aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-07-17 11:41:14 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-07-17 11:41:14 +0200
commit59dee0f36a25d0c5f19d5d5d5652c3d919956cde (patch)
tree3c2927f5a4a2511b7c403dd592f64fab079f4919 /id
parent2a5dc4175eeb29331b1af83b0e03fa965d447533 (diff)
parentb92da70a3071e1dbf910ee38ff4efbe61ecc8be6 (diff)
downloadmoa-id-spss-59dee0f36a25d0c5f19d5d5d5652c3d919956cde.tar.gz
moa-id-spss-59dee0f36a25d0c5f19d5d5d5652c3d919956cde.tar.bz2
moa-id-spss-59dee0f36a25d0c5f19d5d5d5652c3d919956cde.zip
Merge first STORK 2 changes
Conflicts: id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java pom.xml
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/pom.xml6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java5
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml2
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml7
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml2
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml4
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml7
-rw-r--r--id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml4
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml7
-rw-r--r--id/server/idserverlib/pom.xml24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java102
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java73
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java24
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties5
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html20
-rw-r--r--id/server/moa-id-commons/pom.xml10
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java2
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java26
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java2
28 files changed, 342 insertions, 113 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 423d442d0..aa4c9055c 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -144,7 +144,11 @@
</exclusion>
</exclusions>
</dependency>
-
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>openws</artifactId>
+ <version>${openws-version}</version>
+ </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java
index 65115300e..0f21a9d0d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVP2Utils.java
@@ -125,7 +125,10 @@ public class PVP2Utils {
log.warn("Encode PVP 2.1 message FAILED.", e);
throw new PVP2Exception("Encode PVP 2.1 message FAILED.", e);
- }
+ } catch (Exception ex) {
+ log.warn("Initialization exception", ex);
+ throw new PVP2Exception("Initializing Velocity engine FAILED.", ex);
+ }
}
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 54debca81..8f01ca22b 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -74,7 +74,7 @@
<to type="forward">/dispatcher?mod=id_stork2&amp;action=AttributeCollector&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/stork2/CompleteAuthentication$</from>
+ <from>^/stork2/GetConsent$</from>
<to type="forward">/dispatcher?mod=id_stork2&amp;action=ConsentEvaluator&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
diff --git a/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
new file mode 100644
index 000000000..6afe1f36b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
@@ -0,0 +1,7 @@
+<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle"><xsl:choose><xsl:when test="contains(//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType'],'STORK')"><xsl:variable name="country" select="substring(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type, string-length(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type)-1)"/><xsl:choose><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='BE'">Belgien</xsl:when><xsl:when test="$country='CH'">Schweiz</xsl:when><xsl:when test="$country='CZ'">Tschechien</xsl:when><xsl:when test="$country='EE'">Estland</xsl:when><xsl:when test="$country='ES'">Spanien</xsl:when><xsl:when test="$country='FR'">Frankreich</xsl:when><xsl:when test="$country='GR'">Griechenland</xsl:when><xsl:when test="$country='IS'">Island</xsl:when><xsl:when test="$country='IT'">Italien</xsl:when><xsl:when test="$country='LT'">Litauen</xsl:when><xsl:when test="$country='LU'">Luxemburg</xsl:when><xsl:when test="$country='NL'">Niederlande</xsl:when><xsl:when test="$country='PT'">Portugal</xsl:when><xsl:when test="$country='SE'">Schweden</xsl:when><xsl:when test="$country='SI'">Slowenien</xsl:when><xsl:when test="$country='SK'">Slowakei</xsl:when><xsl:when test="$country='TR'">Türkei</xsl:when><xsl:when test="$country='UK'">Vereinigtes Königreich</xsl:when><xsl:otherwise>Ausland</xsl:otherwise></xsl:choose></xsl:when><xsl:otherwise>Österreich</xsl:otherwise></xsl:choose></td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+ Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
index b45b69054..29973690e 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
@@ -121,4 +121,7 @@
<entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
<entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+ <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
+
+
</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
index 3370978b3..a817e29c0 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_incoming.xml
@@ -94,5 +94,7 @@
<!-- ISA 1.18 attributes-->
<entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
<entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+
+ <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
</properties>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
index bdad5686b..b840b4fe5 100644
--- a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
@@ -124,5 +124,7 @@
<!-- ISA 1.18 attributes-->
<entry key="ECApplicationRole">http://www.stork.gov.eu/1.1/ECApplicationRole</entry>
<entry key="MSOrganization">http://www.stork.gov.eu/1.1/MSOrganization</entry>
+
+ <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
-</properties> \ No newline at end of file
+</properties>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
new file mode 100644
index 000000000..6afe1f36b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.1.xml
@@ -0,0 +1,7 @@
