diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-09-14 13:29:32 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-09-14 13:29:32 +0200 |
commit | 76bae60e9bda1acb7ee0e3d45ab187749d16bf82 (patch) | |
tree | ba22e87aeee1330e70e702dcfb4612fd951e6c7a /id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java | |
parent | 1131cdf040e608c3f79dd8987ec3b8444fc9bf0d (diff) | |
download | moa-id-spss-76bae60e9bda1acb7ee0e3d45ab187749d16bf82.tar.gz moa-id-spss-76bae60e9bda1acb7ee0e3d45ab187749d16bf82.tar.bz2 moa-id-spss-76bae60e9bda1acb7ee0e3d45ab187749d16bf82.zip |
move citizen-card authentication and validation (Security-layer communication) to discrete module
Diffstat (limited to 'id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java')
-rw-r--r-- | id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java | 359 |
1 files changed, 359 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java new file mode 100644 index 000000000..e346c8bee --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -0,0 +1,359 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.util.client.mis.simple; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import javax.net.ssl.SSLSocketFactory; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.httpclient.HostConfiguration; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.methods.StringRequestEntity; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + + +public class MISSimpleClient { + + + private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd"; + + private static Element NS_NODE = null; + + + static { + try { + NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test"); + NS_NODE.setAttribute("xmlns:soap", SOAP_NS); + NS_NODE.setAttribute("xmlns:mis", MIS_NS); + } catch (Exception e) { + Logger.warn("Error initializing namespace node.", e); + } + } + + public static List<MISMandate> sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + if (webServiceURL == null) { + throw new NullPointerException("Argument webServiceURL must not be null."); + } + if (sessionId == null) { + throw new NullPointerException("Argument sessionId must not be null."); + } + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + + try { + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); + Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID"); + sessionIdElement.appendChild(doc.createTextNode(sessionId)); + mirElement.appendChild(sessionIdElement); + + // send soap request + Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); + + // check for error + checkForError(mandateIssueResponseElement); + + // check for session id + NodeList mandateElements = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE); + + if (mandateElements == null || mandateElements.getLength() == 0) { + throw new MISSimpleClientException("No mandates found in response."); + } + + ArrayList<MISMandate> foundMandates = new ArrayList<MISMandate>(); + for (int i=0; i<mandateElements.getLength(); i++) { + Element mandate = (Element) mandateElements.item(i); + + MISMandate misMandate = new MISMandate(); + if (mandate.hasAttribute("ProfessionalRepresentative")) { +// System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative")); + misMandate.setProfRep(mandate.getAttribute("ProfessionalRepresentative")); + } + if (mandate.hasAttribute("OWbPK")) { + misMandate.setOWbPK(mandate.getAttribute("OWbPK")); +// System.out.println("OWBPK: " + mandate.getAttribute("OWbPK")); + } + + //misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate))); + misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes())); + misMandate.setFullMandateIncluded(true); + + foundMandates.add(misMandate); + } + return foundMandates; + } catch (ParserConfigurationException e) { + throw new MISSimpleClientException("service.06", e); + } catch (DOMException e) { + throw new MISSimpleClientException("service.06", e); + } catch (TransformerException e) { + throw new MISSimpleClientException("service.06", e); + } + } + + public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, byte[] authBlock, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + if (webServiceURL == null) { + throw new MISSimpleClientException("service.04"); + } + if (idl == null) { + throw new NullPointerException("Argument idl must not be null."); + } + if (redirectURL == null) { + throw new NullPointerException("Argument redirectURL must not be null."); + } + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + try { + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); + Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink"); + + + idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl)))); + mirElement.appendChild(idlElement); + + if (cert != null && cert.length > 0) { + Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate"); + certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + //certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert))); + // certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + mirElement.appendChild(certElement); + } + + if (!StringUtils.isEmpty(oaFriendlyName)) { + Element oaFriendlyNameElement = doc.createElementNS(MIS_NS, "OAFriendlyName"); + oaFriendlyNameElement.appendChild(doc.createTextNode(oaFriendlyName)); + mirElement.appendChild(oaFriendlyNameElement); + } + + Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL"); + redirectElement.appendChild(doc.createTextNode(redirectURL)); + mirElement.appendChild(redirectElement); + + Element referenceValueElement = doc.createElementNS(MIS_NS, "ReferenceValue"); + referenceValueElement.appendChild(doc.createTextNode(referenceValue)); + mirElement.appendChild(referenceValueElement); + + if (mandateIdentifier != null && mandateIdentifier.size() > 0) { + Element filtersElement = doc.createElementNS(MIS_NS, "Filters"); + Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers"); + for (int i=0; i<mandateIdentifier.size(); i++) { + Element mandateIdentifierElement = doc.createElementNS(MIS_NS, "MandateIdentifier"); + mandateIdentifierElement.appendChild(doc.createTextNode(mandateIdentifier.get(i))); + mandateIdentifiersElement.appendChild(mandateIdentifierElement); + } + filtersElement.appendChild(mandateIdentifiersElement); + mirElement.appendChild(filtersElement); + } + + //add Target element + Element targetElement = doc.createElementNS(MIS_NS, "Target"); + Element targetTypeElement = doc.createElementNS(MIS_NS, "Type"); + targetTypeElement.appendChild(doc.createTextNode(targetType)); + targetElement.appendChild(targetTypeElement); + mirElement.appendChild(targetElement); + + //add AuthBlock element + Element authBlockElement = doc.createElementNS(MIS_NS, "authBlock"); + authBlockElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(authBlock)))); + mirElement.appendChild(authBlockElement); + + // send soap request + Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); + + // check for error + checkForError(mandateIssueResponseElement); + + // check for session id + //String sessionId = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "/mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE)).getNodeValue(); + Node sessionIdNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE)); + if (sessionIdNode == null) { + throw new MISSimpleClientException("SessionId not found in response."); + } + String sessionId = sessionIdNode.getNodeValue(); + + Node guiRedirectURLNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:GuiRedirectURL/text()", NS_NODE)); + if (guiRedirectURLNode == null) { + throw new MISSimpleClientException("GuiRedirectURL not found in response."); + } + String guiRedirectURL = guiRedirectURLNode.getNodeValue(); + + // create return object + MISSessionId msid = new MISSessionId(); + msid.setSessiondId(sessionId); + msid.setRedirectURL(guiRedirectURL); + + return msid; + } catch (ParserConfigurationException e) { + throw new MISSimpleClientException("service.06", e); + } catch (DOMException e) { + throw new MISSimpleClientException("service.06", e); + } catch (TransformerException e) { + throw new MISSimpleClientException("service.06", e); + } + + } + + private static void checkForError(Element mandateIssueResponseElement) throws MISSimpleClientException { + if (mandateIssueResponseElement == null) { + throw new NullPointerException("Argument mandateIssueResponseElement must not be null."); + } + try { + Element errorElement = (Element) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error", NS_NODE); + if (errorElement != null) { + String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue(); + String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue(); + throw new MISSimpleClientException("service.05", code, text); } + + } catch (TransformerException e) { + throw new MISSimpleClientException("auth.15", e); + } + } + + private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException { + +// try { +// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request)); +// } catch (TransformerException e1) { +// e1.printStackTrace(); +// } catch (IOException e1) { +// e1.printStackTrace(); +// } + + if (webServiceURL == null) { + throw new NullPointerException("Argument webServiceURL must not be null."); + } + if (request == null) { + throw new NullPointerException("Argument request must not be null."); + } + try { + HttpClient httpclient = HttpClientWithProxySupport.getHttpClient(); + PostMethod post = new PostMethod(webServiceURL); + StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8"); + post.setRequestEntity(re); + int responseCode = httpclient.executeMethod(post); + + if (responseCode != 200) { + throw new MISSimpleClientException("Invalid HTTP response code " + responseCode); + } + //Element elem = parse(post.getResponseBodyAsStream()); + Document doc = DOMUtils.parseDocumentSimple(post.getResponseBodyAsStream()); + return unpackFromSOAP(doc.getDocumentElement()); + + } catch(IOException e) { + throw new MISSimpleClientException("service.04", e); + + } catch (TransformerException e) { + throw new MISSimpleClientException("service.06", e); + + } catch (SAXException e) { + throw new MISSimpleClientException("service.06", e); + + } catch (ParserConfigurationException e) { + throw new MISSimpleClientException("service.06", e); + + } catch (Exception e) { + throw new MISSimpleClientException("service.06", e); + + } + + } + + private static Element packIntoSOAP(Element element) throws MISSimpleClientException { + try { + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + Element soapEnvelope = doc.createElement("Envelope"); + soapEnvelope.setAttribute("xmlns", SOAP_NS); + Element soapBody = doc.createElement("Body"); + soapEnvelope.appendChild(soapBody); + soapBody.appendChild(doc.importNode(element, true)); + return soapEnvelope; + } catch(ParserConfigurationException e) { + throw new MISSimpleClientException("service.06", e); + } + } + + private static Element unpackFromSOAP(Element element) throws MISSimpleClientException { + try { + return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE); + } catch(TransformerException e) { + throw new MISSimpleClientException("service.06", e); + } + } +} |