diff options
| author | kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2011-04-06 15:29:11 +0000 | 
|---|---|---|
| committer | kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2011-04-06 15:29:11 +0000 | 
| commit | ac9a6c52e96f4c737de3392a7ba16b8fa8958b85 (patch) | |
| tree | 6c134f5c2386f36401a0476be15c17045f1c7ff0 /id/server/idserverlib | |
| parent | ab7c7b6a64edca60b78a89b18a1972ad5e38586e (diff) | |
| download | moa-id-spss-ac9a6c52e96f4c737de3392a7ba16b8fa8958b85.tar.gz moa-id-spss-ac9a6c52e96f4c737de3392a7ba16b8fa8958b85.tar.bz2 moa-id-spss-ac9a6c52e96f4c737de3392a7ba16b8fa8958b85.zip | |
- IAIK Libraries (repository) aktualisiert:
	iaik-moa:           Version 1.29
	iaik_jce_full:		Version 4.0_MOA
	iaik_cms:			Version 4.1_MOA
- Einbindung von Online-Vollmachten
- Update MOA-Template zur Bürgerkartenauswahl
- Update Doku
- Update Transformationen (für Online-Vollmachten)
- Änderung der Konfiguration für:
	- Online-Vollmachten		
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1199 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server/idserverlib')
30 files changed, 1384 insertions, 242 deletions
| diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 6553182b4..eb21c2fd3 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -121,11 +121,11 @@  			<groupId>commons-httpclient</groupId>
  			<artifactId>commons-httpclient</artifactId>
  		</dependency>-->
 -		<dependency>
 +		<!-- <dependency>
  			<groupId>at.gv.egovernment.moa.id</groupId>
  			<artifactId>mandate-validate</artifactId>
  			<version>1.1</version>
 -		</dependency>
 +		</dependency>-->
  		<dependency>
      	  <groupId>commons-lang</groupId>
  	      <artifactId>commons-lang</artifactId>
 @@ -135,10 +135,11 @@  	<build>
  		<plugins>
 -			<plugin>
 +					<plugin>
  				<groupId>org.apache.maven.plugins</groupId>
  				<artifactId>maven-jar-plugin</artifactId>
  				<configuration>
 +				<skipTests>true</skipTests>
  					<archive>
  						<addMavenDescriptor>false</addMavenDescriptor>
  					</archive>
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 64eaf30cd..a772e0457 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -15,14 +15,11 @@  */  package at.gv.egovernment.moa.id.auth; -import iaik.ixsil.exceptions.UtilsException; -import iaik.ixsil.util.Utils;  import iaik.pki.PKIException;  import iaik.x509.X509Certificate; +import java.io.ByteArrayInputStream;  import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException;  import java.io.IOException;  import java.security.GeneralSecurityException;  import java.security.Principal; @@ -39,10 +36,11 @@ import java.util.Vector;  import javax.xml.parsers.ParserConfigurationException;  import javax.xml.transform.TransformerException; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document;  import org.w3c.dom.Element;  import org.xml.sax.SAXException; -import HTTPClient.Util;  import at.gv.egovernment.moa.id.AuthenticationException;  import at.gv.egovernment.moa.id.BuildException;  import at.gv.egovernment.moa.id.ParseException; @@ -63,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;  import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;  import at.gv.egovernment.moa.id.auth.data.IdentityLink;  import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;  import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -81,6 +80,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException;  import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;  import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;  import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;  import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -94,6 +94,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;  import at.gv.egovernment.moa.logging.LogMsg;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Base64Utils; @@ -288,6 +289,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {     * @param oaURL online application URL requested     * @param bkuURL URL of the "Bürgerkartenumgebung" to be used;      *                may be <code>null</code>; in this case, the default location will be used +   * @param useMandate Indicates if mandate is used or not                    * @param templateURL URL providing an HTML template for the HTML form generated     * @param scheme determines the protocol used      * @return HTML form @@ -301,6 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      String oaURL,      String templateURL,      String bkuURL, +    String useMandate,      String sessionID,      String scheme)      throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { @@ -343,7 +346,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {        session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());        session.setAuthURL(authURL);        session.setTemplateURL(templateURL); -      session.setBusinessService(oaParam.getBusinessService()); +      session.setBusinessService(oaParam.getBusinessService());            }      // BKU URL has not been set yet, even if session already exists      if (bkuURL == null) { @@ -357,8 +360,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {      session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());      String infoboxReadRequest =         new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(),  -                                            oaParam.getBusinessService(),  +                                            oaParam.getBusinessService(),                                                   oaParam.getIdentityLinkDomainIdentifier()); +     +    if ((useMandate != null) && (useMandate.compareTo("") != 0)) { +    	session.setUseMandate(useMandate); +    } +    else { +    	session.setUseMandate("false"); +    }      String dataURL =        new DataURLBuilder().buildDataURL(          session.getAuthURL(), @@ -529,6 +539,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {      return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);    } +   +  /** +   * Processes an <code>Mandate</code> sent by the  +   * MIS.<br> +   * <ul> +   * <li>Validates given <code>Mandate</code></li> +   * <li>Verifies Mandate by calling the MOA SP component</li> +   * <li>Creates an authentication block to be signed by the user</li> +   * <li>Creates and returns a <code><CreateXMLSignatureRequest></code>  +   *      containg the authentication block, meant to be returned to the  +   *      security layer implementation</li> +   * </ul> +   *  +   * @param sessionID ID of associated authentication session data +   * @param infoboxReadResponseParameters The parameters from the response returned from +   *        the BKU including the <code><InfoboxReadResponse></code> +   * @return String representation of the <code><CreateXMLSignatureRequest></code> +   */ +  public String verifyMandate(String sessionID, MISMandate mandate) +    throws +      AuthenticationException, +      BuildException, +      ParseException, +      ConfigurationException, +      ValidateException, +      ServiceException { + +    if (isEmpty(sessionID)) +      throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID}); +        +    String sMandate = new String(mandate.getMandate()); +    if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { +    	Logger.error("Mandate is empty."); +    	throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); +    } +     +     +    AuthenticationSession session = getSession(sessionID); +    AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + +       +    OAAuthParameter oaParam = +      AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( +        session.getPublicOAURLPrefix()); +     +    try { +    	// set extended SAML attributes +		setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); +	} catch (SAXException e) { +		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); +	} catch (IOException e) { +		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); +	} catch (ParserConfigurationException e) { +		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); +	} catch (TransformerException e) { +		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); +	} + +     +    return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); +  } +   +  /** +   *  +   * @param session +   * @param authConf +   * @param oaParam +   * @return +   * @throws ConfigurationException +   * @throws BuildException +   * @throws ValidateException +   */    public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)      throws         ConfigurationException,  @@ -571,6 +653,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {      return createXMLSignatureRequest;    } +   +      /**     * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>     * <ul> @@ -927,6 +1011,32 @@ public class AuthenticationServer implements MOAIDAuthConstants {    }    /** +   * Verifies the infoboxes (except of the  identity link infobox) returned by the BKU by  +   * calling appropriate validator classes. +   *  +   * @param session The actual authentication session. +   * @param mandate   The Mandate from the MIS +   *  +   * @throws AuthenticationException  +   * @throws ConfigurationException   + * @throws TransformerException  + * @throws ParserConfigurationException  + * @throws IOException  + * @throws SAXException  +   */ +  private void setExtendedSAMLAttributeForMandates( +    AuthenticationSession session, MISMandate mandate, boolean business)  +  throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException +  { +     +	  ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business); +	   +	   +	  AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService"); +     +  } +   +  /**     * Intermediate processing of the infoboxes. The first pending infobox      * validator may validate the provided input     *  @@ -985,7 +1095,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {      int length = extendedSAMLAttributes.length;       