+<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle"><xsl:choose><xsl:when test="contains(//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType'],'STORK')"><xsl:variable name="country" select="substring(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type, string-length(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type)-1)"/><xsl:choose><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='BE'">Belgien</xsl:when><xsl:when test="$country='CH'">Schweiz</xsl:when><xsl:when test="$country='CZ'">Tschechien</xsl:when><xsl:when test="$country='EE'">Estland</xsl:when><xsl:when test="$country='ES'">Spanien</xsl:when><xsl:when test="$country='FR'">Frankreich</xsl:when><xsl:when test="$country='GR'">Griechenland</xsl:when><xsl:when test="$country='IS'">Island</xsl:when><xsl:when test="$country='IT'">Italien</xsl:when><xsl:when test="$country='LT'">Litauen</xsl:when><xsl:when test="$country='LU'">Luxemburg</xsl:when><xsl:when test="$country='NL'">Niederlande</xsl:when><xsl:when test="$country='PT'">Portugal</xsl:when><xsl:when test="$country='SE'">Schweden</xsl:when><xsl:when test="$country='SI'">Slowenien</xsl:when><xsl:when test="$country='SK'">Slowakei</xsl:when><xsl:when test="$country='TR'">Türkei</xsl:when><xsl:when test="$country='UK'">Vereinigtes Königreich</xsl:when><xsl:otherwise>Ausland</xsl:otherwise></xsl:choose></xsl:when><xsl:otherwise>Österreich</xsl:otherwise></xsl:choose></td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+ Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 8d26a1893..19fd9d264 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -84,6 +84,10 @@
<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml</cfg:Location>
</cfg:VerifyTransformsInfoProfile>
<cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockTable_DE_2.1</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
</cfg:VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml
new file mode 100644
index 000000000..df3ce8ce6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.1.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style{ font-size: large; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle"><xsl:choose><xsl:when test="contains(//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType'],'STORK')"><xsl:variable name="country" select="substring(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type, string-length(//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type)-1)"/><xsl:choose><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='T2'">Österreich (Test)</xsl:when><xsl:when test="$country='BE'">Belgien</xsl:when><xsl:when test="$country='CH'">Schweiz</xsl:when><xsl:when test="$country='CZ'">Tschechien</xsl:when><xsl:when test="$country='EE'">Estland</xsl:when><xsl:when test="$country='ES'">Spanien</xsl:when><xsl:when test="$country='FR'">Frankreich</xsl:when><xsl:when test="$country='GR'">Griechenland</xsl:when><xsl:when test="$country='IS'">Island</xsl:when><xsl:when test="$country='IT'">Italien</xsl:when><xsl:when test="$country='LT'">Litauen</xsl:when><xsl:when test="$country='LU'">Luxemburg</xsl:when><xsl:when test="$country='NL'">Niederlande</xsl:when><xsl:when test="$country='PT'">Portugal</xsl:when><xsl:when test="$country='SE'">Schweden</xsl:when><xsl:when test="$country='SI'">Slowenien</xsl:when><xsl:when test="$country='SK'">Slowakei</xsl:when><xsl:when test="$country='TR'">Türkei</xsl:when><xsl:when test="$country='UK'">Vereinigtes Königreich</xsl:when><xsl:otherwise>Ausland</xsl:otherwise></xsl:choose></xsl:when><xsl:otherwise>Österreich</xsl:otherwise></xsl:choose></td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
+ Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index e7faf2df6..ba11f949b 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -61,6 +61,23 @@
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-core</artifactId>
+ <version>${hibernate.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-c3p0</artifactId>
+ <version>${hibernate.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <version>${hibernate.version}</version>
+ </dependency>
+
<!-- <dependency>
<groupId>eu.stork</groupId>
@@ -78,6 +95,7 @@
<artifactId>moa-common</artifactId>
<type>jar</type>
</dependency>
+
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
@@ -502,6 +520,12 @@
<artifactId>commons-io</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>${org.apache.commons.lang3.version}</version>
+ </dependency>
+
<!-- spring -->
<dependency>
<groupId>org.springframework</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 3b903009c..587b641c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -206,8 +206,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
-
- if (!authURL.startsWith("https:"))
+
+ if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed())
throw new AuthenticationException("auth.07",
new Object[] { authURL + "*" });
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
index e4072d0c5..4f321764a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
@@ -145,4 +145,6 @@ public interface AuthConfiguration extends ConfigurationProvider{
*/
Map<String, String> getConfigurationWithWildCard(String key);
+ @Deprecated
+ public boolean isHTTPAuthAllowed();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 9fc03e2df..f706bb376 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1076,4 +1076,14 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
return Arrays.asList(prop.replaceAll(" ", "").split(","));
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isHTTPAuthAllowed()
+ */
+ @Override
+ @Deprecated
+ public boolean isHTTPAuthAllowed() {
+ String prop = properties.getProperty("configuration.localhttpallowed.active", "false");
+ return Boolean.valueOf(prop);
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 71b55d991..25cb952d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -50,7 +50,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
- * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
+ * The AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
* The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes.
* Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user
* interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes.
