aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java132
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java138
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java260
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java537
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java244
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java14
18 files changed, 993 insertions, 706 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index fcaa4f053..01c6a512f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -21,6 +21,7 @@ import iaik.x509.X509Certificate;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.Principal;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
@@ -540,15 +541,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Returns a CreateXMLSignatureRequest for the foreign ID.<br>
+ * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
+ * <ul>
+ * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
+ * </ul>
*
* @param sessionID ID of associated authentication session data
- * @param infoboxReadResponseParameters The parameters from the response returned from
- * the BKU
- * @param cert The certificate of the foreign ID
+ * @param cert The certificate from the user
* @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert)
+ public String createXMLSignatureRequestForeignID(String sessionID, X509Certificate cert)
throws
AuthenticationException,
BuildException,
@@ -558,57 +560,33 @@ public class AuthenticationServer implements MOAIDAuthConstants {
ServiceException {
if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
AuthenticationSession session = getSession(sessionID);
+
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-
+
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
-
- return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam);
+ return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert);
}
- public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
- throws
- ConfigurationException,
- BuildException,
- ValidateException {
+ public String getCreateXMLSignatureRequestForeigID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, X509Certificate cert) throws ConfigurationException
+ {
+ // check for intermediate processing of the infoboxes
+ if (session.isValidatorInputPending()) return "Redirect to Input Processor";
if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- //BZ.., calculate bPK for signing to be already present in AuthBlock
-// IdentityLink identityLink = session.getIdentityLink();
-// if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-// // only compute bPK if online application is a public service and we have the Stammzahl
-// String bpkBase64 = new BPKBuilder().buildBPK(
-// identityLink.getIdentificationValue(),
-// session.getTarget());
-// identityLink.setIdentificationValue(bpkBase64);
-// }
- //..BZ
+ Principal subject = cert.getSubjectDN();
-
- // builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session);
-// session.setAuthBlock(authBlock);
- // builds the <CreateXMLSignatureRequest>
- String[] transformsInfos = oaParam.getTransformsInfos();
- if ((transformsInfos == null) || (transformsInfos.length == 0)) {
- // no OA specific transforms specified, use default ones
- transformsInfos = authConf.getTransformsInfos();
- }
String createXMLSignatureRequest =
- new CreateXMLSignatureRequestBuilder().build(authBlock,
- oaParam.getKeyBoxIdentifier(),
- transformsInfos,
- oaParam.getSlVersion12());
+ new CreateXMLSignatureRequestBuilder().buildForeignID(subject.toString(), oaParam, session);
return createXMLSignatureRequest;
}
@@ -642,7 +620,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE);
- System.out.println(xmlCreateXMLSignatureResponse);
if (isEmpty(xmlCreateXMLSignatureResponse))
throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
@@ -757,6 +734,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return authBlock;
}
+
/**
* Verifies the infoboxes (except of the identity link infobox) returned by the BKU by
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index d684c16c9..bab387b4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -226,5 +226,137 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
return assertion;
}
+
+ /**
+ * Builds the authentication block <code>&lt;saml:Assertion&gt;</code>
+ *
+ * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code>
+ * @param issueInstant current timestamp
+ * @param authURL URL of MOA-ID authentication component
+ * @param target "Gesch&auml;ftsbereich"; maybe <code>null</code> if the application
+ * is a business application
+ * @param identityLinkValue the content of the <code>&lt;pr:Value&gt;</code>
+ * child element of the <code>&lt;pr:Identification&gt;</code>
+ * element derived from the Identitylink; this is the
+ * value of the <code>wbPK</code>;
+ * maybe <code>null</code> if the application is a public service
+ * @param identityLinkType the content of the <code>&lt;pr:Type&gt;</code>
+ * child element of the <code>&lt;pr:Identification&gt;</code>
+ * element derived from the Identitylink; this includes the
+ * URN prefix and the identification number of the business
+ * application used as input for wbPK computation;
+ * maybe <code>null</code> if the application is a public service
+ * @param oaURL public URL of online application requested
+ * @param gebDat The date of birth from the identity link.
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
+ *
+ * @return String representation of authentication block
+ * <code>&lt;saml:Assertion&gt;</code> built
+ *
+ * @throws BuildException If an error occurs on serializing an extended SAML attribute
+ * to be appended to the AUTH-Block.