for (int i=0; i<length; i++) {        ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; +              Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName); +              if ((value instanceof String) || (value instanceof Element)) {          switch (samlAttribute.getAddToAUTHBlock()) {            case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: @@ -1017,6 +1129,115 @@ public class AuthenticationServer implements MOAIDAuthConstants {      session.setExtendedSAMLAttributesOA(oaAttributes);    } +//  /** +//   * Adds given SAML Attributes to the current session. They will be appended +//   * to the final SAML Assertion or the AUTH block. If the attributes are  +//   * already in the list, they will be replaced. +//   *  +//   * @param session The current session +//   * @param extendedSAMLAttributes The SAML attributes to add +//   * @param identifier The infobox identifier for debug purposes +//   * @param friendlyNam The friendly name of the infobox for debug purposes +//   */ +//  private static void AddAdditionalSAMLAttributes(AuthenticationSession session, MISMandate mandate) throws ValidateException +//  { +//	   +//    List oaAttributes = session.getExtendedSAMLAttributesOA(); +//    if (oaAttributes==null) oaAttributes = new Vector(); +//    List authAttributes = session.getExtendedSAMLAttributesAUTH(); +//    if (authAttributes==null) authAttributes = new Vector(); +//     +//     +//    addExtendedSamlAttributes(authAttributes, mandate); +//     +//    session.setExtendedSAMLAttributesAUTH(authAttributes); +//    session.setExtendedSAMLAttributesOA(oaAttributes); +//  } +   +  /** +   * Adds the AUTH block related SAML attributes to the validation result.  +   * This is needed always before the AUTH block is to be signed, because the  +   * name of the mandator has to be set + * @throws ParserConfigurationException  + * @throws IOException  + * @throws SAXException  + * @throws TransformerException  +   */ +  private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(MISMandate mandate, boolean business) throws SAXException, IOException, ParserConfigurationException, TransformerException { +     +	  Vector extendedSamlAttributes = new Vector();  +	   +	  extendedSamlAttributes.clear(); +     +	  //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); +	  // RepresentationType +	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTEXT, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +         +	  // Name +	  Element domMandate = mandateToElement(mandate); +	  Element nameSpaceNode = domMandate.getOwnerDocument().createElement("NameSpaceNode"); +	  nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); +	  nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + +	  Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, "//md:Mandate/md:Mandator", nameSpaceNode); +     +	  // first check if physical person +	  Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode); +	  String mandatorname = ParepUtils.extractMandatorName(mandator); +	   +	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, mandatorname, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +	  // Geburtsdatum +	  String dob = ParepUtils.extractMandatorDateOfBirth(mandator); +	  if (dob != null && !"".equals(dob)) { +		  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));	   +		   +	  } +	   +	  // Mandate +	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, domMandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); +	   +	  // (w)bpk +	  String wbpk = ParepUtils.extractMandatorWbpk(mandator); +	  if (!ParepUtils.isEmpty(wbpk)) { +		  if (!ParepUtils.isPhysicalPerson(mandator)){ +			  String idType = ParepUtils.extractMandatorIdentificationType(mandator); +			  if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID)) { +				  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +			  } +		  } else  +			  if (business) { +				  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +			  } +	  } +	   +	  String oid = mandate.getProfRep(); +	  if (oid != null) { +		  String oidDescription = mandate.getTextualDescriptionOfOID(); +		  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); +	  } +    	 +	  ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; +	  extendedSamlAttributes.copyInto(ret); +	  Logger.debug("ExtendedSAML Attributes: " + ret.length); +	  return ret; + +     +     +  	} +   +  /** +   *  +   * @param mandate +   * @return + * @throws ParserConfigurationException  + * @throws IOException  + * @throws SAXException  +   */ +  private static Element mandateToElement(MISMandate mandate) throws SAXException, IOException, ParserConfigurationException { +	  ByteArrayInputStream bais = new ByteArrayInputStream(mandate.getMandate()); +	  Document doc = DOMUtils.parseDocumentSimple(bais); +	  return doc.getDocumentElement(); +  }    private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) {      if (null==attributes) {        attributes = new Vector(); @@ -1651,6 +1872,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {    private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName)       throws ValidateException{      String name = samlAttribute.getName(); +     +          if (name == null) {        Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +           identifier + "-infobox validator is null."); @@ -1676,6 +1899,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {        throw new ValidateException(          "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});      } -    return value; +     +        return value;    }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 259b21db7..35dddb476 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -60,6 +60,8 @@ public interface MOAIDAuthConstants {    public static final String REQ_GET_FOREIGN_ID = "GetForeignID";    /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */    public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate"; +  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */ +  public static final String GET_MIS_SESSIONID = "GetMISSessionID";    /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */    public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";    /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 2e1132d32..9bab8643f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -82,6 +82,50 @@ public class GetIdentityLinkFormBuilder extends Builder {      "</form>" + nl +      "</body>" + nl +      "</html>"; +   +  /** default HTML template */ +  private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES =  +    "<html>" + nl + +    "<head>" + nl + +    "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +     +    "<title>Vollmachten-Anmeldung</title>" + nl + +    "<script type=\"text/javascript\">" + nl + +	"window.onload=function() {" + nl + +	"document.VollmachtenForm.submit();"  + nl + +	"document.VollmachtenForm.Senden.disabled=true;" + nl + +	"return;" + nl + +	"}" + nl + +	"</script>" + nl + +    "</head>" + nl + +    "<body>" + nl + +    "<form name=\"VollmachtenForm\"" + nl + +    "      action=\"" + BKU_TAG + "\"" + nl + +    "      method=\"post\">" + nl + +    "  <input type=\"hidden\" " + nl + +    "         name=\"XMLRequest\"" + nl + +    "         value=\"" + XMLREQUEST_TAG + "\"/>" + nl + +    "  <input type=\"hidden\" " + nl + +    "         name=\"DataURL\"" + nl + +    "         value=\"" + DATAURL_TAG + "\"/>" + nl + +    "  <input type=\"hidden\" " + nl + +    "         name=\"PushInfobox\"" + nl + +    "         value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl + +    "  <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + nl + +    "</form>" + nl + +    "<form name=\"CertificateInfoForm\"" + nl + +    "      action=\"" + BKU_TAG + "\"" + nl + +    "      method=\"post\">" + nl + +    "  <input type=\"hidden\" " + nl + +    "         name=\"XMLRequest\"" + nl + +    "         value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl + +    "  <input type=\"hidden\" " + nl + +    "         name=\"DataURL\"" + nl + +    "         value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl + +//	"  <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +     +    "  <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + +    "</form>" + nl + +    "</body>" + nl + +    "</html>";    /**     * Constructor for GetIdentityLinkFormBuilder. @@ -119,6 +163,29 @@ public class GetIdentityLinkFormBuilder extends Builder {      htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);    	return htmlForm;    } +   +  /** +   * Builds the HTML form, including XML Request and data URL as parameters. +   *  +   * @param htmlTemplate template to be used for the HTML form; +   *         may be <code>null</code>, in this case a default layout will be produced +   * @param xmlRequest XML Request to be sent as a parameter in the form +   * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; +   *         may be <code>null</code>, in this case the default URL will be used +   * @param dataURL DataURL to be sent as a parameter in the form +   */ +  public String buildCreateSignature( +    String bkuURL,  +    String xmlRequest,  +    String dataURL) +  throws BuildException  +  {       +  	String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES; +    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); +    htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); +    htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); +  	return htmlForm; +  }    /**     * Encodes a string for inclusion as a parameter in the form.     * Double quotes are substituted by <code>"&quot;"</code>. