diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
2 files changed, 48 insertions, 27 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ec1762cbf..decf166c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -58,6 +58,7 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.DOMException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -137,6 +138,11 @@ import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.profile.DocumentType; +import eu.stork.oasisdss.profile.InputDocuments; +import eu.stork.oasisdss.profile.SignRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1882,7 +1888,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName("signedDoc"); List<String> value = new ArrayList<String>(); - value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml")); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml")); newAttribute.setValue(value); attributeList.add(newAttribute); @@ -1978,18 +1984,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentifierGenerator idGenerator; try { idGenerator = new SecureRandomIdentifierGenerator(); - - return "<dss:SignRequest xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" " + - "RequestID=\"" + idGenerator.generateIdentifier() + "\">" + - "<dss:InputDocuments>" + - "<dss:Document>" + - "<dss:Base64Data MimeType=\"" + mimeType + "\">" + text + "</dss:Base64Data>" + - "</dss:Document>" + - "</dss:InputDocuments>" + - "</dss:SignRequest>"; + + DocumentType doc = new DocumentType(); + doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + request.setRequestID(idGenerator.generateIdentifier()); + + return ApiUtils.marshalToDocument(request).getTextContent(); } catch (NoSuchAlgorithmException e) { Logger.error("Cannot generate id", e); throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (ParserConfigurationException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index a1d38d488..3129c9e31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -10,6 +10,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.xml.transform.stream.StreamSource;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
@@ -30,11 +31,15 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.profile.SignResponse;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
@@ -144,23 +149,6 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- Logger.debug("Starting extraction of signedDoc attribute");
- //extract signed doc element and citizen signature
- Element citizenSignature = null;
- try {
-
- Assertion storkAssertion = authnResponse.getAssertions().get(0);
- citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);
- moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
- moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
-
- } catch (Exception e) {
- Logger.error("Could not extract citizen signature from C-PEPS", e);
- throw new MOAIDException("stork.09", null);
- }
- Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
- Logger.debug("Citizen signature will be verified by SZR Gateway!");
-
////////////// incorporate gender from parameters if not in stork response
PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender");
@@ -179,6 +167,23 @@ public class PEPSConnectorServlet extends AuthServlet { //////////////////////////////////////////////////////////////////////////
+ Logger.debug("Starting extraction of signedDoc attribute");
+ //extract signed doc element and citizen signature
+ String citizenSignature = null;
+ try {
+ citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ moaSession.setAuthBlock(citizenSignature);
+
+ // FIXME untested
+ Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature)));
+ moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp));
+
+ } catch (Exception e) {
+ Logger.error("Could not extract citizen signature from C-PEPS", e);
+ throw new MOAIDException("stork.09", null);
+ }
+ Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+ Logger.debug("Citizen signature will be verified by SZR Gateway!");
Logger.debug("Starting connecting SZR Gateway");
//contact SZR Gateway
|