+ */
+ public String buildAuthBlockForeignID(
+ String issuer,
+ String issueInstant,
+ String authURL,
+ String target,
+ String identityLinkValue,
+ String identityLinkType,
+ String oaURL,
+ String gebDat,
+ List extendedSAMLAttributes,
+ AuthenticationSession session)
+ throws BuildException
+ {
+ session.setSAMLAttributeGebeORwbpk(true);
+ String gebeORwbpk = "";
+ String wbpkNSDeclaration = "";
+
+ //BZ.., reading OA parameters
+ OAAuthParameter oaParam;
+ try {
+ oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ } catch (ConfigurationException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+ //..BZ
+
+
+ if (target == null) {
+ // OA is a business application
+ if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
+ // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+ gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+ wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+
+ //BZ.., adding type of wbPK domain identifier
+ ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute =
+ new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
+ //..BZ
+
+ } else {
+ // We do not have a wbPK, therefore no SAML-Attribute is provided
+ session.setSAMLAttributeGebeORwbpk(false);
+ }
+ } else {
+ // OA is a govermental application
+ //BZ..
+ String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+ //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+ gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
+ //..BZ
+
+ //BZ.., no business service, adding bPK
+
+ Element bpkSamlValueElement;
+ try {
+ bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement();
+ } catch (Exception e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+ ExtendedSAMLAttribute bpkAttribute =
+ new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(bpkAttribute);
+ //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+ wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+ //..BZ
+ }
+
+ //BZ.., adding friendly name of OA
+ String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
+
+ ExtendedSAMLAttribute oaFriendlyNameAttribute =
+ new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+
+ extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+ //..BZ
+
+ String assertion;
+ try {
+ assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] {
+ wbpkNSDeclaration,
+ issuer,
+ issueInstant,
+ authURL,
+ gebeORwbpk,
+ oaURL,
+ gebDat,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ } catch (ParseException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+
+ return assertion;
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index fe73ce16b..4ef8dc359 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -16,8 +16,13 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
+import java.util.Calendar;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -105,4 +110,137 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
return request;
}
+
+ /**
+ * Builds the <code>&lt;CreateXMLSignatureRequest&gt;</code> for a foreign ID.
+ *
+ * @param subject the subject of the foreign certificate
+ * @param oaParam parameter for the OA
+ * @param session current session
+ * @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
+
+ String target = session.getTarget();
+ String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+
+ Calendar cal = Calendar.getInstance();
+ String date = DateTimeUtils.buildDate(cal);
+ String time = DateTimeUtils.buildTime(cal);
+
+ String request = "";
+ request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">";
+ request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>";
+ request += "<sl:DataObjectInfo Structure=\"enveloping\">";
+ request += "<sl:DataObject>";
+ request += "<sl:XMLContent>";
+
+ request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
+ request += "<head>";
+ request += "<title>Signatur der Anmeldedaten</title>";
+ request += "<style type=\"text/css\" media=\"screen\">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}";
+ request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }";
+ request += ".ernpstyle { font-size: x-small; }";
+ request += ".h4style{ font-family: Verdana; }";
+ request += "table.parameters { font-size: x-small; }";
+ request += "</style>";
+ request += "</head>";
+ request += "<body>";
+ request += "<h4 class=\"h4style\">Authentication Data:</h4>";
+ request += "<p class=\"titlestyle\">Personal Data</p>";
+ request += "<table class=\"parameters\">";
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">Name:</td>";
+ request += "<td>";
+ request += subject;
+ request += "</td>";
+ request += "</tr>";
+ request += "</table>";
+ request += "<p class=\"titlestyle\">Application Data</p>";
+ request += "<table class=\"parameters\">";
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">Name:</td>";
+ request += "<td>";
+ // friendlyname from OA
+ request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
+ request += "</td>";
+ request += "</tr>";
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">Country:</td>";
+ request += "<td>Austria</td>";
+ request += "</tr>";
+ request += "</table>";
+ request += "<p class=\"titlestyle\">Technical Parameters</p>";
+ request += "<table class=\"parameters\">";
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">URL:</td>";
+ request += "<td>";