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 2c97f01ae..a6b61e747 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -152,6 +152,85 @@ public class VerifyXMLSignatureRequestBuilder {      return requestElem_;    } +  /** +   * Builds a <code><VerifyXMLSignatureRequest></code> +   * from an IdentityLink with a known trustProfileID which  +   * has to exist in MOA-SP +   * @param identityLink - The IdentityLink +   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP +   *  +   * @return Element - The complete request as Dom-Element +   *  +   * @throws ParseException +   */ +  public Element build(byte[]mandate, String trustProfileID) +    throws ParseException  +  {  +    try { +      // build the request +//      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); +//      requestElem_.appendChild(dateTimeElem); +//      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); +//      dateTimeElem.appendChild(dateTime); +      Element verifiySignatureInfoElem =  +        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); +      requestElem_.appendChild(verifiySignatureInfoElem); +      Element verifySignatureEnvironmentElem =  +        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); +      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); +      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); +      verifySignatureEnvironmentElem.appendChild(base64ContentElem); +      // insert the base64 encoded identity link SAML assertion +      //String serializedAssertion = identityLink.getSerializedSamlAssertion(); +      //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); +      String base64EncodedAssertion = Base64Utils.encode(mandate); +      //replace all '\r' characters by no char. +      StringBuffer replaced = new StringBuffer(); +      for (int i = 0; i < base64EncodedAssertion.length(); i ++) { +        char c = base64EncodedAssertion.charAt(i); +        if (c != '\r') { +          replaced.append(c); +        } +      } +      base64EncodedAssertion = replaced.toString(); +      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); +      base64ContentElem.appendChild(base64Content);       +      // specify the signature location +      Element verifySignatureLocationElem =  +        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); +      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); +      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); +      verifySignatureLocationElem.appendChild(signatureLocation);       +      // signature manifest params +      Element signatureManifestCheckParamsElem =  +        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); +      requestElem_.appendChild(signatureManifestCheckParamsElem); +      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); +//      // add the transforms +//      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); +//      signatureManifestCheckParamsElem.appendChild(referenceInfoElem); +//      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); +//       +//      for (int i = 0; i < dsigTransforms.length; i++) {         +//        Element verifyTransformsInfoProfileElem =  +//          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); +//        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); +//        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));         +//      } +      Element returnHashInputDataElem =  +        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); +      requestElem_.appendChild(returnHashInputDataElem); +      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); +      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); +      requestElem_.appendChild(trustProfileIDElem); +    } catch (Throwable t) { +      throw new ParseException("builder.00",  +        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); +    } + +    return requestElem_; +  } +      /**     * Builds a <code><VerifyXMLSignatureRequest></code> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index eca02a77b..554b5012e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -68,6 +68,16 @@ public class AuthenticationSession {       * URL of the BKU       */      private String bkuURL; +     +    /** +     * Use mandate +     */ +    private boolean useMandate; +     +    /**  +     * SessionID for MIS +     */ +    private String misSessionID;  	/**  	 * identity link read from smartcard  	 */ @@ -582,4 +592,39 @@ public class AuthenticationSession {      this.pushInfobox = pushInfobox;    } +  /** +   *  +   * @param useMandate indicates if mandate is used or not +   */ +  public void setUseMandate(String useMandate) { +	  if (useMandate.compareToIgnoreCase("true") == 0) +		  this.useMandate = true; +	  else +		  this.useMandate = false; +	   +  } +   +  /** +   * Returns if mandate is used or not +   * @return +   */ +  public boolean getUseMandate() { +	  return this.useMandate; +  } +   +  /** +   *  +   * @param misSessionID indicates the MIS session ID +   */ +  public void setMISSessionID(String misSessionID) { +	  this.misSessionID = misSessionID; +  } + +  /** +   * Returns the MIS session ID +   * @return +   */ +  public String getMISSessionID() { +	  return this.misSessionID; +  }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index c83650587..9a6670617 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -219,11 +219,14 @@ public class GetForeignIDServlet extends AuthServlet {  	    		try {
  	    			client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
  	    		} catch (IOException e) {
 -	    			throw new SZRGWClientException(e);
 +	    			Logger.error("Could not initialize SSL Factory", e);
 +	    			throw new SZRGWClientException("Could not initialize SSL Factory");
  	    		} catch (GeneralSecurityException e) {
 -	    			throw new SZRGWClientException(e);
 +	    			Logger.error("Could not initialize SSL Factory", e);
 +	    			throw new SZRGWClientException("Could not initialize SSL Factory");
  	    		} catch (PKIException e) {
 -	    			throw new SZRGWClientException(e);
 +	    			Logger.error("Could not initialize SSL Factory", e);
 +	    			throw new SZRGWClientException("Could not initialize SSL Factory");
  	    		} 
  	    	}
  	    	Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java new file mode 100644 index 000000000..4c0abdb0f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -0,0 +1,174 @@ +package at.gv.egovernment.moa.id.auth.servlet;
 +
 +import iaik.pki.PKIException;
 +
 +import java.io.IOException;
 +import java.io.PrintWriter;
 +import java.security.GeneralSecurityException;
 +import java.util.List;
 +import java.util.Map;
 +
 +import javax.net.ssl.SSLSocketFactory;
 +import javax.servlet.ServletException;
 +import javax.servlet.http.HttpServletRequest;
 +import javax.servlet.http.HttpServletResponse;
 +
 +import org.apache.commons.fileupload.FileUploadException;
 +import org.apache.commons.lang.StringEscapeUtils;
 +
 +import at.gv.egovernment.moa.id.BuildException;
 +import at.gv.egovernment.moa.id.MOAIDException;
 +import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 +import at.gv.egovernment.moa.id.auth.WrongParametersException;
 +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 +import at.gv.egovernment.moa.id.config.ConnectionParameter;
 +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 +import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 +import at.gv.egovernment.moa.id.util.SSLUtils;
 +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 +import at.gv.egovernment.moa.logging.Logger;
 +
 +/**
 + * Servlet requested for getting the foreign eID
 + * provided by the security layer implementation.
 + * Utilizes the {@link AuthenticationServer}.
 + *
 + */
 +public class GetMISSessionIDServlet extends AuthServlet {
 +
 +  /**
 +   * Constructor for GetMISSessionIDServlet.
 +   */
 +  public GetMISSessionIDServlet() {
 +    super();
 +  }
 +
 +  /**
 +   * GET requested by security layer implementation to verify
 +   * that data URL resource is available.
 +   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
 +   */
 +  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 +    throws ServletException, IOException { 
 +    	
 +	  doPost(req, resp);
 +	  
 +//		Logger.debug("GET GetMISSessionIDServlet");
 +//		
 +//		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 +//		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 +//		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 +//		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 +  }
 +
 +  /**
 +   * Gets the signer certificate from the InfoboxReadRequest and 
 +   * responds with a new 
 +   * <code>CreateXMLSignatureRequest</code>.
 +   * <br>
 +   * Request parameters:
 +   * <ul>
 +   * <li>MOASessionID: ID of associated authentication session</li>
 +   * <li>XMLResponse: <code><InfoboxReadResponse></code></li>
 +   * </ul>
 +   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
 +   */
 +  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
 +    throws ServletException, IOException {
 +
 +		Logger.debug("POST GetMISSessionIDServlet");
 +		
 +		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 +		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 +		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 +		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 +		
 +//		Map parameters;
 +//	    try 
 +//	    {
 +//	      parameters = getParameters(req);
 +//	    } catch (FileUploadException e) 
 +//	    {
 +//	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
 +//	      throw new IOException(e.getMessage());
 +//	     	}
 +		
 +	    String sessionID = req.getParameter(PARAM_SESSIONID);
 +	    
 +	    // escape parameter strings
 +		sessionID = StringEscapeUtils.escapeHtml(sessionID);
 +		
 +	    AuthenticationSession session = null;
 +	    try {
 +	       // check parameter
 +	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
 +	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
 +	       
 +	       session = AuthenticationServer.getSession(sessionID);
 +	    	
 +	    	String misSessionID = session.getMISSessionID();
 +	    	
 +	    	//System.out.println("MIS Session ID (GetMISServlet): " + misSessionID);
