added stork signature client api - untested

author: Florian Reimair <florian.reimair@iaik.tugraz.at> 2014-01-30 19:04:02 +0100
committer: Florian Reimair <florian.reimair@iaik.tugraz.at> 2014-01-31 17:16:54 +0100
commit: 8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e (patch)
tree: d581d2001e8534dac7bc2e192a5c5aa24f89094d /id
parent: b04ffb6167dca0a3d1c116953b23aebe1ddf4e32 (diff)
download: moa-id-spss-8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e.tar.gz
moa-id-spss-8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e.tar.bz2
moa-id-spss-8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e.zip
3 files changed, 53 insertions, 27 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 8a9cdd51f..245348d09 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -37,6 +37,11 @@
             <artifactId>SamlEngine</artifactId>
             <version>1.1.0</version>
         </dependency>
+        <dependency>
+        	<groupId>eu.stork</groupId>
+        	<artifactId>oasis-dss-api</artifactId>
+        	<version>1.0.0-SNAPSHOT</version>
+        </dependency>
     <dependency>
     		<groupId>MOA.id.server</groupId>
     		<artifactId>moa-id-commons</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ec1762cbf..decf166c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -58,6 +58,7 @@ import org.opensaml.common.IdentifierGenerator;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.xml.util.Base64;
 import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -137,6 +138,11 @@ import at.gv.egovernment.moa.util.XPathUtils;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.ApiUtilsException;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.InputDocuments;
+import eu.stork.oasisdss.profile.SignRequest;
 import eu.stork.peps.auth.commons.PEPSUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
@@ -1882,7 +1888,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     	PersonalAttribute newAttribute = new PersonalAttribute();
     	newAttribute.setName("signedDoc");
     	List<String> value = new ArrayList<String>();
-    	value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im  Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml"));
+    	value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im  Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml"));
     	newAttribute.setValue(value);
     	attributeList.add(newAttribute);
 
@@ -1978,18 +1984,28 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		IdentifierGenerator idGenerator;
 		try {
 			idGenerator = new SecureRandomIdentifierGenerator();
-
-			return "<dss:SignRequest xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" " +
-					"RequestID=\"" + idGenerator.generateIdentifier() + "\">" +
-					"<dss:InputDocuments>" +
-						"<dss:Document>" +
-						"<dss:Base64Data MimeType=\"" + mimeType + "\">" + text + "</dss:Base64Data>" +
-						"</dss:Document>" +
-					"</dss:InputDocuments>" +
-				"</dss:SignRequest>";
+			
+			DocumentType doc = new DocumentType();
+			doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes());
+			
+			SignRequest request = new SignRequest();
+			request.setInputDocuments(ApiUtils.createInputDocuments(doc));
+			
+			request.setRequestID(idGenerator.generateIdentifier());
+			
+			return ApiUtils.marshalToDocument(request).getTextContent();
 		} catch (NoSuchAlgorithmException e) {
 			Logger.error("Cannot generate id", e);
 			throw new RuntimeException(e);
+		} catch (ApiUtilsException e) {
+			Logger.error("Could not create SignRequest", e);
+			throw new RuntimeException(e);
+		} catch (DOMException e) {
+			Logger.error("Could not create SignRequest", e);
+			throw new RuntimeException(e);
+		} catch (ParserConfigurationException e) {
+			Logger.error("Could not create SignRequest", e);
+			throw new RuntimeException(e);
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index a1d38d488..3129c9e31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.xml.transform.stream.StreamSource;
 
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
@@ -30,11 +31,15 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
 import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.profile.SignResponse;
 import eu.stork.peps.auth.commons.PEPSUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.STORKAuthnRequest;
@@ -144,23 +149,6 @@ public class PEPSConnectorServlet extends AuthServlet {
 						
 			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
 
-			Logger.debug("Starting extraction of signedDoc attribute");
-			//extract signed doc element and citizen signature
-			Element citizenSignature = null;
-			try {
-			
-				Assertion storkAssertion = authnResponse.getAssertions().get(0);
-				citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);				
-				moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
-				moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
-				
-			} catch (Exception e) {
-				Logger.error("Could not extract citizen signature from C-PEPS", e);
-				throw new MOAIDException("stork.09", null);
-			}
-			Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
-			Logger.debug("Citizen signature will be verified by SZR Gateway!");
-			
 			////////////// incorporate gender from parameters if not in stork response
 			
 			PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender");
@@ -179,6 +167,23 @@ public class PEPSConnectorServlet extends AuthServlet {
 			
 			//////////////////////////////////////////////////////////////////////////
 			
+			Logger.debug("Starting extraction of signedDoc attribute");
+			//extract signed doc element and citizen signature
+			String citizenSignature = null;
+			try {
+				citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+				moaSession.setAuthBlock(citizenSignature);
+				
+				// FIXME untested
+				Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature)));
+				moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp));
+				
+			} catch (Exception e) {
+				Logger.error("Could not extract citizen signature from C-PEPS", e);
+				throw new MOAIDException("stork.09", null);
+			}
+			Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+			Logger.debug("Citizen signature will be verified by SZR Gateway!");
 			
 			Logger.debug("Starting connecting SZR Gateway");
 			//contact SZR Gateway
author	Florian Reimair <florian.reimair@iaik.tugraz.at>	2014-01-30 19:04:02 +0100
committer	Florian Reimair <florian.reimair@iaik.tugraz.at>	2014-01-31 17:16:54 +0100
commit	8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e (patch)
tree	d581d2001e8534dac7bc2e192a5c5aa24f89094d /id
parent	b04ffb6167dca0a3d1c116953b23aebe1ddf4e32 (diff)
download	moa-id-spss-8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e.tar.gz moa-id-spss-8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e.tar.bz2 moa-id-spss-8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e.zip