+ //public URL prefix from OA
+ request += oaParam.getPublicURLPrefix();
+ request += "</td>";
+ request += "</tr>";
+ boolean business = oaParam.getBusinessService();
+ if (business) {
+ // OA is businessservice
+ String identifierType = oaParam.getIdentityLinkDomainIdentifierType();
+ String identifier = oaParam.getIdentityLinkDomainIdentifier();
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">";
+ request += identifierType + ":";
+ request += "</td>";
+ request += "<td>";
+ request += identifier;
+ request += "</td>";
+ request += "</tr>";
+ }
+ else {
+ // OA is publicservice
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">";
+ request += "Sector:</td>";
+ request += "<td>";
+ request += target + " (" + sectorName + ")";
+ request += "</td>";
+ request += "</tr>";
+
+ }
+
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">Date:</td>";
+ request += "<td>";
+ request += date;
+ request += "</td>";
+ request += "</tr>";
+ request += "<tr>";
+ request += "<td class=\"italicstyle\">Time:</td>";
+ request += "<td>";
+ request += time;
+ request += "</td>";
+ request += "</tr>";
+ request += "</table>";
+
+ request += "<p class=\"ernpstyle\">I hereby request to access this e-government application by using my " +
+ "domestic electronic identity. <br/>" +
+ "I further affirm that I am not yet registered with the Austrian Central " +
+ "Residents Registry and that I am not obliged to register with the Austrian " +
+ "Central Residents Registry according to Austrian law.<br/>" +
+ "In the event I am not yet registered with the Supplementary Register, I " +
+ "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+ "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>";
+
+ request += "</body>";
+ request += "</html>";
+
+ request += "</sl:XMLContent>";
+ request += "</sl:DataObject>";
+ request += "<sl:TransformsInfo>";
+ request += "<sl:FinalDataMetaInfo>";
+ request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>";
+ request += "</sl:FinalDataMetaInfo>";
+ request += "</sl:TransformsInfo>";
+ request += "</sl:DataObjectInfo>";
+ request += "</sl:CreateXMLSignatureRequest>";
+
+ return request;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 0599c79bd..c2de2e3e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -1,38 +1,31 @@
package at.gv.egovernment.moa.id.auth.servlet;
import iaik.pki.PKIException;
-import iaik.x509.X509Certificate;
import java.io.IOException;
import java.security.GeneralSecurityException;
-import java.security.cert.CertificateEncodingException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import org.apache.axis.encoding.Base64;
import org.apache.commons.fileupload.FileUploadException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Text;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet {
}
String sessionID = req.getParameter(PARAM_SESSIONID);
String redirectURL = null;
- X509Certificate cert = null;
AuthenticationSession session = null;
try {
// check parameter
@@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet {
session = AuthenticationServer.getSession(sessionID);
- cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters);
-
-// Element signature = AuthenticationServer.getInstance().getDsigElement
-// (sessionID, parameters);
+ String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+ Logger.debug(xmlCreateXMLSignatureResponse);
+
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
-// if (signature == null) {
- if (cert == null) {
- handleError("Error retrieving signature from foreign eID card.", null, req, resp);
+ Element signature = csresp.getDsigSignature();
+
+ // make SZR request to the identity link
+ CreateIdentityLinkResponse response = getIdentityLink(signature);
+
+ if (response.isError()) {
+ throw new SZRGWClientException(response.getError());
}
else {
-
- // make SZR request
- //Element samlAssertion = getIdentityLink(signature);
- Element samlAssertion = getIdentityLink(cert);
-
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
- IdentityLink identitylink = ilParser.parseIdentityLink();
- session.setIdentityLink(identitylink);
-
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
-
- }
- catch (ParseException ex) {
- handleError(null, ex, req, resp);
+ Element samlAssertion = response.getAssertion();
+
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLink identitylink = ilParser.parseIdentityLink();
+ session.setIdentityLink(identitylink);
+
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
@@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet {
/**
* Does the request to the SZR-GW
- * @param givenname
- * @param familyname
- * @param dateofbirth
+ * @param signature XMLDSIG signature
* @return Identity link assertion
* @throws SZRGWClientException
*/
- /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
- private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+ private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException {
- SZRGWClient client = new SZRGWClient();
-
- try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
- Logger.debug("Connection Parameters: " + connectionParameters);
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (GeneralSecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (PKIException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