 +	    	
 +	    	AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
 +	    	ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
 +	    	SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
 +
 +	    	List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
 +	    	
 +	    	if (list == null) {
 +	    		Logger.error("Keine Vollmacht gefunden.");
 +	    		throw new MISSimpleClientException("Keine Vollmacht gefunden");
 +	    	}
 +	    	if (list.size() == 0) {
 +	    		Logger.error("Keine Vollmacht gefunden.");
 +	    		throw new MISSimpleClientException("Keine Vollmacht gefunden");
 +	    	}
 +	    	
 +	    	// for now: list contains only one element
 +	    	MISMandate mandate = (MISMandate)list.get(0);	    	
 +   	
 +	    	// verify mandate signature
 +	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
 +	    	
 +	    	String dataurl =
 +	             new DataURLBuilder().buildDataURL(
 +	               session.getAuthURL(),
 +	               REQ_VERIFY_AUTH_BLOCK,
 +	               session.getSessionID());
 +	    	
 +	    	Logger.debug(createXMLSignatureRequestOrRedirect);
 +	    	
 +	    	String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl);
 +
 +	    	resp.setContentType("text/html;charset=UTF-8");
 +			PrintWriter out = new PrintWriter(resp.getOutputStream());
 +			out.print(request);
 +			out.flush();
 +	    	
 +			    		      
 +	    }
 +	    catch (MOAIDException ex) {
 +	      handleError(null, ex, req, resp);
 +	    } catch (GeneralSecurityException ex) {
 +	    	handleError(null, ex, req, resp);
 +		} catch (PKIException e) {
 +			handleError(null, e, req, resp);
 +		} catch (MISSimpleClientException e) {
 +			handleError(null, e, req, resp);
 +		} 
 +  }
 +  
 +  private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException {
 +	  return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL);
 +	  
 +  }
 +  
 +  
 + 
 + }
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 54d08c59e..b50a1edde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -68,8 +68,8 @@ public class ProcessValidatorInputServlet extends AuthServlet {     * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
     */
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 -    throws ServletException, IOException { 
 -
 +    throws ServletException, IOException {  +	        Logger.debug("GET ProcessInput");      resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);  	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 10b4041df..2e7d59fde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -15,11 +15,14 @@  */  package at.gv.egovernment.moa.id.auth.servlet; +import iaik.pki.PKIException; +  import java.io.IOException;  import java.io.PrintWriter; -import java.io.Reader; -import java.io.StringReader; +import java.security.GeneralSecurityException; +import java.util.List; +import javax.net.ssl.SSLSocketFactory;  import javax.servlet.ServletConfig;  import javax.servlet.ServletException;  import javax.servlet.http.HttpServletRequest; @@ -31,8 +34,14 @@ import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.auth.AuthenticationServer;  import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;  import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;  import at.gv.egovernment.moa.logging.Logger;  /** @@ -88,8 +97,7 @@ public class StartAuthenticationServlet extends AuthServlet {      resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);      resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); -    //System.out.println("useMandate: " + useMandate); -     + 	      	try {  		      // check parameter  		    if (!ParamValidatorUtils.isValidTarget(target)) @@ -109,7 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet {  			String getIdentityLinkForm = -				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); +				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());  			resp.setContentType("text/html;charset=UTF-8");  			PrintWriter out = new PrintWriter(resp.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index ad01de6c8..f1fb15be0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -61,6 +61,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {    protected void doGet(HttpServletRequest req, HttpServletResponse resp)      throws ServletException, IOException {  +	  //doPost(req, resp); +	    		Logger.debug("GET VerifyAuthenticationBlock");  		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 76c5476ae..d101df1fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -8,12 +8,14 @@ import java.security.GeneralSecurityException;  import java.security.cert.CertificateEncodingException;
  import java.util.Map;
 +import javax.net.ssl.SSLSocketFactory;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import javax.xml.parsers.DocumentBuilder;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.parsers.ParserConfigurationException;
 +import javax.xml.transform.TransformerException;
  import org.apache.axis.encoding.Base64;
  import org.apache.commons.fileupload.FileUploadException;
 @@ -22,24 +24,25 @@ import org.w3c.dom.Document;  import org.w3c.dom.Element;
  import org.w3c.dom.Text;
 +import at.gv.egovernment.moa.id.AuthenticationException;
  import at.gv.egovernment.moa.id.MOAIDException;
  import at.gv.egovernment.moa.id.auth.AuthenticationServer;
  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
  import at.gv.egovernment.moa.id.auth.WrongParametersException;
  import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
 -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
 -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
  import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 -import at.gv.egovernment.moa.id.config.ConfigurationException;
  import at.gv.egovernment.moa.id.config.ConnectionParameter;
  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
  import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
  import at.gv.egovernment.moa.id.util.SSLUtils;
  import at.gv.egovernment.moa.id.util.ServletUtils;
 +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
 +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
  import at.gv.egovernment.moa.logging.Logger;
 +import at.gv.egovernment.moa.util.DOMUtils;
  /**
   * Servlet requested for getting the foreign eID
 @@ -116,25 +119,96 @@ public class VerifyCertificateServlet extends AuthServlet {  	    	session = AuthenticationServer.getSession(sessionID);
 -	    	X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
 -	    		    	
 -	    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
 -	      // build dataurl (to the GetForeignIDSerlvet)
 -	    	String dataurl =
 -             new DataURLBuilder().buildDataURL(
 -               session.getAuthURL(),
 -               REQ_GET_FOREIGN_ID,
 -               session.getSessionID());
 -       
 -	    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 +    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
 +    		if (cert == null) {
 +    			Logger.error("Certificate could not be read.");
 +    			throw new AuthenticationException("auth.14", null);    		
 +    		}
 +    		
 +	    	boolean useMandate = session.getUseMandate();
 +	    	if (useMandate) {
 +	    		// Mandate Modus	    	
 +	    		// make request to MIS
 +	    		
 +	    		AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
 +    			ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
 +    			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
 +    			
 +    			// get identitity link as byte[]
 +    			Element elem = session.getIdentityLink().getSamlAssertion();
 +    			String s = DOMUtils.serializeNode(elem);
 +//    			byte[] idl = DOMUtils.nodeToByteArray(elem);
 +//    			String s = new String(idl);
 +    			byte[] idl = s.getBytes();
 +    			
 +    			// redirect url
 +    			// build redirect(to the GetMISSessionIdSerlvet)
 +    	          String redirectURL =
 +    	                new DataURLBuilder().buildDataURL(
 +    	                  session.getAuthURL(),
 +    	                  GET_MIS_SESSIONID,
 +    	                  session.getSessionID());
 +    			
 +    	          String oaURL = session.getOAURLRequested();
 +    	          OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
 +    	          String profiles = oaParam.getMandateProfiles();
 +
 +    	          if (profiles == null) {
 +    	        	  Logger.error("No Mandate/Profile for OA configured.");
 +    	        	  throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
 +    	          }
 +    	          
 +    	          String profilesArray[] = profiles.split(",");  	 		 
 +    	          for(int i = 0; i < profilesArray.length; i++) {
 +    	        	  profilesArray[i] = profilesArray[i].trim();
 +    	          }
 +    	          
 +    	          MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory);
 +    	          String redirectMISGUI = misSessionID.getRedirectURL();
 +    	          
 +    	          if (misSessionID == null) {
 +    	        	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
 +    	        	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
 +    	          }
 +    	          
 +    	          session.setMISSessionID(misSessionID.getSessiondId());
 +    		
 +    	          resp.setStatus(302);
 +  		    	  resp.addHeader("Location", redirectMISGUI);
 +  		    	  Logger.debug("REDIRECT TO: " + redirectURL);
 +    	          
 +	    	}
 +	    	else {
 +	    		// Foreign Identities Modus	
 +		    	
 +		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
 +		      // build dataurl (to the GetForeignIDSerlvet)
 +		    	String dataurl =
 +	             new DataURLBuilder().buildDataURL(
 +	               session.getAuthURL(),
 +	               REQ_GET_FOREIGN_ID,
 +	               session.getSessionID());
 +	       
 +		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 +		    	
 +		    	
 +		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 +	    	}