@@ -80,8 +80,6 @@ public class AttributeCollector implements IAction {
}
- // TODO extract attribute response and check if it corresponds to the container
-
if (httpReq.getParameter("SAMLResponse") != null) {
Logger.info("Got SAML response from external attribute provider.");
@@ -106,7 +104,7 @@ public class AttributeCollector implements IAction {
STORKAuthnResponse authnResponse = null;
- // check if valid authn request is contained
+ // check if valid authn response is contained
try {
authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, httpReq.getRemoteAddr());
} catch (STORKSAMLEngineException ex) {
@@ -115,6 +113,22 @@ public class AttributeCollector implements IAction {
STORK2Response.setSTORKAuthnResponseToken(decSamlToken);
+ // check if the attributes are provided for the same person from request
+ // requires presence of eIdentifier for unambigious correlation
+ Logger.debug("Checking if the attribute relates to the correct person..");
+ try {
+ String remoteEIdentifier= authnResponse.getPersonalAttributeList().get("eIdentifier").getValue().get(0);
+ String localEidentifier= container.getResponse().getStorkAuthnResponse().getPersonalAttributeList().get("eIdentifier").getValue().get(0);
+ if (!remoteEIdentifier.equals(localEidentifier)) {
+ Logger.error("The attribute is not provided for the same person!");
+ throw new MOAIDException("stork.25", null);
+ }
+ } catch (NullPointerException ex) {
+ Logger.warn("Could not check the correlation of attributes from external provider. Ignoring the check.");
+ //Logger.debug(ex);
+ //throw new MOAIDException("stork.04", null); // TODO revise message, raise exception when ehvd checked
+ }
+
if (authnResponse.getPersonalAttributeList().size() > 0) {
Logger.info("Response from external attribute provider contains " + authnResponse.getPersonalAttributeList().size() + " attributes.");
container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList()));
@@ -180,9 +194,21 @@ public class AttributeCollector implements IAction {
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
+ Logger.debug("aquire list of missing attributes");
for (PersonalAttribute current : requestAttributeList)
- if (!responseAttributeList.containsKey(current.getName()))
- missingAttributes.add(current);
+ if (!responseAttributeList.containsKey(current.getName())) {
+ if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) {
+ // add the ones we need
+ missingAttributes.add(current);
+ Logger.debug("add " + current.getName() + " to the list of missing attributes");
+ }
+ } else {
+ // remove the ones we do not want to share from the response list
+ if(null != current.getStatus() && current.getStatus().equals(AttributeStatusType.WITHHELD.value())) {
+ responseAttributeList.remove(current.getName());
+ Logger.debug("remove " + current.getName() + " from the list of resulting attributes because the user does not want to disclose the data");
+ }
+ }
Logger.info("collecting attributes...");
Logger.debug("found " + missingAttributes.size() + " missing attributes");
@@ -249,10 +275,7 @@ public class AttributeCollector implements IAction {
Logger.info("collecting attributes done");
// ask for consent if necessary
- if(oaParam.isRequireConsentForStorkAttributes())
- new ConsentEvaluator().requestConsent(container, response, oaParam);
- else
- new ConsentEvaluator().generateSTORKResponse(response, container);
+ new ConsentEvaluator().generateSTORKResponse(response, container);
return null; // AssertionId
// TODO
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 48502e9e9..59db5797d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -163,7 +163,12 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+ if(oaParam.isRequireConsentForStorkAttributes())
+ new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
+ else
+ new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
+ return null;
}
// // check if we are getting request for citizen of some other country
// else if (req instanceof MOASTORKRequest) {
@@ -494,11 +499,11 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
} catch (Exception e) {
- Logger.error("Exception, attributes: " + e.getMessage());
+ Logger.error("Exception, attributes: " + e.getMessage(), e);
}
}
} catch (Exception e) {
- Logger.error("Exception, attributes: " + e.getMessage());
+ Logger.error("Exception, attributes: " + e.getMessage(), e);
}
Logger.trace("AUTHBLOCK " + authData.getAuthBlock());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 9377d045b..30c59af6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -23,13 +23,17 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
import java.util.ArrayList;
import java.util.HashMap;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.util.Map.Entry;
+
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -39,14 +43,13 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
-import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
@@ -72,23 +75,28 @@ public class ConsentEvaluator implements IAction {
DataContainer container;
try {
container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+ req = container.getRequest();
} catch (MOADatabaseException e) {
Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
throw new MOAIDException("stork.17", null);
}
// evaluate response
- for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) {
+ for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) {
if(null == httpReq.getParameter(current.getName())) {
- current.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
+ current.setStatus(AttributeStatusType.WITHHELD.value());
current.setValue(new ArrayList<String>());
current.setComplexValue(new HashMap<String, String>());
}
}
- // build and send response
- generateSTORKResponse(httpResp, container);
-
+ //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
+
+ new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
return null; // AssertionId
}
@@ -96,12 +104,19 @@ public class ConsentEvaluator implements IAction {
* Fills the given HttpResponse with the required web page.
