1 files changed, 41 insertions, 11 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 9dfce7838..a3c8ebe4d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -1,7 +1,10 @@
 package at.gv.egovernment.moa.id.auth.servlet;

 

+import iaik.x509.X509Certificate;

 import java.io.IOException;

+import java.io.InputStream;

 import java.io.StringWriter;

+import java.net.URL;

 import java.util.ArrayList;

 import java.util.List;

 

@@ -10,19 +13,19 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import javax.servlet.http.HttpSession;

+import javax.xml.bind.JAXBContext;

+import javax.xml.bind.JAXBElement;

 import javax.xml.transform.stream.StreamSource;

 

+import org.apache.commons.io.IOUtils;

 import org.apache.velocity.Template;

 import org.apache.velocity.VelocityContext;

 import org.apache.velocity.app.VelocityEngine;

-import org.opensaml.saml2.core.Assertion;

 import org.opensaml.saml2.core.StatusCode;

-import org.w3c.dom.Element;

 

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;

 import at.gv.egovernment.moa.id.auth.data.IdentityLink;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

@@ -33,14 +36,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;

 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;

 import at.gv.egovernment.moa.id.moduls.ModulUtils;

-import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

 import at.gv.egovernment.moa.id.util.HTTPUtils;

 import at.gv.egovernment.moa.logging.Logger;

-import at.gv.egovernment.moa.util.DOMUtils;

 import at.gv.egovernment.moa.util.StringUtils;

+import at.gv.util.xsd.xmldsig.SignatureType;

+import at.gv.util.xsd.xmldsig.X509DataType;

 import eu.stork.oasisdss.api.ApiUtils;

-import eu.stork.oasisdss.api.LightweightSourceResolver;

+import eu.stork.oasisdss.profile.DocumentWithSignature;

 import eu.stork.oasisdss.profile.SignResponse;

 import eu.stork.peps.auth.commons.PEPSUtil;

 import eu.stork.peps.auth.commons.PersonalAttribute;

@@ -173,14 +176,41 @@ public class PEPSConnectorServlet extends AuthServlet {
 			//extract signed doc element and citizen signature

 			String citizenSignature = null;

 			try {

-				citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);

+				String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);

+				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));

+				

+				List<DocumentWithSignature> doclocations = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), DocumentWithSignature.class.getSimpleName(), DocumentWithSignature.class);

+				// TODO handle multiple docs?

+				Logger.debug("trying first doclocation");

+				String docUrl = doclocations.get(0).getDocument().getDocumentURL();

+				Logger.debug("trying first doclocation successful");

+				

+				// fetch signed doc

+				URL url = new URL(docUrl);

+				InputStream incomming = url.openStream();

+				citizenSignature = IOUtils.toString(incomming);

+				incomming.close();

+				

+				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());

+				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();

+	            

+				// memorize signature into authblock

 				moaSession.setAuthBlock(citizenSignature);

+

+				// extract certificate

+				for(Object current : root.getKeyInfo().getContent())

+					if(((JAXBElement<?>) current).getValue() instanceof X509DataType) {

+						for(Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) {

+							JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);

+							if(casted.getName().getLocalPart().equals("X509Certificate")) {

+								moaSession.setSignerCertificate(new X509Certificate(((String)casted.getValue()).getBytes()));

+								break;

+							}

+						}

+					}

 				

-				// FIXME untested

-				Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature)));

-				moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp));

 				

-			} catch (Exception e) {

+			} catch (Throwable e) {

 				Logger.error("Could not extract citizen signature from C-PEPS", e);

 				throw new MOAIDException("stork.09", null);

 			}