 -	    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
  	    }
  	    catch (MOAIDException ex) {
  	      handleError(null, ex, req, resp);
 -	    } 
 +	    } catch (GeneralSecurityException ex) {
 +	    	handleError(null, ex, req, resp);
 +		} catch (PKIException e) {
 +			handleError(null, e, req, resp);
 +		} catch (MISSimpleClientException e) {
 +			handleError(null, e, req, resp);
 +		} catch (TransformerException e) {
 +			handleError(null, e, req, resp);
 +		} 
    }
    /**
 @@ -161,58 +235,58 @@ public class VerifyCertificateServlet extends AuthServlet {   * @throws SZRGWClientException 
     */
    /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
 -     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
 -
 -    SZRGWClient client = new SZRGWClient();
 -      
 -    try {
 -    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
 -    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
 -     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
 -    	Logger.debug("Connection Parameters: " + connectionParameters);
 -      client.setAddress(connectionParameters.getUrl());
 -      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
 -         Logger.debug("Initialisiere SSL Verbindung");
 -         try {
 -            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
 -         } catch (IOException e) {
 -            // TODO Auto-generated catch block
 -            e.printStackTrace();
 -         } catch (GeneralSecurityException e) {
 -            // TODO Auto-generated catch block
 -            e.printStackTrace();
 -         } catch (PKIException e) {
 -            // TODO Auto-generated catch block
 -            e.printStackTrace();
 -         }
 -       }
 -       
 -       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
 -      
 -   
 -    }
 -   catch (ConfigurationException e) {
 -      Logger.warn(e);
 -      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
 -
 -    }
 -    	// create request
 -    	Document doc = buildGetIdentityLinkRequest(cert);
 -    	Element request = doc.getDocumentElement();
 -    	CreateIdentityLinkResponse response = null;
 -   
 -    //try {
 -        response = client.createIdentityLinkResponse(request);
 -    //} catch (SZRGWClientException e) {
 -        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
 -      //  client = new SZRGWClient(url);
 -      //  response = client.createIdentityLinkResponse(request);
 -   // }
 -   	 
 -        
 -	return response.getAssertion();
 -	
 -  }
 +//     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
 +//
 +//    SZRGWClient client = new SZRGWClient();
 +//      
 +//    try {
 +//    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
 +//    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
 +//     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
 +//    	Logger.debug("Connection Parameters: " + connectionParameters);
 +//      client.setAddress(connectionParameters.getUrl());
 +//      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
 +//         Logger.debug("Initialisiere SSL Verbindung");
 +//         try {
 +//            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
 +//         } catch (IOException e) {
 +//            // TODO Auto-generated catch block
 +//            e.printStackTrace();
 +//         } catch (GeneralSecurityException e) {
 +//            // TODO Auto-generated catch block
 +//            e.printStackTrace();
 +//         } catch (PKIException e) {
 +//            // TODO Auto-generated catch block
 +//            e.printStackTrace();
 +//         }
 +//       }
 +//       
 +//       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
 +//      
 +//   
 +//    }
 +//   catch (ConfigurationException e) {
 +//      Logger.warn(e);
 +//      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
 +//
 +//    }
 +//    	// create request
 +//    	Document doc = buildGetIdentityLinkRequest(cert);
 +//    	Element request = doc.getDocumentElement();
 +//    	CreateIdentityLinkResponse response = null;
 +//   
 +//    //try {
 +//        response = client.createIdentityLinkResponse(request);
 +//    //} catch (SZRGWClientException e) {
 +//        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
 +//      //  client = new SZRGWClient(url);
 +//      //  response = client.createIdentityLinkResponse(request);
 +//   // }
 +//   	 
 +//        
 +//	return response.getAssertion();
 +//	
 +//  }
    /**
     * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index dff366829..23861d290 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -18,6 +18,7 @@ package at.gv.egovernment.moa.id.auth.servlet;  import java.io.IOException;  import java.util.Map; +import javax.net.ssl.SSLSocketFactory;  import javax.servlet.ServletException;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; @@ -25,6 +26,7 @@ import javax.servlet.http.HttpServletResponse;  import org.apache.commons.fileupload.FileUploadException;  import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException;  import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.ParseException;  import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -33,7 +35,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;  import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;  import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils;  import at.gv.egovernment.moa.id.util.ServletUtils;  import at.gv.egovernment.moa.logging.Logger; @@ -126,11 +131,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet {      	if (createXMLSignatureRequestOrRedirect == null) {      	   // no identity link found +    		boolean useMandate = session.getUseMandate(); +    		if (useMandate) { +    			Logger.error("Online-Mandate Mode for foreign citizencs not supported."); +    			throw new AuthenticationException("auth.13", null); +    		} +    		      		try {      		   Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); -    		// create the InfoboxReadRequest to get the certificate +    		   // create the InfoboxReadRequest to get the certificate      		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);      		   // build dataurl (to the GetForeignIDSerlvet) @@ -142,6 +153,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {            ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +                	    }      	    catch(Exception e) { @@ -150,7 +162,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet {      	}      	else { -    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); +    		boolean useMandate = session.getUseMandate(); +    		if (useMandate) { // Mandate modus +    			// read certificate and set dataurl to VerifyCertificateForMandatesServlet +    			 +    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); +    			 +     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + +     		   // build dataurl (to the GetForeignIDSerlvet) +     		   String dataurl = +                 new DataURLBuilder().buildDataURL( +                   session.getAuthURL(), +                   REQ_VERIFY_CERTIFICATE, +                   session.getSessionID()); +            +           +     		   ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +    			 +    		} +    		else { +    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); +    		}      	}      } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index a8e22562a..51551834e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.logging.Logger;
  import at.gv.egovernment.moa.util.BoolUtils;
  import at.gv.egovernment.moa.util.Constants;
 +import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.StringUtils;
  /**
 @@ -245,9 +246,13 @@ public class ParepUtils {      try {
        Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
        nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
 -
 + +      String s = DOMUtils.serializeNode(mandator); +      
        // check if physical person
 -      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
 +      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); +       +      
        // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
        // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
        return physicalPerson != null;
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 2a0126b82..9d5c0f7cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -95,7 +95,11 @@ public class ParepValidator implements InfoboxValidator {    public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
    public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
    public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
 -  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
 +  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +  public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; +   +  /** */ +  public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
    /** register and register number for non physical persons - the domain identifier for business applications*/