*
* @param container the container
+ * @param authData
* @param response the response
* @param oaParam the oa param
* @return the string
* @throws MOAIDException the mOAID exception
*/
- public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
+ public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
+ //check if we need to collect consent
+ if(!oaParam.isRequireConsentForStorkAttributes()) {
+ (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+ return "";
+ }
+
// prepare redirect
String newArtifactId;
try {
@@ -134,15 +149,16 @@ public class ConsentEvaluator implements IAction {
// assemble table
String table = "";
- for (PersonalAttribute current : container.getResponse().getPersonalAttributeList())
- if ("Available".equals(current.getStatus()))
- table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+ for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
+ table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + (current.isRequired() ? "" : " (optional)") + "</td></tr>\n";
context.put("tablecontent", table);
+ for(Entry<String, String> current : oaParam.getFormCustomizaten().entrySet())
+ context.put(current.getKey().replace("#", ""), current.getValue());
StringWriter writer = new StringWriter();
template.merge(context, writer);
- response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 3ab4ec4a1..2c7e5b539 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -26,21 +26,20 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
+import org.joda.time.Period;
+
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
/**
* @author bsuzic
@@ -55,6 +54,8 @@ public class MOAAttributeProvider {
private static final Map<String, String> storkAttributeFunctionMapping;
private final MOASTORKRequest moastorkRequest;
+ // mappings for attribute population methods
+ // based on mapping of moa authndata and executing functions to extract attributes
static {
Map<String, String> tempSimpleMap = new HashMap<String, String>();
tempSimpleMap.put("givenName", "getGivenName");
@@ -67,6 +68,9 @@ public class MOAAttributeProvider {
tempFunctionMap.put("ECApplicationRole","getECApplicationRole");
tempFunctionMap.put("dateOfBirth", "getFormatedDateOfBirth");
tempFunctionMap.put("MSOrganization", "getMSOrganization");
+ tempFunctionMap.put("age", "getAge");
+ tempFunctionMap.put("isAgeOver", "getIsAgeOver");
+ tempFunctionMap.put("citizenQAALevel", "getQAALevel");
storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
}
@@ -79,43 +83,87 @@ public class MOAAttributeProvider {
public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
String storkAttribute = requestedAttribute.getName();
- if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
+
+ // TODO: check if authData gets populated with stork attributtes during previous steps; it seems it is not
+ if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+ Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
+ try {
+ PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
+ attributeList.add((PersonalAttribute) tmp.clone());
+ } catch(Exception e) {
+ Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);
+ Logger.debug(e);
+ }
+ } else if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]");
try {
Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute));
- populateAttributeWithMethod(method, authData, attributeList, storkAttribute, requestedAttribute.isRequired());
+ populateAttributeWithMethod(method, authData, attributeList, storkAttribute, requestedAttribute);
} catch (NoSuchMethodException e) {
Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
- e.printStackTrace();
+ Logger.debug(e);
+ } catch (NullPointerException e) {
+ Logger.error("Error getting MOA extraction method while getting attribute: " + storkAttribute);
+ Logger.debug(e);
}
} else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) {
Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]");
try {
- Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute));
- populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute.isRequired());
+ Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute), PersonalAttribute.class);
+ populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute);
} catch (NoSuchMethodException e) {
Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
- e.printStackTrace();
}
} else {
Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined.");
}
}
- private String geteIdentifier() {
+ private String getAge(PersonalAttribute personalAttribute) {
+ if (authData.getDateOfBirth() != null) {
+ Integer age = new Period(authData.getDateOfBirth().getTime(), Calendar.getInstance().getTime().getTime()).getYears();
+ return age >= 0 ? age.toString() : null;
+ }
+ return null; // WP4 D4.2, Table 12:age, description - considerations
+ }
+
+ private String getIsAgeOver(PersonalAttribute personalAttribute)
+ {
+ try {
+ if ((authData.getDateOfBirth() != null) && (personalAttribute.getValue() != null) && (personalAttribute.getValue().size() > 0)) {
+ Integer ageOver = Integer.parseInt(personalAttribute.getValue().get(0));
+ Integer age = new Period(authData.getDateOfBirth().getTime(), Calendar.getInstance().getTime().getTime()).getYears();
+ return age >= ageOver ? ageOver.toString() : "";
+ }
+ } catch (Exception ex) {
+ Logger.error("Error encountered when determining isAgeOver");
+ Logger.debug(ex);
+ }
+ return null;
+ }
+
+ public String getQAALevel(PersonalAttribute personalAttribute) {
+ if (authData.getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX))