-
-
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- }
- // create request
- Document doc = buildGetIdentityLinkRequest(cert);
- Element request = doc.getDocumentElement();
- CreateIdentityLinkResponse response = null;
-
- //try {
- response = client.createIdentityLinkResponse(request);
- //} catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- // client = new SZRGWClient(url);
- // response = client.createIdentityLinkResponse(request);
- // }
-
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ throw new SZRGWClientException(e);
+ } catch (GeneralSecurityException e) {
+ throw new SZRGWClientException(e);
+ } catch (PKIException e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ }
+
+ // create request
+ CreateIdentityLinkResponse response = null;
+ Element request = null;
+ try {
+ Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature);
+ request = doc.getDocumentElement();
+
+ // send request
+ response = client.createIdentityLinkResponse(request);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ try {
+ response = client.createIdentityLinkResponse(request);
+ }
+ catch (SZRGWClientException e1) {
+ throw new SZRGWClientException(e1);
+ }
+ }
- return response.getAssertion();
+
+ return response;
}
@@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet {
* @param birthday
* @return
*/
- private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
-
- try {
- byte[] certbyte = cert.getEncoded();
- String certstring = Base64.encode(certbyte);
-
- DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.newDocument();
-
- Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
- getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
- doc.appendChild(getIdentityLink);
-
- Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
- getIdentityLink.appendChild(x509certificate);
- Text certbase64 = doc.createTextNode(certstring);
- x509certificate.appendChild(certbase64);
-
- return doc;
- } catch (ParserConfigurationException e) {
- e.printStackTrace();
- } catch (CertificateEncodingException e) {
- e.printStackTrace();
- }
- return null;
-
- }
-
- /**
- * Checks a parameter.
- * @param param parameter
- * @return true if the parameter is null or empty
- */
- private boolean isEmpty(String param) {
- return param == null || param.length() == 0;
- }
+// private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+//
+// try {
+// byte[] certbyte = cert.getEncoded();
+// String certstring = Base64.encode(certbyte);
+//
+// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+// factory.setNamespaceAware(true);
+// DocumentBuilder builder = factory.newDocumentBuilder();
+// Document doc = builder.newDocument();
+//
+// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+// doc.appendChild(getIdentityLink);
+//
+// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+// getIdentityLink.appendChild(x509certificate);
+// Text certbase64 = doc.createTextNode(certstring);
+// x509certificate.appendChild(certbase64);
+//
+// return doc;
+// } catch (ParserConfigurationException e) {
+// e.printStackTrace();
+// } catch (CertificateEncodingException e) {
+// e.printStackTrace();
+// }
+// return null;
+//
+// }
+//
+// /**
+// * Checks a parameter.
+// * @param param parameter
+// * @return true if the parameter is null or empty
+// */
+// private boolean isEmpty(String param) {
+// return param == null || param.length() == 0;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 8165f90f8..2430095b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -63,7 +63,7 @@ public class StartAuthenticationServlet extends AuthServlet {
}
authURL = authURL.concat(req.getContextPath() + "/");
- String target = req.getParameter(PARAM_TARGET);
+ String target = req.getParameter(PARAM_TARGET);
String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
@@ -91,7 +91,7 @@ public class StartAuthenticationServlet extends AuthServlet {
String getIdentityLinkForm =
AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
-
+
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 824df9ca8..8ae951dda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -96,7 +96,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
String redirectURL = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index c9c1e794d..1b96ce8a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -93,7 +93,6 @@ public class VerifyCertificateServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
AuthenticationSession session = null;
try {
@@ -104,55 +103,19 @@ public class VerifyCertificateServlet extends AuthServlet {
session = AuthenticationServer.getSession(sessionID);
X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
-
- System.out.println(cert);
-
- String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert);
-
- System.out.println(createXMLSignatureRequest);
-
+
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
// build dataurl (to the GetForeignIDSerlvet)
- String dataurl =
+ String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_GET_FOREIGN_ID,
session.getSessionID());
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
-// Logger.debug("Send CreateXMLSignatureRequest to BKU");
-// String keyboxIdentifier = "SecureSignatureKeypair";
-// //String keyboxIdentifier = "CertifiedKeypair";
