aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2014-01-23 14:44:14 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2014-01-27 16:43:21 +0100
commitf5a9a02b839f036eb0ebaa6c58526a2483a3d4b7 (patch)
treead2553e41a6f131545f47034e864ad8cd86199c7 /id/server
parentbb986a1225a594cf72572af8cbf0edb14039b5c1 (diff)
downloadmoa-id-spss-f5a9a02b839f036eb0ebaa6c58526a2483a3d4b7.tar.gz
moa-id-spss-f5a9a02b839f036eb0ebaa6c58526a2483a3d4b7.tar.bz2
moa-id-spss-f5a9a02b839f036eb0ebaa6c58526a2483a3d4b7.zip
natural person should work
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java10
2 files changed, 53 insertions, 50 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index df93f4d85..653f40670 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -11,7 +11,6 @@ import javax.servlet.http.HttpSession;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -30,19 +29,21 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.mw.messages.saml.STORKResponse;
-import eu.stork.vidp.messages.util.XMLUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* Endpoint for receiving STORK response messages
*/
public class PEPSConnectorServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
-
+
public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";
-
+
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@@ -89,33 +90,35 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
//extract STORK Response from HTTP Request
- STORKResponse storkResponse = null;
+ //Decodes SAML Response
+ byte[] decSamlToken;
try {
- storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response);
- } catch (STORKException e) {
+ decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+ } catch(NullPointerException e) {
Logger.error("Unable to retrieve STORK Response", e);
throw new MOAIDException("stork.04", null);
}
-
- Logger.info("STORK SAML Response message succesfully extracted");
- Logger.debug("STORK response (pretty print): ");
- Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM()));
- Logger.trace("STORK response (original): ");
- Logger.trace(XMLUtil.printXML(storkResponse.getDOM()));
-
- Logger.debug("Starting validation of SAML response");
- //verify SAML response
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0");
+
+ STORKAuthnResponse authnResponse = null;
try {
- STORKResponseProcessor.verifySTORKResponse(storkResponse);
- } catch (STORKException e) {
+ //validate SAML Token
+ Logger.debug("Starting validation of SAML response");
+ authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ Logger.info("SAML response succesfully verified!");
+ }catch(STORKSAMLEngineException e){
Logger.error("Failed to verify STORK SAML Response", e);
throw new MOAIDException("stork.05", null);
}
-
- Logger.info("SAML response succesfully verified!");
-
- String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue();
-
+
+ Logger.info("STORK SAML Response message succesfully extracted");
+ Logger.debug("STORK response: ");
+ Logger.debug(authnResponse.toString());
+
+ String statusCodeValue = authnResponse.getStatusCode();
+
if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
@@ -136,26 +139,26 @@ public class PEPSConnectorServlet extends AuthServlet {
}
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
- Logger.debug("Starting validation of SAML assertion");
- //verify SAML assertion
- Assertion storkAssertion = storkResponse.getAssertions().get(0);
- try {
- STORKResponseProcessor.verifySTORKAssertion(
- storkAssertion, //assertion
- request.getRemoteAddr(), //IP address of user
- storkAuthnRequest.getID(), //ID of STORK AuthnRequest
- request.getRequestURL().toString(), //destination
- HTTPUtils.getBaseURL(request), //audience
- storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
- } catch (STORKException e) {
- Logger.error("Failed to verify STORK SAML Assertion", e);
- throw new MOAIDException("stork.08", null);
- }
-
- Logger.info("SAML assertion succesfully verified!");
-
- Logger.debug("Starting extraction of signedDoc attribute");
+
+// Logger.debug("Starting validation of SAML assertion");
+// //verify SAML assertion
+ Assertion storkAssertion = authnResponse.getAssertions().get(0);
+// try {
+// STORKResponseProcessor.verifySTORKAssertion(
+// storkAssertion, //assertion
+// request.getRemoteAddr(), //IP address of user
+// storkAuthnRequest.getID(), //ID of STORK AuthnRequest
+// request.getRequestURL().toString(), //destination
+// HTTPUtils.getBaseURL(request), //audience
+// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
+// } catch (STORKException e) {
+// Logger.error("Failed to verify STORK SAML Assertion", e);
+// throw new MOAIDException("stork.08", null);
+// }
+//
+// Logger.info("SAML assertion succesfully verified!");
+
+ Logger.debug("Starting extraction of signedDoc attribute");
//extract signed doc element and citizen signature
Element citizenSignature = null;
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index a6e595239..e47a43c90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -305,9 +305,9 @@ public class STORKResponseProcessor {
public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {
Logger.trace("Calling SZR Gateway with the following attributes:");
- String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber);
-
+ String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
+ Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier);
+
String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);
Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);
@@ -325,8 +325,8 @@ public class STORKResponseProcessor {
IdentityLink identityLink = null;
try {
Logger.trace("Starting call...");
- response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature);
- if (response.isError()) {
+ response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
+ if (response.isError()) {
Logger.error("Receveid ErrorResponse from SZR Gateway.");
throw new SZRGWClientException(response.getError());
}