+ return authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length());
+ else
+ return null;
+ }
+
+
+ private String geteIdentifier(PersonalAttribute personalAttribute) {
Logger.debug("Using base urn for identification value: " + authData.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());
try {
- return new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
- moastorkRequest.getStorkAuthnRequest().getSpCountry());
+ return new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+ moastorkRequest.getStorkAuthnRequest().getSpCountry());
} catch (BuildException be) {
Logger.error("Stork eid could not be constructed; " + be.getMessage());
return null; // TODO error
}
}
- private List<String> getECApplicationRole() {
+ private List<String> getECApplicationRole(PersonalAttribute personalAttribute) {
List<String> storkRoles = null;
if (authData.getAuthenticationRoles() != null
@@ -127,29 +175,32 @@ public class MOAAttributeProvider {
String storkRole = mapper.map(el);
if (MiscUtil.isNotEmpty(storkRole))
storkRoles.add(storkRole);
-
}
}
return storkRoles;
}
- private String getFormatedDateOfBirth() {
+ private String getFormatedDateOfBirth(PersonalAttribute personalAttribute) {
if (authData.getDateOfBirth() != null) {
DateFormat fmt = new SimpleDateFormat("yyyyMMdd");
return fmt.format(authData.getDateOfBirth());
}
else
return null;
-
}
- private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, Boolean isRequired) {
+ private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, PersonalAttribute requestedAttribute) {
try {
- Object attributeValue = method.invoke(object, new Class[]{}); // (Object[])
-
+ Object attributeValue;
+ if (storkAttributeSimpleMapping.containsValue(method.getName())) {
+ attributeValue = method.invoke(object, new Class[]{});
+ } else {
+ attributeValue = method.invoke(object, requestedAttribute);
+ }
+
PersonalAttribute newAttribute = new PersonalAttribute();
newAttribute.setName(storkAttribute);
- newAttribute.setIsRequired(isRequired);
+ newAttribute.setIsRequired(requestedAttribute.isRequired());
if (attributeValue != null) {
newAttribute.setStatus(AttributeStatusType.AVAILABLE.value());
@@ -182,10 +233,13 @@ public class MOAAttributeProvider {
} catch (InvocationTargetException e) {
Logger.error("Invocation target exception while getting attribute: " + storkAttribute);
- e.printStackTrace();
+ Logger.debug(e);
} catch (IllegalAccessException e) {
Logger.error("Illegal access exception while getting attribute: " + storkAttribute);
- e.printStackTrace();
+ Logger.debug(e);
+ } catch (NullPointerException e) {
+ Logger.error("Could not find method: " + storkAttribute);
+ Logger.debug(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
index 9207cc2dc..a3fac0f6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java
@@ -165,7 +165,8 @@ public abstract class MandateContainer {
}
public void setPhysicalRepresentativeBirthDate(String physicalRepresentativeBirthDate) {
- this.physicalRepresentativeBirthDate = physicalRepresentativeBirthDate;
+ // making it conform to STORK dateOfBirth specifications, removing dash
+ this.physicalRepresentativeBirthDate = physicalRepresentativeBirthDate.replaceAll("-","");
}
public String getAnnotation() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index b48a5acef..e58fe804f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -41,7 +41,6 @@ import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.*;
-import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import javax.servlet.http.HttpServletRequest;
@@ -54,14 +53,14 @@ import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import java.io.StringWriter;
-import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.regex.Pattern;
/**
- *
+ * Entry point for mandate retrieval. Processes MIS data and transforms into STORK mandate attribute.
+ * Additionally provides eIdentifier attribute (if requested) in order to enable identity correlation
*/
public class MandateRetrievalRequest implements IAction {
@@ -78,8 +77,13 @@ public class MandateRetrievalRequest implements IAction {
this.QAALevel = translateQAALevel(authData.getQAALevel());
// preparing original content and removing sensitive data from it
- this.originalContent = authData.getMISMandate().getMandate(); // TODO ERROR
- //Logger.debug("Original content " + StringUtils.newStringUtf8(authData.getMISMandate().getMandate()));
+ try {
+ this.originalContent = authData.getMISMandate().getMandate();
+ } catch (Exception e) {
+ Logger.error("Could not extract mandate");
+ Logger.debug(e);
+ throw new MOAIDException("stork.26", new Object[]{});
+ }
String originalMandate = StringUtils.newStringUtf8(authData.getMISMandate().getMandate()).replaceAll("<pd:Value>.*?==</pd:Value><pd:Type>urn:publicid:gv.at:baseid</pd:Type>","<pd:Value></pd:Value><pd:Type></pd:Type>");;
Logger.debug("Removing personal identification value and type from original mandate ");
originalContent = StringUtils.getBytesUtf8(originalMandate);
@@ -97,13 +101,13 @@ public class MandateRetrievalRequest implements IAction {
this.moaStorkRequest = (MOASTORKRequest) req;
} else {
Logger.error("Internal error - did not receive MOASTORKRequest as expected");
- throw new MOAIDException("stork.16", new Object[]{}); // TODO
+ throw new MOAIDException("stork.27", new Object[]{});
}
if (!(moaStorkRequest.isAttrRequest() || moaStorkRequest.getStorkAttrQueryRequest() == null)) {
Logger.error("Did not receive attribute request as expected");
- throw new MOAIDException("stork.16", new Object[]{}); // TODO