-// String xmlContent = "<html xmlns=\"http://www.w3.org/1999/xhtml\"> " +
-// "<head><title>CreateXMLSignatureRequest</title>" +
-// "<style type=\"text/css\"/></head>" +
-// "<body>" +
-// "<p>I hereby request to access this e-government application by using my " +
-// "domestic electronic identity. </p>" +
-// "<p>I further affirm that I am not yet registered with the Austrian Central " +
-// "Residents Registry and that I am not obliged to register with the Austrian " +
-// "Central Residents Registry according to Austrian law.</p>" +
-// "<p>In the event I am not yet registered with the Supplementary Register, I " +
-// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
-// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>" +
-// "</body></html>";
-//
-// // create the CreateXMLSignatureRequest
-// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilderForeign().build(
-// keyboxIdentifier,
-// xmlContent);
-//
-// // build dataurl (to the GetForeignIDSerlvet)
-// String dataurl =
-// new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// REQ_GET_FOREIGN_ID,
-// session.getSessionID());
-//
-// ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-//
+ Logger.debug("Send CreateXMLSignatureRequest to BKU");
}
catch (MOAIDException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 4f98e85e2..1fc5013f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -94,7 +94,6 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
@@ -109,9 +108,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
if (createXMLSignatureRequestOrRedirect == null) {
-
- System.out.println("Send InfoboxReadRequest to BKU to get signer certificate.");
- // no identity link found
+ // no identity link found
+
try {
Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
@@ -127,7 +125,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
session.getSessionID());
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate", dataurl);
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
}
catch(Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
index 6448f9392..aa6ed32d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
@@ -14,14 +14,28 @@ import org.w3c.dom.NodeList;
public class CreateIdentityLinkResponse {
private Element assertion;
+ private String error;
+ private boolean isError;
public Element getAssertion() {
return assertion;
}
+ public String getError() {
+ return error;
+ }
public void setAssertion(Element assertion) {
+ isError = false;
this.assertion = assertion;
}
+ public void setError(String error) {
+ isError = true;
+ this.error = error;
+ }
+
+ public boolean isError() {
+ return isError;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
index 25c3d7199..b856ee988 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
@@ -15,20 +15,17 @@
*/
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.util.Constants;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.util.Constants;
/**
* This class implements a detailed CreateMandateRequest that
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
index f19c21513..dcc3161e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
@@ -1,20 +1,6 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
index eaf07da13..026632589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
@@ -1,20 +1,6 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
/**
* SOAP Envelope Constants.
*
@@ -40,4 +26,7 @@ public interface SOAPConstants {
public static final String XPATH_SOAP_FAULTCODE = XPATH_SOAP_FAULT + "/faultcode/text()";
public static final String XPATH_SOAP_FAULTSTRING = XPATH_SOAP_FAULT + "/faultstring/text()";
+
+
}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index 0c84a9b18..2080118d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -20,121 +20,128 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import javax.net.ssl.SSLSocketFactory;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.protocol.Protocol;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import org.w3c.dom.Text;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-
-/**
- * This class implements a client for communication with the SZR-gateway
- * <p>
- * Two types of requests are supported
- * <ol>
- * <li>Basic Request</li>
- * <li>Detailed Request</li>
- * </ol>
- *
- */
-public class SZRGWClient {
- /**
- * The URL of the SZR-gateway webservice.
- */
- private String address;
-
- /**
- * The SSL socket factory when using a secure connection.
- */
- private SSLSocketFactory sSLSocketFactory;
-
- /**
- * Constructor
- */
- public SZRGWClient() {
- }
-
- /**
- * Constructor
- *
- * @param address the URL of the SZR-gateway webservice.
- */
- public SZRGWClient(String address) {
- this.address = address;
- }
- /**
- * Sets the SSL socket factory.
- *
- * @param factory the SSL socket factory.
- */
- public void setSSLSocketFactory(SSLSocketFactory factory) {
- this.sSLSocketFactory = factory;
- }
-
- /**
- * Sets the SZR webservice URL
- *
- * @param address the URL of the SZR-gateway webservice.
- */
- public void setAddress(String address) {
- this.address = address;
- }
-
- /**
- * Creates a mandate.
- *
- * @param reqElem the request.
- * @return a SZR-gateway response containing the result
- * @throws SZRGWException when an error occurs creating the mandate.
