aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java76
3 files changed, 67 insertions, 87 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d77119f4a..5ae3d8e47 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1733,53 +1733,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());
return response;
-
-
-// client.setAddress(connectionParameters.getUrl());
-// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
-// Logger.debug("Initialisiere SSL Verbindung");
-// try {
-// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
-// } catch (IOException e) {
-// Logger.error("Could not initialize SSL Factory", e);
-// throw new SZRGWClientException("Could not initialize SSL Factory");
-// } catch (GeneralSecurityException e) {
-// Logger.error("Could not initialize SSL Factory", e);
-// throw new SZRGWClientException("Could not initialize SSL Factory");
-// } catch (PKIException e) {
-// Logger.error("Could not initialize SSL Factory", e);
-// throw new SZRGWClientException("Could not initialize SSL Factory");
-// }
-// }
}
catch (ConfigurationException e) {
Logger.warn(e);
Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
}
-// // create request
-// CreateIdentityLinkResponse response = null;
-// Element request = null;
-// try {
-// Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
-// request = doc.getDocumentElement();
-//
-// // send request
-// response = client.createIdentityLinkResponse(request, connectionParameters.getUrl());
-//
-//
-//
-// } catch (SZRGWClientException e) {
-// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
-//// try {
-//// response = client.createIdentityLinkResponse(request);
-//// }
-//// catch (SZRGWClientException e1) {
-//// throw new SZRGWClientException(e1);
-//// }
-// }
-
-
return null;
}
@@ -1811,6 +1770,24 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null);
}
+
+ /**
+ * Gets the identity link.
+ *
+ * @param citizenSignature the citizen signature
+ * @param representative the representative
+ * @param represented the represented
+ * @param mandate the mandate
+ * @param organizationAddress the organization address
+ * @param organizationType the organization type
+ * @return the identity link
+ * @throws SZRGWClientException
+ */
+ public CreateIdentityLinkResponse getIdentityLink(String citizenSignature,
+ String representative, String represented, String mandateContent,
+ String organizationAddress, String organizationType) throws SZRGWClientException {
+ return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType);
+ }
/**
* SZR-GW Client interface.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4819b8219..45e6ab816 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -137,29 +137,12 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-// Logger.debug("Starting validation of SAML assertion");
-// //verify SAML assertion
- Assertion storkAssertion = authnResponse.getAssertions().get(0);
-// try {
-// STORKResponseProcessor.verifySTORKAssertion(
-// storkAssertion, //assertion
-// request.getRemoteAddr(), //IP address of user
-// storkAuthnRequest.getID(), //ID of STORK AuthnRequest
-// request.getRequestURL().toString(), //destination
-// HTTPUtils.getBaseURL(request), //audience
-// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
-// } catch (STORKException e) {
-// Logger.error("Failed to verify STORK SAML Assertion", e);
-// throw new MOAIDException("stork.08", null);
-// }
-//
-// Logger.info("SAML assertion succesfully verified!");
-
Logger.debug("Starting extraction of signedDoc attribute");
//extract signed doc element and citizen signature
Element citizenSignature = null;
try {
+ Assertion storkAssertion = authnResponse.getAssertions().get(0);
citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);
moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index e81adfb52..466d86f87 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -296,6 +296,22 @@ public class STORKResponseProcessor {
}
+
+ /**
+ * Checks for attribute.
+ *
+ * @param attributeName the attribute name
+ * @param attributeList the attribute list
+ * @return true, if successful
+ */
+ private static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) {
+ try {
+ getAttributeValue(attributeName, attributeList);
+ return true;
+ } catch(STORKException e) {
+ return false;
+ }
+ }
/**
* helper for reading attributes. Handles logging and error handling.
@@ -325,52 +341,56 @@ public class STORKResponseProcessor {
public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException {
Logger.trace("Calling SZR Gateway with the following attributes:");
- // fetch mandatory attributes
- String citizenSignature = getAttributeValue("signedDoc", attributeList);
- String eIdentifier = getAttributeValue("eIdentifier", attributeList);
- String givenName = getAttributeValue("givenName", attributeList);
- String lastName = getAttributeValue("surname", attributeList);
- String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
- if (!StringUtils.isEmpty(dateOfBirth)) {
- dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
- }
-
- CreateIdentityLinkResponse response;
+ CreateIdentityLinkResponse identityLinkResponse = null;
IdentityLink identityLink = null;
try {
Logger.trace("Starting call...");
- // do we have a case of representation?
- try {
+
+ // if there is no signedDoc attribute, we cannot go on
+ String citizenSignature = getAttributeValue("signedDoc", attributeList);
+
+ // if we have a signedDoc we test for a representation case
+ if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) {
+ // we have a representation case
String representative = getAttributeValue("representative", attributeList);
String represented = getAttributeValue("represented", attributeList);
String mandate = getAttributeValue("mandateContent", attributeList);
- // we definitely know we have a representation case here
- // lets try if the represented is an organization
- try {
+ if(!hasAttribute("dateOfBirth", attributeList)) {
+ // if we get here, we have a natural person representing a legal person
String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList);
String organizationType = getAttributeValue("translateableType", attributeList);
- // if we got here, we have a natural person representing a legal person
- response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType);
- } catch(STORKException e1) {
+ identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType);
+ } else {
+ // if we get here, we have a natural person representing another natural person
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList);
+ String givenName = getAttributeValue("givenName", attributeList);
+ String lastName = getAttributeValue("surname", attributeList);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
+ if (!StringUtils.isEmpty(dateOfBirth))
+ dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
- // if we get here we have natural persons representing each other
- response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
+ identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
}
- } catch(STORKException e) {
+ } else {
// we do not have a representation case
- response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList);
+ String givenName = getAttributeValue("givenName", attributeList);
+ String lastName = getAttributeValue("surname", attributeList);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
+ if (!StringUtils.isEmpty(dateOfBirth))
+ dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
+ identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
}
-
-
- if (null != response.getErrorResponse()){
+
+ if (null != identityLinkResponse.getErrorResponse()){
// TODO fix exception parameter
- throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null);
}
else {
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink()));
identityLink = ilParser.parseIdentityLink();
Logger.debug("Received Identity Link from SZR Gateway");