    public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index dbfbda535..b5275cdd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -125,6 +125,10 @@ public class ConfigurationBuilder {    public static final String AUTH_FOREIGN_IDENTITIES_XPATH =      ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities"; +  /** an XPATH-Expression */  +  public static final String AUTH_ONLINEMANDATES_XPATH = +    ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates"; +      /** an XPATH-Expression */  @@ -146,6 +150,8 @@ public class ConfigurationBuilder {    /** an XPATH-Expression */     protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";    /** an XPATH-Expression */  +  protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles"; +  /** an XPATH-Expression */     protected static final String CONNECTION_PARAMETER_URL_XPATH =      CONF + "ConnectionParameter/@URL";    /** an XPATH-Expression */  @@ -242,6 +248,18 @@ public class ConfigurationBuilder {       return buildConnectionParameter(foreignid);    } +   +  /** +   * Build a ConnectionParameter containing all information +   * of the OnlineMandates element in the authentication component +   * @return ConnectionParameter of the authentication component OnlineMandates element +   */ +  public ConnectionParameter buildOnlineMandatesConnectionParameter() { +     Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH); +     if (onlinemandates==null) return null; +     return buildConnectionParameter(onlinemandates); + +  }    /**     * Method buildAuthBKUSelectionType. @@ -529,7 +547,19 @@ public class ConfigurationBuilder {          }           Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);          oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( -          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));  +          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); +         +        Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH); +        if (mandateProfilesNode != null) { +        	if ("businessService".equalsIgnoreCase(oaType)) {        		 +        		Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed."); +                throw new ConfigurationException("config.02", null); +        	} +        	else { +        		String profiles = DOMUtils.getText(mandateProfilesNode); +        		oap.setMandateProfiles(profiles); +        	}        	 +        }                }         OA_set.add(oap);      } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6e296b4f4..ceb047280 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -165,6 +165,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {    private ConnectionParameter foreignIDConnectionParameter;    /** +   * parameter for connection to OnlineMandates Service +   */ +  private ConnectionParameter onlineMandatesConnectionParameter; +   +  /**     * Parameter for trusted BKUs     */    private List trustedBKUs; @@ -271,6 +276,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {        foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); +      onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();      	onlineApplicationAuthParameters  = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);      	identityLinkX509SubjectNames =  builder.getIdentityLink_X509SubjectNames();      	defaultChainingMode = builder.getDefaultChainingMode(); @@ -393,6 +399,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {    public ConnectionParameter getForeignIDConnectionParameter() {       return foreignIDConnectionParameter;    } +   +  /** +   * Return a ConnectionParameter bean containing all information +   * of the authentication component OnlineMandates element +   * @return ConnectionParameter of the authentication component OnlineMandates element +   */ +  public ConnectionParameter getOnlineMandatesConnectionParameter() { +     return onlineMandatesConnectionParameter; +  }    /**     * Return a string with a url-reference to the VerifyIdentityLink trust  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index c352fae6c..aa5aa21a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -89,6 +89,11 @@ public class OAAuthParameter extends OAParameter {    private VerifyInfoboxParameters verifyInfoboxParameters;    /** +   * Parameter for Mandate profiles +   */ +  private String mandateProfiles; +   +  /**     * BZ     * Type for authentication number (e.g. Firmenbuchnummer)     */ @@ -325,5 +330,21 @@ public class OAAuthParameter extends OAParameter {    public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {        this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;    } +   +  /** +   * Sets the Mandate/Profiles +   * @param profiles +   */ +  public void setMandateProfiles(String profiles) { +	  this.mandateProfiles = profiles; +  } +   +  /** +   * Returns the Mandates/Profiles +   * @return +   */ +  public String getMandateProfiles() { +	  return this.mandateProfiles; +  }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index ce15b75bd..6802005f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringEscapeUtils; +  import at.gv.egovernment.moa.id.AuthenticationException;  import at.gv.egovernment.moa.id.BuildException;  import at.gv.egovernment.moa.id.MOAIDException; @@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet {    protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {      Logger.debug("getRequestURL:" + req.getRequestURL().toString()); -  //@TODO Parameter +     +    String artifact = req.getParameter(PARAM_SAMLARTIFACT); +    artifact = StringEscapeUtils.escapeHtml(artifact); +          try { -      if (req.getParameter(PARAM_SAMLARTIFACT) != null) { +      if (artifact != null) {   		// check if SAML Artifact was already used in this session (in case of page reload)  		HttpSession session = req.getSession(); -		if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { +		if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) {  			if (session.getAttribute(ATT_BROWSERREQU)==null) {  			    tunnelRequest(req, resp);   			}else{ @@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map    Vector parameters  = new Vector(); -//@TODO Parameter    for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {      String paramName = (String) enu.nextElement();      if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 79db9907b..d35fc875d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -446,6 +446,9 @@ public class ParamValidatorUtils {     public static boolean isValidXMLDocument(String document) {
 +	   if (document == null)
 +		   return false;
 +	   
  	   Logger.debug("Überprüfe Parameter XMLDocument");
  	   try {   
  		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 1915ce40a..24e5ff3d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -64,7 +64,8 @@ public class ServletUtils {        out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
        out.flush();
        out.close();
 -      Logger.debug("Finished POST " + servletName);
 +      Logger.debug("Finished POST " + servletName); +      
      } else {
        String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
        resp.setContentType("text/html");
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java new file mode 100644 index 000000000..59ca0d5ca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple;
 +
 +public class MISMandate {
 +
 +	final static private String OID_NOTAR = "1.2.40.0.10.3.1";
 +	final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
 +	
 +	final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
 +	final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
 +	
 +	final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
 +	final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
 +
 +	final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";
 +	final static private String TEXT_ORGANWALTER = "Organwalter";
 +	
 +	
 +	private String oid = null;
 +	private byte[] mandate = null;
 +	
 +	public String getProfRep() {
 +  	return oid;
 +  }
 +	public void setProfRep(String oid) {
 +  	this.oid = oid;
 +  }
 +	public byte[] getMandate() {
 +  	return mandate;
 +  }
 +	public void setMandate(byte[] mandate) {
 +  	this.mandate = mandate;
 +  }
 +	
 +	public String getTextualDescriptionOfOID() {
 +		if (this.oid.equalsIgnoreCase(OID_NOTAR))
 +			return TEXT_NOTAR;
 +		if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
 +			return TEXT_RECHTSANWALT;
 +		if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
 +			return TEXT_ZIVILTECHNIKER;
 +		if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
 +			return TEXT_ORGANWALTER;
 +		
 +		return "Keine textuelle Beschreibung für OID " + oid;
 +		
 +	}
 +
 +}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java new file mode 100644 index 000000000..d8bec4900 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple;
 +
 +public class MISSessionId {
 +
 +	private String sessiondId = null;
 +	private String redirectURL = null;
 +	
 +	public String getSessiondId() {
 +  	return sessiondId;
 +  }
 +	public void setSessiondId(String sessiondId) {
 +  	this.sessiondId = sessiondId;
 +  }
 +	public String getRedirectURL() {
 +  	return redirectURL;
 +  }
 +	public void setRedirectURL(String redirectURL) {
 +  	this.redirectURL = redirectURL;
 +  }
 +
 +	
 +}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java new file mode 100644 index 000000000..25c341584 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -0,0 +1,261 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple;
 +
 +import java.io.BufferedReader;
 +import java.io.IOException;
 +import java.io.InputStream;
 +import java.io.InputStreamReader;
 +import java.util.ArrayList;
 +import java.util.List;
 +
 +import javax.net.ssl.SSLSocketFactory;
 +import javax.xml.parsers.DocumentBuilderFactory;
 +import javax.xml.parsers.ParserConfigurationException;
 +import javax.xml.transform.TransformerException;
 +
 +import org.apache.commons.codec.binary.Base64;
 +import org.apache.commons.httpclient.HttpClient;
 +import org.apache.commons.httpclient.methods.PostMethod;
 +import org.apache.commons.httpclient.methods.StringRequestEntity;
 +import org.apache.commons.httpclient.protocol.Protocol;
 +import org.apache.xerces.parsers.DOMParser;
 +import org.apache.xpath.XPathAPI;
 +import org.w3c.dom.DOMException;
 +import org.w3c.dom.Document;
 +import org.w3c.dom.Element;
 +import org.w3c.dom.Node;
 +import org.w3c.dom.NodeList;
 +import org.xml.sax.InputSource;
 +import org.xml.sax.SAXException;
 +import org.xml.sax.SAXNotRecognizedException;
 +import org.xml.sax.SAXNotSupportedException;
 +
 +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
 +import at.gv.egovernment.moa.logging.Logger;
 +import at.gv.egovernment.moa.util.DOMUtils;
 +
 +
 +public class MISSimpleClient {
 +
 +		
 +	private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