- */
- public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
- Logger.info("Connecting to SZR-gateway.");
- try {
- if (address == null) {
- throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
- }
- HttpClient client = new HttpClient();
- PostMethod method = new PostMethod(address);
- method.setRequestHeader("SOAPAction", "");
-
-
- // ssl settings
- if (sSLSocketFactory != null) {
- SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
- Protocol.registerProtocol("https", new Protocol("https", fac, 443));
- }
-
- // create soap body
- Element soapBody = getSOAPBody();
- Document doc = soapBody.getOwnerDocument();
- soapBody.appendChild(doc.importNode(reqElem, true));
- Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
-
- //ParepUtils.saveElementToFile(requestElement, new File("c:/szrRequest.xml"));
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.serializeElementAsDocument(requestElement, bos);
-
- method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
- client.executeMethod(method);
- CreateMandateResponse response = new CreateMandateResponse();
-
- bos = new ByteArrayOutputStream();
- doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
-
- //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/szrResponse.xml"));
- response.parse(doc.getDocumentElement());
-
-
- return response;
- } catch(Exception e) {
- //e.printStackTrace();
- throw new SZRGWClientException(e);
- }
+import at.gv.egovernment.moa.util.DOMUtils;
+
+
+
+/**
+ * This class implements a client for communication with the SZR-gateway
+ * <p>
+ * Two types of requests are supported
+ * <ol>
+ * <li>Basic Request</li>
+ * <li>Detailed Request</li>
+ * </ol>
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClient {
+ /**
+ * The URL of the SZR-gateway webservice.
+ */
+ private String address;
+
+ /**
+ * The SSL socket factory when using a secure connection.
+ */
+ private SSLSocketFactory sSLSocketFactory;
+
+ /**
+ * Constructor
+ */
+ public SZRGWClient() {
+ }
+
+ /**
+ * Constructor
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public SZRGWClient(String address) {
+ this.address = address;
+ }
+ /**
+ * Sets the SSL socket factory.
+ *
+ * @param factory the SSL socket factory.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory) {
+ this.sSLSocketFactory = factory;
+ }
+
+ /**
+ * Sets the SZR webservice URL
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public void setAddress(String address) {
+ this.address = address;
+ }
+
+ /**
+ * Creates a mandate.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
+ //Logger.info("Connecting to SZR-gateway.");
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+
+ //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+ client.executeMethod(method);
+ CreateMandateResponse response = new CreateMandateResponse();
+
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+ //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+ response.parse(doc.getDocumentElement());
+
+
+ return response;
+ } catch(Exception e) {
+ //e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
}
/**
@@ -145,119 +152,221 @@ public class SZRGWClient {
* @throws SZRGWException when an error occurs creating the mandate.
*/
public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException {
-
- Logger.info("Connecting to SZR-gateway.");
- try {
- if (address == null) {
- throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
- }
- HttpClient client = new HttpClient();
- PostMethod method = new PostMethod(address);
- method.setRequestHeader("SOAPAction", "");
+
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
-
- // ssl settings
- if (sSLSocketFactory != null) {
- SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
- Protocol.registerProtocol("https", new Protocol("https", fac, 443));
- }
-
- // create soap body
- Element soapBody = getSOAPBody();
- Document doc = soapBody.getOwnerDocument();
- soapBody.appendChild(doc.importNode(reqElem, true));
- Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
-
- //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.serializeElementAsDocument(requestElement, bos);
-
- method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
- client.executeMethod(method);
- CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
-
- bos = new ByteArrayOutputStream();
- doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+
+ //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+ client.executeMethod(method);
+ CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
+
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+ //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+
+ NodeList list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
+ if (list.getLength() > 0) {
+ // set error response
+ list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
+ String error = DOMUtils.getText(list.item(0));
- //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
-
- //check if errorresponse
- boolean isError = checkErrorResponse(doc.getDocumentElement());
-
- if (isError) {
- String error = getErrorCodeandMessage(doc.getDocumentElement());
- throw new SZRGWClientException(error);
- }
- else {
- response.setAssertion(doc.getDocumentElement());
- }
-
- return response;
- } catch(Exception e) {
- e.printStackTrace();
- throw new SZRGWClientException(e);
- }
+ response.setError(error);
+ }
+ else {
+ // set assertion
+ response.setAssertion(doc.getDocumentElement());
+ }
+
+ return response;
+ } catch(Exception e) {
+ throw new SZRGWClientException(e);
+ }
}
- /**
- * Returns an errorstring containing errorcode and info from SZR-GW error response
- * @param element
- * @return
+
+ /*