+ throw new MOAIDException("stork.27", new Object[]{});
}
MandateContainer mandateContainer = null;
@@ -115,7 +119,7 @@ public class MandateRetrievalRequest implements IAction {
mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8"));
} catch (Exception ex2) {
Logger.error("Could not extract data and create mandate container.");
- throw new MOAIDException("stork.16", new Object[]{}); // TODO
+ throw new MOAIDException("stork.27", new Object[]{});
}
}
@@ -123,26 +127,21 @@ public class MandateRetrievalRequest implements IAction {
IPersonalAttributeList attributeList = new PersonalAttributeList();
+ // according to new mapping, only mandate attribute is directly relevant
for (PersonalAttribute currentAttribute : sourceAttributeList) {
- Logger.debug("Evaluating currentattribute " + currentAttribute.getName());
- if (currentAttribute.getName().equals("mandateContent")) {
+ Logger.debug("Evaluating attributes, current attribute: " + currentAttribute.getName());
+ if (currentAttribute.getName().equals("mandateContent")) { // deprecated
MandateContentType mandateContent = getMandateContent(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, mandateContent));
- } else if (currentAttribute.getName().equals("representative")) { // TODO CHECK IN DETAIL
+ } else if (currentAttribute.getName().equals("representative")) { // deprecated
RepresentationPersonType representative = getRepresentative(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, representative));
-
- //attributeList.add(getRepresentative(mandateContainer, currentAttribute));
} else if (currentAttribute.getName().equals("represented")) {
- //attributeList.add(getRepresented(mandateContainer, currentAttribute));
RepresentationPersonType represented = getRepresented(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, represented));
-
} else if (currentAttribute.getName().equals("mandate")) {
- //attributeList.add(getMandateType(mandateContainer, currentAttribute));
MandateType mandateType = getMandateType(mandateContainer, currentAttribute);
attributeList.add(marshallComplexAttribute(currentAttribute, mandateType));
-
} else if (currentAttribute.getName().equals("legalName")) {
String legalName = getLegalName(mandateContainer, currentAttribute);
if (legalName.length() > 0) {
@@ -180,6 +179,11 @@ public class MandateRetrievalRequest implements IAction {
}
}
+ if (currentAttribute.getName().equals("eIdentifier")) {
+ attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(geteIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), moaStorkRequest.getStorkAttrQueryRequest().getSpCountry())), AttributeStatusType.AVAILABLE.value()));
+ Logger.info("Adding eIdentifier for mandate holder using SP country: " + moaStorkRequest.getStorkAttrQueryRequest().getSpCountry());
+ }
+
}
@@ -211,7 +215,7 @@ public class MandateRetrievalRequest implements IAction {
// ask for consent if necessary
if (oaParam.isRequireConsentForStorkAttributes())
- new ConsentEvaluator().requestConsent(container, httpResp, oaParam);
+ new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
else
new ConsentEvaluator().generateSTORKResponse(httpResp, container);
@@ -228,7 +232,7 @@ public class MandateRetrievalRequest implements IAction {
if (qaaLevel.equals(PVPConstants.STORK_QAA_1_4))
return 4;
Logger.error("Wrong QAA Number format");
- throw new MOAIDException("stork.16", new Object[]{});
+ throw new MOAIDException("stork.28", new Object[]{});
}
private String geteLPIdentifier(MandateContainer mandateContainer, PersonalAttribute currentAttribute) throws MOAIDException {
@@ -237,11 +241,20 @@ public class MandateRetrievalRequest implements IAction {
return represented.getELPIdentifier();
} else if (currentAttribute.isRequired()) {
Logger.error("Cannot provide eLPIdentifier for natural person.");
- throw new MOAIDException("stork.19", new Object[]{currentAttribute.getName()}); // TODO
+ throw new MOAIDException("stork.29", new Object[]{currentAttribute.getName()});
}
return "";
}
+ private String geteIdentifier(String identificationType, String identificationValue, String destinationCountry) throws MOAIDException {
+ BPKBuilder bpkBuilder = new BPKBuilder();
+ try {
+ return bpkBuilder.buildStorkeIdentifier(identificationType, identificationValue, destinationCountry);
+ } catch (BuildException be) {
+ Logger.error("Could not build STORK eIdentifier while generating mandate assertion.");
+ throw new MOAIDException("stork.29", new Object[]{});
+ }
+ }
private PersonalAttribute marshallComplexAttribute(PersonalAttribute currentAttribute, Object obj) { // TODO refactor
StringWriter stringWriter = new StringWriter();
@@ -273,13 +286,22 @@ public class MandateRetrievalRequest implements IAction {
private String mapPowersType(MandateContainer mandateContainer) {
+ Logger.debug("Analyzing mandate of type: " + mandateContainer.getAnnotation() + ".");
// using if for java 6 compatibility if necessary
if (mandateContainer.getAnnotation().equals("ELGABilateral")) {
return "6"; // Health Powers
} else if (mandateContainer.getAnnotation().equals("ERsB")) {
return "0"; // General Powers
+ } else if (mandateContainer.getAnnotation().equals("Gesetzliche Vollmacht auf Basis Ergäzungsregister für sonstige Betroffene")) {
+ return "0"; // General Powers
+ } else if (mandateContainer.getAnnotation().equals("Gesetzliche Vollmacht auf Basis Ergänzungsregister für sonstige Betroffene")) {
+ return "0"; // General Powers
+ } else if (mandateContainer.getAnnotation().contains("Gesetzliche Vollmacht auf Basis Erg")) {
