aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java75
1 files changed, 51 insertions, 24 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index b356c6f35..328a441cd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -26,10 +26,8 @@ import iaik.x509.X509Certificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
-import java.net.URL;
import java.util.ArrayList;
-import java.util.List;
-
+import javax.activation.DataSource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -40,6 +38,7 @@ import javax.xml.bind.JAXBElement;
import javax.xml.transform.stream.StreamSource;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
@@ -51,9 +50,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -61,13 +61,17 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.xmldsig.SignatureType;
import at.gv.util.xsd.xmldsig.X509DataType;
import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.profile.DocumentWithSignature;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
@@ -111,17 +115,28 @@ public class PEPSConnectorServlet extends AuthServlet {
super.checkIfHTTPisAllowed(request.getRequestURL().toString());
Logger.debug("Trying to find MOA Session-ID");
- HttpSession httpSession = request.getSession();
- String moaSessionID = (String) httpSession.getAttribute("MOA-Session-ID");
+ String moaSessionID = request.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
if (StringUtils.isEmpty(moaSessionID)) {
//No authentication session has been started before
Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
}
-
+
+ if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+ //load MOASession from database
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+
+ //change MOASessionID
+ moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -162,10 +177,7 @@ public class PEPSConnectorServlet extends AuthServlet {
}
Logger.info("Got SAML response with authentication success message.");
-
- //check if authentication request was created before
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-
+
Logger.debug("MOA session is still valid");
STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
@@ -179,7 +191,15 @@ public class PEPSConnectorServlet extends AuthServlet {
////////////// incorporate gender from parameters if not in stork response
- PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender");
+ IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+ // but first, check if we have a representation case
+ if(STORKResponseProcessor.hasAttribute("mandateContent", attributeList) || STORKResponseProcessor.hasAttribute("representative", attributeList) || STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+ // in a representation case...
+ moaSession.setUseMandate("true");
+
+ // and check if we have the gender value
+ PersonalAttribute gender = attributeList.get("gender");
if(null == gender) {
String gendervalue = (String) request.getParameter("gender");
if(null != gendervalue) {
@@ -192,6 +212,7 @@ public class PEPSConnectorServlet extends AuthServlet {
authnResponse.getPersonalAttributeList().add(gender);
}
}
+ }
//////////////////////////////////////////////////////////////////////////
@@ -202,17 +223,15 @@ public class PEPSConnectorServlet extends AuthServlet {
String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
- List<DocumentWithSignature> doclocations = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), DocumentWithSignature.class.getSimpleName(), DocumentWithSignature.class);
- // TODO handle multiple docs?
- Logger.debug("trying first doclocation");
- String docUrl = doclocations.get(0).getDocument().getDocumentURL();
- Logger.debug("trying first doclocation successful");
-
// fetch signed doc
- URL url = new URL(docUrl);
- InputStream incomming = url.openStream();
- citizenSignature = IOUtils.toString(incomming);
- incomming.close();
+ DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+ if(ds == null){
+ throw new ApiUtilsException("No datasource found in response");
+ }
+
+ InputStream incoming = ds.getInputStream();
+ citizenSignature = IOUtils.toString(incoming);
+ incoming.close();
JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
@@ -298,7 +317,7 @@ public class PEPSConnectorServlet extends AuthServlet {
response.getOutputStream().write(writer.toString().getBytes());
} catch (Exception e1) {
Logger.error("Error sending gender retrival form.", e1);
- httpSession.invalidate();
+// httpSession.invalidate();
throw new MOAIDException("stork.10", null);
}
@@ -320,6 +339,9 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.debug("Adding addtional STORK attributes to MOA session");
moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+ Logger.debug("Add full STORK AuthnResponse to MOA session");
+ moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
+
//We don't have BKUURL, setting from null to "Not applicable"
moaSession.setBkuURL("Not applicable (STORK Authentication)");
@@ -331,6 +353,7 @@ public class PEPSConnectorServlet extends AuthServlet {
//TODO: found better solution, but QAA Level in response could be not supported yet
try {
+
moasession.setQAALevel(authnResponse.getAssertions().get(0).
getAuthnStatements().get(0).getAuthnContext().
getAuthnContextClassRef().getAuthnContextClassRef());
@@ -365,6 +388,10 @@ public class PEPSConnectorServlet extends AuthServlet {
handleError(null, e, request, response, pendingRequestID);
}
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 05:48:33 +0000