 +	private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd";
 +	
 +	private static Element NS_NODE = null;
 +	
 +		
 +	static {
 +		try {
 +			NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test");
 +			NS_NODE.setAttribute("xmlns:soap", SOAP_NS);
 +			NS_NODE.setAttribute("xmlns:mis", MIS_NS);
 +		} catch (Exception e) {
 +			Logger.warn("Error initializing namespace node.", e);
 +		}
 +	}
 +	
 +	public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
 +		if (webServiceURL == null) {
 +			throw new NullPointerException("Argument webServiceURL must not be null.");
 +		}
 +		if (sessionId == null) {
 +			throw new NullPointerException("Argument sessionId must not be null.");
 +		}
 +		
 +		// ssl settings
 +		if (sSLSocketFactory != null) {
 +	        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
 +	        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
 +		}
 +
 +		
 +		try {
 +			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
 +			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
 +			Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID");
 +			sessionIdElement.appendChild(doc.createTextNode(sessionId));
 +			mirElement.appendChild(sessionIdElement);
 +	    
 +			// send soap request
 +			Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
 +	    
 +			// check for error
 +			checkForError(mandateIssueResponseElement);
 +	    
 +			// check for session id
 +			NodeList mandateElements  = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE);
 +	    
 +			if (mandateElements == null || mandateElements.getLength() == 0) {
 +				throw new MISSimpleClientException("No mandates found in response.");
 +			}
 +	    
 +			ArrayList foundMandates = new ArrayList();
 +			for (int i=0; i<mandateElements.getLength(); i++) {
 +				Element mandate = (Element) mandateElements.item(i);
 +				MISMandate misMandate = new MISMandate();
 +				if (mandate.hasAttribute("ProfessionalRepresentative")) {
 +					misMandate.setProfRep(mandate.getAttribute("ProfessionalRepresentative"));
 +				}
 +				
 +				//misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate)));
 +				misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes()));
 +				foundMandates.add(misMandate);
 +			}
 +			return foundMandates;
 +		} catch (ParserConfigurationException e) {
 +			throw new MISSimpleClientException(e);
 +		} catch (DOMException e) {
 +			throw new MISSimpleClientException(e);
 +		} catch (TransformerException e) {
 +			throw new MISSimpleClientException(e);
 +		} 
 +	}
 +	
 +	public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String redirectURL, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
 +		if (webServiceURL == null) {
 +			throw new NullPointerException("Argument webServiceURL must not be null.");
 +		}
 +		if (idl == null) {
 +			throw new NullPointerException("Argument idl must not be null.");
 +		}
 +		if (redirectURL == null) {
 +			throw new NullPointerException("Argument redirectURL must not be null.");
 +		}
 +		
 +		// ssl settings
 +		if (sSLSocketFactory != null) {
 +	        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
 +	        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
 +		}
 +		
 +		try {
 +			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
 +			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
 +			Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
 +	    
 +			idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
 +			mirElement.appendChild(idlElement);
 +
 +			if (cert != null && cert.length > 0) {
 +				Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate");
 +				certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
 +				//certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert)));
 +				//	    	certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
 +				mirElement.appendChild(certElement);
 +			}
 +			Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL");
 +			redirectElement.appendChild(doc.createTextNode(redirectURL));
 +			mirElement.appendChild(redirectElement);
 +			if (mandateIdentifier != null && mandateIdentifier.length > 0) {
 +				Element filtersElement = doc.createElementNS(MIS_NS, "Filters");
 +				Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers");
 +				for (int i=0; i<mandateIdentifier.length; i++) {
 +					Element mandateIdentifierElement = doc.createElementNS(MIS_NS, "MandateIdentifier");
 +					mandateIdentifierElement.appendChild(doc.createTextNode(mandateIdentifier[i]));
 +					mandateIdentifiersElement.appendChild(mandateIdentifierElement);
 +				}
 +				filtersElement.appendChild(mandateIdentifiersElement);
 +				mirElement.appendChild(filtersElement);
 +			}
 +			// send soap request
 +			Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
 +
 +			// check for error
 +			checkForError(mandateIssueResponseElement);
 +	    
 +			// check for session id
 +			//String sessionId = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "/mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE)).getNodeValue();
 +			Node sessionIdNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE));
 +			if (sessionIdNode == null) {
 +				throw new MISSimpleClientException("SessionId not found in response.");
 +			}
 +			String sessionId = sessionIdNode.getNodeValue();
 +
 +			Node guiRedirectURLNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:GuiRedirectURL/text()", NS_NODE));
 +			if (guiRedirectURLNode == null) {
 +				throw new MISSimpleClientException("GuiRedirectURL not found in response.");
 +			}
 +			String guiRedirectURL = guiRedirectURLNode.getNodeValue();
 +	    
 +			// create return object
 +			MISSessionId msid = new MISSessionId();
 +			msid.setSessiondId(sessionId);
 +			msid.setRedirectURL(guiRedirectURL);
 +	    
 +			return msid;
 +		} catch (ParserConfigurationException e) {
 +			throw new MISSimpleClientException(e);
 +		} catch (DOMException e) {
 +			throw new MISSimpleClientException(e);
 +		} catch (TransformerException e) {
 +			throw new MISSimpleClientException(e);
 +		}
 +		
 +	}
 +	
 +	private static void checkForError(Element mandateIssueResponseElement) throws MISSimpleClientException {
 +		if (mandateIssueResponseElement == null) {
 +			throw new NullPointerException("Argument mandateIssueResponseElement must not be null.");
 +		}
 +		try {
 +		    Element errorElement = (Element) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error", NS_NODE);
 +		    if (errorElement != null) {
 +		    	String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
 +		    	String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
 +		    	throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text);	    }
 +		} catch (TransformerException e) {
 +			throw new MISSimpleClientException(e);
 +		}
 +	}
 +	
 +	private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
 +		if (webServiceURL == null) {
 +			throw new NullPointerException("Argument webServiceURL must not be null.");
 +		}
 +		if (request == null) {
 +			throw new NullPointerException("Argument request must not be null.");
 +		}
 +		try {
 +			HttpClient httpclient = new HttpClient();
 +			PostMethod post = new PostMethod(webServiceURL);
 +			StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
 +			post.setRequestEntity(re);
 +			int responseCode = httpclient.executeMethod(post);			
 +			if (responseCode != 200) {
 +				throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
 +			}
 +			//Element elem = parse(post.getResponseBodyAsStream());
 +			Document doc = DOMUtils.parseDocumentSimple(post.getResponseBodyAsStream());
 +			return unpackFromSOAP(doc.getDocumentElement());
 +		} catch(IOException e) {
 +			throw new MISSimpleClientException(e);
 +		} catch (TransformerException e) {
 +			throw new MISSimpleClientException(e);
 +		} catch (SAXException e) {
 +			throw new MISSimpleClientException(e);
 +		} catch (ParserConfigurationException e) {
 +			throw new MISSimpleClientException(e);
 +		}
 +	}
 +	
 +	private static Element packIntoSOAP(Element element) throws MISSimpleClientException {
 +		try {
 +			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
 +			Element soapEnvelope = doc.createElement("Envelope");
 +			soapEnvelope.setAttribute("xmlns", SOAP_NS);
 +			Element soapBody = doc.createElement("Body");
 +			soapEnvelope.appendChild(soapBody);
 +			soapBody.appendChild(doc.importNode(element, true));
 +			return soapEnvelope;
 +		} catch(ParserConfigurationException e) {
 +			throw new MISSimpleClientException(e);
 +		}
 +	}
 +	
 +	private static Element unpackFromSOAP(Element element) throws MISSimpleClientException {
 +		try {
 +			return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);
 +		} catch(TransformerException e) {
 +			throw new MISSimpleClientException(e);
 +		}
 +	}	
 +}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java new file mode 100644 index 000000000..6f2627e1d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple;
 +
 +public class MISSimpleClientException extends Exception {
 +
 +	private static final long serialVersionUID = 1L;
 +
 +	public MISSimpleClientException() {
 +	}
 +
 +	public MISSimpleClientException(String message) {
 +		super(message);
 +	}
 +
 +	public MISSimpleClientException(Throwable cause) {
 +		super(cause);
 +	}
 +
 +	public MISSimpleClientException(String message, Throwable cause) {
 +		super(message, cause);
 +	}
 +
 +}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 14e4d5347..f206f6bbb 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -30,6 +30,10 @@ auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung  auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
  auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
  auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
 +auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt.
 +auth.14=Zertifikat konnte nicht ausgelesen werden.
 +auth.15=Fehler bei Anfrage an Vollmachten Service.