+ return "0"; // General Powers
} else if (mandateContainer.getAnnotation().equals("GeneralvollmachtBilateral")) {
return "0"; // General Powers
+ } else if (mandateContainer.getAnnotation().contains("Gesetzliche Vollmacht auf Basis Firmenbuch")) {
+ return "0"; // General Powers
} else if (mandateContainer.getAnnotation().equals("ERsBMitPostvollmacht")) {
return "0"; // General Powers
} else if (mandateContainer.getAnnotation().equals("ZVR")) {
@@ -301,6 +323,7 @@ public class MandateRetrievalRequest implements IAction {
} else if (mandateContainer.getAnnotation().equals("Ziviltechniker")) {
return "0"; // General Powers
}
+ Logger.debug("Returning other type of mandate");
return "9";
}
@@ -446,7 +469,6 @@ public class MandateRetrievalRequest implements IAction {
private String getRepresentedStorkeIdentifier(MandateContainer mandateContainer) throws MOAIDException {
- //String identificationType, String identificationValue
if (!(mandateContainer instanceof PhyPersonMandateContainer)) {
Logger.error("Physical person mandate container missing");
throw new MOAIDException("stork.20", new Object[]{}); // TODO
@@ -469,13 +491,7 @@ public class MandateRetrievalRequest implements IAction {
throw new MOAIDException("stork.20", new Object[]{}); // TODO
}
- BPKBuilder bpkBuilder = new BPKBuilder();
- try {
- return bpkBuilder.buildStorkeIdentifier(phyPersonMandateContainer.getPhyPersMandatorIdentificationType(), phyPersonMandateContainer.getPhyPersMandatorIdentificationValue(), this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry());
- } catch (BuildException be) {
- Logger.error("Could not build STORK eIdentifier while generating mandate assertion.");
- throw new MOAIDException("stork.20", new Object[]{}); // TODO
- }
+ return geteIdentifier(phyPersonMandateContainer.getPhyPersMandatorIdentificationType(), phyPersonMandateContainer.getPhyPersMandatorIdentificationValue(), this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry());
}
private String getRepresentingStorkeIdentifier(MandateContainer mandateContainer) throws MOAIDException {
@@ -512,6 +528,7 @@ public class MandateRetrievalRequest implements IAction {
Logger.error("Could not build STORK eIdentifier while generating mandate assertion.");
throw new MOAIDException("stork.20", new Object[]{}); // TODO
}
+
}
private RepresentationPersonType getRepresentative(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
index ba89663ab..c715b65eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java
@@ -109,7 +109,8 @@ public class PhyPersonMandateContainer extends MandateContainer {
}
public void setPhyPersMandatorBirthDate(String phyPersMandatorBirthDate) {
- this.phyPersMandatorBirthDate = phyPersMandatorBirthDate;
+ // making it conform to STORK dateOfBirth specifications, removing dash
+ this.phyPersMandatorBirthDate = phyPersMandatorBirthDate.replaceAll("-","");
}
public String getPhyPersMandatorIdentificationValue() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
index f4d963645..f671f0807 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
@@ -73,6 +73,7 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
return "MandateAttributeRequestProvider";
}
+ // TODO check if used
@Override
protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName());
@@ -85,10 +86,14 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName());
throw new UnsupportedAttributeException();
}
- PersonalAttributeList result = new PersonalAttributeList();
- //return result;
-
+ // check if there is eIdentifier included and add if necessary
+// if (!requestedAttributes.containsKey("eIdentifier")) {
+// PersonalAttribute eIdentifier = new PersonalAttribute();
+ // eIdentifier.setName("eIdentifier");
+// eIdentifier.setIsRequired(true);
+// requestedAttributes.add(eIdentifier);
+// }
Logger.info("Thrown external request by: " + getAttrProviderName());
throw new ExternalAttributeRequestRequiredException(this);
@@ -111,10 +116,12 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
// continue with other attribute providers if there are no attributes current provider is able to handle
if (requestedAttributes.size() == 0) {
- Logger.info("Attribute(s) " + attributes.toString() + " not supported by the provider: " + getAttrProviderName());
+ Logger.info("Attribute(s) " + attributes.toString() + " not supported by the provider: " + getAttrProviderName());
throw new UnsupportedAttributeException();
}
+
+
Logger.info("Thrown external request by: " + getAttrProviderName());
throw new ExternalAttributeRequestRequiredException(this);
}
@@ -144,7 +151,14 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
}
-
+ // TODO ensure that other providers request eidentifier
+ // check if there is eIdentifier included and add if necessary
+ if (!requestedAttributes.containsKey("eIdentifier")) {
+ PersonalAttribute eIdentifier = new PersonalAttribute();
+ eIdentifier.setName("eIdentifier");
+ eIdentifier.setIsRequired(true);
+ requestedAttributes.add(eIdentifier);
+ }
//generate AttrQueryRequest
STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 827eeec8d..23a689305 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -234,6 +234,11 @@ stork.21=Der angeforderte QAA-level {0} ist h\u00F6her als der QAA-level der Aut
stork.22=Der STORK Authentifizierung erfordert die Auswahl des Herkunftslandes der Betroffenen.
stork.23=Die STORK Authentifizierung f\u00FCr "{0}" wird nicht unterst\u00FCtzt.
stork.24=Die STORK Authentifizierungsantwort enth\uFFFDlt leere Angaben zum Geschlecht.
