigning key (group) for the stork fake IdL. + * + * @return the resigning key + */ + public String getStorkFakeIdLResigningKey() { + String prop = props.getProperty("stork.fakeIdL.keygroup"); + if (MiscUtil.isNotEmpty(prop)) + return prop; + else + return null; + } + public boolean isMonitoringActive() { String prop = props.getProperty("configuration.monitoring.active", "false"); return Boolean.valueOf(prop); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java index 090bea486..520b81b17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java @@ -71,13 +71,9 @@ public class IdentityLinkReSigner { return instance; } - public Element resignIdentityLink(Element idl) throws MOAIDException { + public Element resignIdentityLink(Element idl, String keyGroupId) throws MOAIDException { try { - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); - - if (config.isIdentityLinkResigning()) { - if (idl == null) { Logger.warn("IdentityLink is empty"); return null; @@ -91,7 +87,6 @@ public class IdentityLinkReSigner { SPSSFactory spssFac = SPSSFactory.getInstance(); - String keyGroupId = config.getIdentityLinkResigningKey(); if (MiscUtil.isEmpty(keyGroupId)) { Logger.warn("No IdentityLink reSigning-Key definded"); throw new MOAIDException("config.19", new Object[]{}); @@ -166,9 +161,6 @@ public class IdentityLinkReSigner { Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS"); throw new MOAIDException("builder.05", new Object[]{}); } - - } else - return idl; } catch (ConfigurationException e) { Logger.warn("Configuration can not be loaded", e); |