 +auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
  init.00=MOA ID Authentisierung wurde erfolgreich gestartet
  init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
 diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java index 6ab9c9679..4293fc477 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java @@ -37,7 +37,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          "http://localhost:9080/", //oaURL          "file:" + findXmldata("AuthTemplate.html"),           "http://localhost:3495/http-security-layer-request", -         null, null); +         null, null, null);        htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");        //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));        assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -55,7 +55,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          "gb", //target          "http://localhost:9080/", //oaURL          null,  -        "http://localhost:3495/http-security-layer-request", null, null); +        "http://localhost:3495/http-security-layer-request", null, null, null);        htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");        //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));        assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -75,7 +75,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          "file:" + findXmldata("AuthTemplate.html"),            null,           null, -         null); +         null, null);        htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");        //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));        assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -93,7 +93,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          server.startAuthentication(null, //authURL          "gb", //target          "http://localhost:9080/", //oaURL -        null, null, null, null); +        null, null, null, null, null);          //assertEquals("",htmlForm);            System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen"); @@ -113,7 +113,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("http://localhost:8080/auth", //authURL          "gb", "http://localhost:9080/", //oaURL -        null, null, null, null); +        null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } @@ -131,7 +131,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("https://localhost:8443/auth", //authURL          "gb", "http://host_not_in_config/", //oaURL -        null, null, null, null); +        null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } @@ -150,7 +150,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("https://localhost:8443/auth", //authURL          "gb", null, //oaURL -        null, null, null, null); +        null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } @@ -169,7 +169,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("https://localhost:8443/auth", //authURL          null, "http://localhost:9080/", //oaURL -        null, null, null, null); +        null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java index 23130f4c8..4ef3ad92f 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java @@ -131,6 +131,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {        null,        null,        null, +      null,        null);      String sessionID = parseSessionIDFromForm(htmlForm);      return sessionID; diff --git a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java index ab2781590..248e5cc33 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java @@ -14,19 +14,8 @@  * limitations under the License.  */  package test.abnahme.P; -import java.util.Map; - -import sun.misc.BASE64Decoder;  import test.abnahme.AbnahmeTestCase; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; -import at.gv.egovernment.moa.util.Base64Utils; -  /**   * @author Stefan Knirsch   * @version $Id$ @@ -35,127 +24,127 @@ import at.gv.egovernment.moa.util.Base64Utils;  public class Test100LoginParameterResolver extends AbnahmeTestCase { -  private static final String CLIENT_IP_ADDRESS = "56.246.75.11"; -  private OAConfiguration oaConf; -  private LoginParameterResolver lpr; - +//  private static final String CLIENT_IP_ADDRESS = "56.246.75.11"; +//  private OAConfiguration oaConf; +//  private LoginParameterResolver lpr; +//    public Test100LoginParameterResolver(String name) {      super(name);    } - -  private void setUp(String publicURLPrefix) -    throws Exception { -       -    // get configuration data -    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); -    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix); -    oaConf = oaParam.getOaConfiguration(); -    System.out.println("Parameterübergabe: " + oaConf.getAuthType()); - -    // get login parameter resolver -    LoginParameterResolverFactory.initialize(); -    lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); -  } -  public void testP101() throws Exception { -    try { -      // read configuration and set up LoginParameterResolver -      setUp("https://testP101:9443/"); -      if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) -        fail(); - -      // assemble authentication data -      AuthenticationData authData = new AuthenticationData(); -      authData.setFamilyName("Huber"); -      authData.setGivenName("Hugo"); - -      // resolve login headers -      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); - -      // validate login headers -      assertEquals(1, loginHeaders.keySet().size()); -      System.out.println("Header Authorization: " + loginHeaders.get("Authorization")); -      System.out.println("Decoded UserID:Password " +  -        new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6)))); -      String userIDPassword = "Hugo:Huber"; -      String credentials = Base64Utils.encode(userIDPassword.getBytes()); -      assertEquals("Basic " + credentials, loginHeaders.get("Authorization")); -      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); -    } -    catch (Exception e) { -      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); -      throw e; -    } - -  } -  public void testP102() throws Exception { -    try { -      // read configuration and set up LoginParameterResolver -      setUp("https://testP102:9443/"); -      if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) -        fail(); - -      // assemble authentication data -      AuthenticationData authData = new AuthenticationData(); -      String DATE_OF_BIRTH = "1963-12-29"; -      String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw="; -      authData.setDateOfBirth(DATE_OF_BIRTH); -      authData.setBPK(VPK); - -      // resolve login parameters -      Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); - -      // validate login headers -      assertEquals(2, loginParameters.keySet().size()); -      System.out.println("Param1: " + loginParameters.get("Param1")); -      System.out.println("Param2: " + loginParameters.get("Param2")); -      assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1")); -      assertEquals(VPK, loginParameters.get("Param2")); -      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); -    } -    catch (Exception e) { -      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); -      throw e; -    } -  } - -  public void testP103() throws Exception { -    try { -      // read configuration and set up LoginParameterResolver -      setUp("https://localhost:9443/"); -      if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) -        fail(); - -      // assemble authentication data -      AuthenticationData authData = new AuthenticationData(); -      boolean PUBLIC_AUTH = true; -      String BKZ = "FinanzamtWien23Leitstelle"; -      boolean QUAL_CERT = false; -      String STAMMZAHL = "3456789012"; -      authData.setPublicAuthority(PUBLIC_AUTH); -      authData.setPublicAuthorityCode(BKZ); -      authData.setQualifiedCertificate(QUAL_CERT); -      authData.setIdentificationValue(STAMMZAHL); - -      // resolve login headers -      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); - -      // validate login headers -      assertEquals(5, loginHeaders.keySet().size()); -      System.out.println("Header Param1: " + loginHeaders.get("Param1")); -      System.out.println("Header Param2: " + loginHeaders.get("Param2")); -      System.out.println("Header Param3: " + loginHeaders.get("Param3")); -      System.out.println("Header Param4: " + loginHeaders.get("Param4")); -      System.out.println("Header Param5: " + loginHeaders.get("Param5")); -      assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1")); -      assertEquals(BKZ, loginHeaders.get("Param2")); -      assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3")); -      assertEquals(STAMMZAHL, loginHeaders.get("Param4")); -      assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5")); -      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); -    } -    catch (Exception e) { -      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); -      throw e; -    } -  } +// +//  private void setUp(String publicURLPrefix) +//    throws Exception { +//       +//    // get configuration data +//    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); +//    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix); +//    oaConf = oaParam.getOaConfiguration(); +//    System.out.println("Parameterübergabe: " + oaConf.getAuthType()); +// +//    // get login parameter resolver +//    LoginParameterResolverFactory.initialize(); +//    lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); +//  } +//  public void testP101() throws Exception { +//    try { +//      // read configuration and set up LoginParameterResolver +//      setUp("https://testP101:9443/"); +//      if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) +//        fail(); +// +//      // assemble authentication data +//      AuthenticationData authData = new AuthenticationData(); +//      authData.setFamilyName("Huber"); +//      authData.setGivenName("Hugo"); +// +//      // resolve login headers +//      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); +// +//      // validate login headers +//      assertEquals(1, loginHeaders.keySet().size()); +//      System.out.println("Header Authorization: " + loginHeaders.get("Authorization")); +//      System.out.println("Decoded UserID:Password " +  +//        new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6)))); +//      String userIDPassword = "Hugo:Huber"; +//      String credentials = Base64Utils.encode(userIDPassword.getBytes()); +//      assertEquals("Basic " + credentials, loginHeaders.get("Authorization")); +//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); +//    } +//    catch (Exception e) { +//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); +//      throw e; +//    } +// +//  } +//  public void testP102() throws Exception { +//    try { +//      // read configuration and set up LoginParameterResolver +//      setUp("https://testP102:9443/"); +//      if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) +//        fail(); +// +//      // assemble authentication data +//      AuthenticationData authData = new AuthenticationData(); +//      String DATE_OF_BIRTH = "1963-12-29"; +//      String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw="; +//      authData.setDateOfBirth(DATE_OF_BIRTH); +//      authData.setBPK(VPK); +// +//      // resolve login parameters +//      Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); +// +//      // validate login headers +//      assertEquals(2, loginParameters.keySet().size()); +//      System.out.println("Param1: " + loginParameters.get("Param1")); +//      System.out.println("Param2: " + loginParameters.get("Param2")); +//      assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1")); +//      assertEquals(VPK, loginParameters.get("Param2")); +//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); +//    } +//    catch (Exception e) { +//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); +//      throw e; +//    } +//  } +// +//  public void testP103() throws Exception { +//    try { +//      // read configuration and set up LoginParameterResolver +//      setUp("https://localhost:9443/"); +//      if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) +//        fail(); +// +//      // assemble authentication data +//      AuthenticationData authData = new AuthenticationData(); +//      boolean PUBLIC_AUTH = true; +//      String BKZ = "FinanzamtWien23Leitstelle"; +//      boolean QUAL_CERT = false; +//      String STAMMZAHL = "3456789012"; +//      authData.setPublicAuthority(PUBLIC_AUTH); +//      authData.setPublicAuthorityCode(BKZ); +//      authData.setQualifiedCertificate(QUAL_CERT); +//      authData.setIdentificationValue(STAMMZAHL); +// +//      // resolve login headers +//      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); +// +//      // validate login headers +//      assertEquals(5, loginHeaders.keySet().size()); +//      System.out.println("Header Param1: " + loginHeaders.get("Param1")); +//      System.out.println("Header Param2: " + loginHeaders.get("Param2")); +//      System.out.println("Header Param3: " + loginHeaders.get("Param3")); +//      System.out.println("Header Param4: " + loginHeaders.get("Param4")); +//      System.out.println("Header Param5: " + loginHeaders.get("Param5")); +//      assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1")); +//      assertEquals(BKZ, loginHeaders.get("Param2")); +//      assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3")); +//      assertEquals(STAMMZAHL, loginHeaders.get("Param4")); +//      assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5")); +//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); +//    } +//    catch (Exception e) { +//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); +//      throw e; +//    } +//  }  } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java index f873f2c3f..db7aa9719 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java @@ -45,7 +45,7 @@ public class AuthenticationServerTest extends UnitTestCase {    public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {    	String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";    	AuthenticationServer server = AuthenticationServer.getInstance(); -  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null); +  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null, null);    	String sessionID = parseSessionIDFromForm(htmlForm);    	String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");      HashMap parameters = new HashMap(1); | 
