aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java260
1 files changed, 124 insertions, 136 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 0599c79bd..c2de2e3e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -1,38 +1,31 @@
package at.gv.egovernment.moa.id.auth.servlet;
import iaik.pki.PKIException;
-import iaik.x509.X509Certificate;
import java.io.IOException;
import java.security.GeneralSecurityException;
-import java.security.cert.CertificateEncodingException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import org.apache.axis.encoding.Base64;
import org.apache.commons.fileupload.FileUploadException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Text;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet {
}
String sessionID = req.getParameter(PARAM_SESSIONID);
String redirectURL = null;
- X509Certificate cert = null;
AuthenticationSession session = null;
try {
// check parameter
@@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet {
session = AuthenticationServer.getSession(sessionID);
- cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters);
-
-// Element signature = AuthenticationServer.getInstance().getDsigElement
-// (sessionID, parameters);
+ String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+ Logger.debug(xmlCreateXMLSignatureResponse);
+
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
-// if (signature == null) {
- if (cert == null) {
- handleError("Error retrieving signature from foreign eID card.", null, req, resp);
+ Element signature = csresp.getDsigSignature();
+
+ // make SZR request to the identity link
+ CreateIdentityLinkResponse response = getIdentityLink(signature);
+
+ if (response.isError()) {
+ throw new SZRGWClientException(response.getError());
}
else {
-
- // make SZR request
- //Element samlAssertion = getIdentityLink(signature);
- Element samlAssertion = getIdentityLink(cert);
-
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
- IdentityLink identitylink = ilParser.parseIdentityLink();
- session.setIdentityLink(identitylink);
-
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
-
- }
- catch (ParseException ex) {
- handleError(null, ex, req, resp);
+ Element samlAssertion = response.getAssertion();
+
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLink identitylink = ilParser.parseIdentityLink();
+ session.setIdentityLink(identitylink);
+
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
@@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet {
/**
* Does the request to the SZR-GW
- * @param givenname
- * @param familyname
- * @param dateofbirth
+ * @param signature XMLDSIG signature
* @return Identity link assertion
* @throws SZRGWClientException
*/
- /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
- private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+ private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException {
- SZRGWClient client = new SZRGWClient();
-
- try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
- Logger.debug("Connection Parameters: " + connectionParameters);
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (GeneralSecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (PKIException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
-
-
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- }
- // create request
- Document doc = buildGetIdentityLinkRequest(cert);
- Element request = doc.getDocumentElement();
- CreateIdentityLinkResponse response = null;
-
- //try {
- response = client.createIdentityLinkResponse(request);
- //} catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- // client = new SZRGWClient(url);
- // response = client.createIdentityLinkResponse(request);
- // }
-
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ throw new SZRGWClientException(e);
+ } catch (GeneralSecurityException e) {
+ throw new SZRGWClientException(e);
+ } catch (PKIException e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ }
+
+ // create request
+ CreateIdentityLinkResponse response = null;
+ Element request = null;
+ try {
+ Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature);
+ request = doc.getDocumentElement();
+
+ // send request
+ response = client.createIdentityLinkResponse(request);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ try {
+ response = client.createIdentityLinkResponse(request);
+ }
+ catch (SZRGWClientException e1) {
+ throw new SZRGWClientException(e1);
+ }
+ }
- return response.getAssertion();
+
+ return response;
}
@@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet {
* @param birthday
* @return
*/
- private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
-
- try {
- byte[] certbyte = cert.getEncoded();
- String certstring = Base64.encode(certbyte);
-
- DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.newDocument();
-
- Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
- getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
- doc.appendChild(getIdentityLink);
-
- Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
- getIdentityLink.appendChild(x509certificate);
- Text certbase64 = doc.createTextNode(certstring);
- x509certificate.appendChild(certbase64);
-
- return doc;
- } catch (ParserConfigurationException e) {
- e.printStackTrace();
- } catch (CertificateEncodingException e) {
- e.printStackTrace();
- }
- return null;
-
- }
-
- /**
- * Checks a parameter.
- * @param param parameter
- * @return true if the parameter is null or empty
- */
- private boolean isEmpty(String param) {
- return param == null || param.length() == 0;
- }
+// private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+//
+// try {
+// byte[] certbyte = cert.getEncoded();
+// String certstring = Base64.encode(certbyte);
+//
+// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+// factory.setNamespaceAware(true);
+// DocumentBuilder builder = factory.newDocumentBuilder();
+// Document doc = builder.newDocument();
+//
+// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+// doc.appendChild(getIdentityLink);
+//
+// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+// getIdentityLink.appendChild(x509certificate);
+// Text certbase64 = doc.createTextNode(certstring);
+// x509certificate.appendChild(certbase64);
+//
+// return doc;
+// } catch (ParserConfigurationException e) {
+// e.printStackTrace();
+// } catch (CertificateEncodingException e) {
+// e.printStackTrace();
+// }
+// return null;
+//
+// }
+//
+// /**
+// * Checks a parameter.
+// * @param param parameter
+// * @return true if the parameter is null or empty
+// */
+// private boolean isEmpty(String param) {
+// return param == null || param.length() == 0;
+// }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 16:52:33 +0000