diff options
2 files changed, 117 insertions, 35 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5e4aee81b..43384c58a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1652,6 +1652,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {  				data.setFamilyname(PEPSFamilyname);  				data.setFirstname(PEPSFirstname);  				data.setIdentifier(PEPSIdentifier); +				 +				data.setFiscalNumber(PEPSFiscalNumber);  				data.setRepresentative(representative);  				data.setRepresented(represented); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 10d0ddbc4..0d40c9c9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -250,7 +250,56 @@ public class PEPSConnectorServlet extends AuthServlet {  				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
  				throw new MOAIDException("stork.07", null);
  			}
 -						
 +			
 +			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
 +    		if (oaParam == null)
 +    				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
 +			//================== Check QAA level start ====================
 +			int reqQaa = -1;
 +			int authQaa = -1;
 +			String authQaaStr = null; 
 +			try {
 +				reqQaa = storkAuthnRequest.getQaa();
 +				
 +				//TODO: found better solution, but QAA Level in response could be not supported yet
 +				try {
 +
 +					authQaaStr = authnResponse.getAssertions().get(0).
 +							getAuthnStatements().get(0).getAuthnContext().
 +							getAuthnContextClassRef().getAuthnContextClassRef();
 +					moaSession.setQAALevel(authQaaStr);
 +					
 +				} catch (Throwable e) {
 +					Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
 +					moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
 +					authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
 +				}
 +				if(authQaaStr != null)//Check value only if set
 +				{
 +					authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length()));
 +//					authQaa = Integer.valueOf(authQaaStr);
 +					if (reqQaa > authQaa) {
 +						Logger.warn("Requested QAA level does not match to authenticated QAA level");
 +						throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
 +	
 +					}
 +				}
 +			} catch (MOAIDException e) {
 +				throw e;
 +
 +			} catch (Exception e) {
 +				if (Logger.isDebugEnabled())
 +					Logger.warn("STORK QAA Level evaluation error", e);
 +
 +				else
 +					Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" 
 +							+  e.getMessage() + ")");
 +
 +				throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
 +
 +			}
 +			//================== Check QAA level end ====================
 +			
  			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
  			////////////// incorporate gender from parameters if not in stork response
 @@ -291,28 +340,41 @@ public class PEPSConnectorServlet extends AuthServlet {  				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
  				// fetch signed doc
 -				DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
 +				DataSource ds = null;
 +				try{
 +					ds = LightweightSourceResolver.getDataSource(dssSignResponse);
 +				}catch(Exception e)
 +				{
 +					e.printStackTrace();
 +				}
  				if(ds == null){
 -					throw new ApiUtilsException("No datasource found in response");
 -				}				
 -				
 -				InputStream incoming  = ds.getInputStream();
 -				citizenSignature = IOUtils.toString(incoming);
 -				incoming.close();
 -				
 -				Logger.debug("citizenSignature:"+citizenSignature);
 -				if(isDocumentServiceUsed(citizenSignature)==true)
 +					//Normal DocumentServices return a http-page, but the SI DocumentService returns HTTP error 500 
 +					//which results in an exception and ds==null
 +					
 +					//try to load document from documentservice
 +					citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
 +					//throw new ApiUtilsException("No datasource found in response");
 +				}		
 +				else
  				{
 -					Logger.debug("Loading document from DocumentService.");
 -					String url = getDtlUrlFromResponse(dssSignResponse);
 -					//get Transferrequest
 -					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
 -					//Load document from DocujmentService
 -					byte[] data = getDocumentFromDtl(transferRequest, url);
 -					citizenSignature = new String(data, "UTF-8");
 -					Logger.debug("Overridung citizenSignature with:"+citizenSignature);
 +					InputStream incoming  = ds.getInputStream();
 +					citizenSignature = IOUtils.toString(incoming);
 +					incoming.close();
 +					
 +					Logger.debug("citizenSignature:"+citizenSignature);
 +					if(isDocumentServiceUsed(citizenSignature)==true)
 +					{
 +						citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
 +	//					Logger.debug("Loading document from DocumentService.");
 +	//					String url = getDtlUrlFromResponse(dssSignResponse);
 +	//					//get Transferrequest
 +	//					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
 +	//					//Load document from DocumentService
 +	//					byte[] data = getDocumentFromDtl(transferRequest, url);
 +	//					citizenSignature = new String(data, "UTF-8");
 +	//					Logger.debug("Overridung citizenSignature with:"+citizenSignature);
 +					}
  				}
 -				
  				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
  				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
 @@ -349,9 +411,9 @@ public class PEPSConnectorServlet extends AuthServlet {  //				Logger.error("could not retrieve moa session");
  //				throw new AuthenticationException("auth.01", null);
  //			}
 -    		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
 -    		if (oaParam == null)
 -    				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
 +//    		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
 +//    		if (oaParam == null)
 +//    				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
      		// retrieve target
  	        //TODO: check in case of SSO!!!
 @@ -477,18 +539,18 @@ public class PEPSConnectorServlet extends AuthServlet {  			// stork did the authentication step
  			moaSession.setAuthenticated(true);
 -			//TODO: found better solution, but QAA Level in response could be not supported yet
 -			try {
 -
 -				moaSession.setQAALevel(authnResponse.getAssertions().get(0).
 -						getAuthnStatements().get(0).getAuthnContext().
 -						getAuthnContextClassRef().getAuthnContextClassRef());
 -				
 -			} catch (Throwable e) {
 -				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
 -				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
 -				
 -			}
 +//			//TODO: found better solution, but QAA Level in response could be not supported yet
 +//			try {
 +//
 +//				moaSession.setQAALevel(authnResponse.getAssertions().get(0).
 +//						getAuthnStatements().get(0).getAuthnContext().
 +//						getAuthnContextClassRef().getAuthnContextClassRef());
 +//				
 +//			} catch (Throwable e) {
 +//				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
 +//				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
 +//				
 +//			}
      		//session is implicit stored in changeSessionID!!!!
      		String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
 @@ -526,11 +588,28 @@ public class PEPSConnectorServlet extends AuthServlet {  	}
 +	private String loadDocumentFromDocumentService(SignResponse dssSignResponse) throws Exception
 +	{ 
 +		Logger.debug("Loading document from DocumentService.");
 +		String url = getDtlUrlFromResponse(dssSignResponse);
 +		Logger.debug("Loading document from DocumentService, url:"+url);
 +		//get Transferrequest
 +		String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
 +		//Load document from DocumentService
 +		byte[] data = getDocumentFromDtl(transferRequest, url);
 +		String citizenSignature = new String(data, "UTF-8");
 +		Logger.debug("Overridung citizenSignature with:"+citizenSignature);
 +		return citizenSignature;
 +	}
  	private boolean isDocumentServiceUsed(String citizenSignature) //TODo add better check
  	{
  		if(citizenSignature.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
 +		{
 +			Logger.trace("isDocumentServiceUsed => true");
  			return true;
 +		}
 +		Logger.trace("isDocumentServiceUsed => false");
  		return false;
  	}
 @@ -567,6 +646,7 @@ public class PEPSConnectorServlet extends AuthServlet {    		URL url = null;
  		try 
  		{
 +			Logger.debug("getDocumentFromDtl, dtlUrl:'"+dtlUrl+"' eDtlUrl:'"+eDtlUrl+"'");
  			url = new URL(dtlUrl);
  			QName qname = new QName("http://stork.eu",
  				    "DocumentService");
 | 