+stork.25=Die Attribute referenzieren verschiedene Personen.
+stork.26=Fehler bei der Extrahierung von Vollmachtendaten.
+stork.27=Fehler bei der Verarbeitung von STORKRequest.
+stork.28=Fehler bei der Umwandelung von QAA Daten.
+stork.29=Fehler bei der Generierung von STORK-Attribut (eIdentifier/eLPIdentifier)
pvp2.00={0} ist kein gueltiger consumer service index
pvp2.01=Fehler beim kodieren der PVP2 Antwort
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
index e21a61665..0ab41f146 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
@@ -80,6 +80,7 @@
overflow:auto;
min-width: 190px;
height: 260px;
+ padding: 20px;
}
h2#tabheader{
@@ -134,6 +135,7 @@
#bkulogin {
min-height: 150px;
+ padding: 20px;
}
}
@@ -146,6 +148,7 @@
#bkulogin {
height: 180px;
+ padding: 20px;
}
}
@@ -175,7 +178,7 @@
color : #000;
text-align: center;
font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
+ background-color: ${MAIN_BACKGOUNDCOLOR};
}
#page {
@@ -230,6 +233,7 @@
#bkulogin {
min-width: 190px;
height: 155px;
+ padding: 20px;
}
.setAssertionButton_full {
@@ -249,7 +253,7 @@
* {
margin: 0;
padding: 0;
- font-family: #FONTTYPE#;
+ font-family: ${FONTTYPE};
}
#selectArea {
@@ -333,13 +337,13 @@
}
.hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
+ background-color : ${MAIN_BACKGOUNDCOLOR};
+ color: ${MAIN_COLOR};
}
.dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
+ background-color: ${HEADER_BACKGROUNDCOLOR};
+ color: ${HEADER_COLOR};
}
.main_header {
@@ -404,7 +408,7 @@
}
</script>
-<title>#HEADER_TEXT#</title>
+<title>Informationsfreigabe</title>
</head>
<body onload="onChangeChecks();" onresize="onChangeChecks();">
<div id="page">
@@ -417,7 +421,7 @@
<h2 id="tabheader" class="dunkel" role="heading">STORK Informationsfreigabe</h2>
</div>
<div id="bkulogin" class="hell" role="form">
- Alle angehakten Daten werden an das fragende Drittland &uuml;bermittelt.
+ W&auml;hlen Sie jene Daten, die, wenn verf&uuml;gbar, an ein Drittland weitergegeben werden sollen:</br>
<table>
${tablecontent}
</table>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index ed18301df..66e42e850 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -96,8 +96,16 @@
<artifactId>moa-common</artifactId>
<type>jar</type>
</dependency>
+<!--
+ <dependency>
+ <groupId>MOA</groupId>
+ <artifactId>moa-common</artifactId>
+ <type>compile</type>
+ </dependency>
+-->
- <dependency>
+
+ <dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_X509TrustManager</artifactId>
</dependency>
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index d9188d4fc..7a98abaff 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -342,7 +342,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
try {
- SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+ SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions()
.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
.getAuthnContextClassRef(), citizenSignature);
} catch (STORKException e) {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index 4a12e72ca..9bbd7e46f 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -297,14 +297,20 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
- // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
- // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
- IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
-
- // if the list is empty, there was just one assertion... probably
- if(attributeList.isEmpty())
- attributeList = authnResponse.getPersonalAttributeList();
+ // fetch attribute list from response
+ IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ if(authnResponse.getAssertions().size() > 1) {
+ for(IPersonalAttributeList currentList : authnResponse.getPersonalAttributeLists()) {
+ for(PersonalAttribute currentAttribute : currentList.values()) {
+ if(!attributeList.containsKey(currentAttribute.getName()))
+ attributeList.add((PersonalAttribute) currentAttribute.clone());
+ else {
+ if(!attributeList.get(currentAttribute.getName()).getValue().equals(currentAttribute.getValue()))
+ throw new TaskExecutionException("data integrity failure", new Exception("data integrity failure: found non-matching values in multiple attributes of type " + currentAttribute.getName()));
+ }
+ }
+ }
+ }
// //////////// incorporate gender from parameters if not in stork response
@@ -505,7 +511,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.debug("Starting connecting SZR Gateway");
identityLink = STORKResponseProcessor.connectToSZRGateway(
- authnResponse.getPersonalAttributeList(),
+ attributeList,
oaParam.getFriendlyName(),
targetType,
null,
@@ -559,7 +565,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
moaSession.setIdentityLink(identityLink);
Logger.debug("Adding addtional STORK attributes to MOA session");
- moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+ moaSession.setStorkAttributes(attributeList);
Logger.debug("Add full STORK AuthnResponse to MOA session");
moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
index 5d8281445..15803fb68 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
@@ -69,7 +69,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {
/**
* Is the personal attribute mandatory?
*/
- private transient boolean required;
+ private boolean required;
/**
* Returned status of the attribute from the IdP.