+ * builds an XML soap envelope
*/
- private String getErrorCodeandMessage(Element element) {
- String error = "Fehler im SZR-Gateway: ";
-
- String code = "";
- NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorCode");
- for (int i = 0; i < list.getLength(); i++) {
- Element elem = (Element)list.item(i);
- code += elem.getTextContent() + "/";
- }
-
- String info = "";
- list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
- for (int i = 0; i < list.getLength(); i++) {
- Element elem = (Element)list.item(i);
- info += elem.getTextContent() + "/";
- }
-
- error += code + " " + info;
- return error;
+ private Element getSOAPBody() throws SZRGWClientException {
+ Document doc_;
+ try {
+ doc_ = ParepUtils.createEmptyDocument();
+ Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
+ doc_.appendChild(root);
+
+ root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+ //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
+ root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
+ root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+
+ Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
+ root.appendChild(body);
+
+ return body;
+ } catch (SZRGWClientException e) {
+ throw new SZRGWClientException(e);
+ }
+
}
- /**
- * Checks if response from SZR-GW is errorresponse or not
- * @param element
- * @return
- */
- private boolean checkErrorResponse(Element element) {
-
- NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
-
- if (list.getLength() == 0)
- return false;
- else
- return true;
- }
-
- /*
- * builds an XML soap envelope
- */
- private Element getSOAPBody() throws SZRGWClientException {
- Document doc_ = ParepUtils.createEmptyDocument();
- Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
- doc_.appendChild(root);
-
- root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
- //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
- root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
- root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
-
- Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
- root.appendChild(body);
-
- return body;
- }
-
-}
+ public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+
+ String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ try {
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
+ doc.appendChild(getIdentityLink);
+
+ if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
+
+ Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
+ getIdentityLink.appendChild(pepsDataElem);
+
+ if (PEPSIdentifier != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSIdentifier);
+ elem.appendChild(text);
+ }
+ if (PEPSFirstname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFirstname);
+ elem.appendChild(text);
+ }
+
+ if (PEPSFamilyname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFamilyname);
+ elem.appendChild(text);
+ }
+
+ if (PEPSDateOfBirth != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSDateOfBirth);
+ elem.appendChild(text);
+ }
+ }
+
+ if (signature == null)
+ throw new SZRGWClientException("Signature element must not be null!");
+ else {
+ Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
+ Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent");
+ sig.appendChild(xmlcontent);
+ Node n = doc.importNode(signature, true);
+ getIdentityLink.appendChild(sig);
+ xmlcontent.appendChild(n);
+ }
+
+
+ return doc;
+ } catch (ParserConfigurationException e) {
+ throw new SZRGWClientException(e);
+ } /*catch (CertificateEncodingException e) {
+ throw new SZRGWClientException(e);
+ }*/
+
+
+ }
+
+ public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
+
+ String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+
+ try {
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
+ doc.appendChild(getIdentityLink);
+
+ if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
+
+ Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
+ getIdentityLink.appendChild(pepsDataElem);
+
+ if (PEPSIdentifier != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSIdentifier);
+ elem.appendChild(text);
+ }
+ if (PEPSFirstname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFirstname);
+ elem.appendChild(text);
+ }
+
+ if (PEPSFamilyname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFamilyname);
+ elem.appendChild(text);
+ }
+
+ if (PEPSDateOfBirth != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSDateOfBirth);
+ elem.appendChild(text);
+ }
+ }
+
+ if (signature == null)
+ throw new SZRGWClientException("Signature element must not be null!");
+ else {
+ Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
+ Element base64content = doc.createElementNS(SZRGW_NS, "szrgw:Base64Content");
+ sig.appendChild(base64content);
+ getIdentityLink.appendChild(sig);
+ Text text= doc.createTextNode(signature);
+ base64content.appendChild(text);
+ }
+
+ return doc;
+ } catch (ParserConfigurationException e) {
+ throw new SZRGWClientException(e);
+ } /*catch (CertificateEncodingException e) {
+ throw new SZRGWClientException(e);
+ }*/
+
+
+ }
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
index 25390dc0b..a70ccef90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
@@ -15,38 +15,38 @@
*/
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-/**
- * This class implements the basic exception type for the SZR-gateway client
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWClientException extends Exception {
-
- /*
- * see super constructor.
- */
- public SZRGWClientException() {
- super();
- }
-
- /*
- * see super constructor.
- */
- public SZRGWClientException(String arg0) {
- super(arg0);
- }
-
- /*
- * see super construction.
- */
- public SZRGWClientException(Throwable arg0) {
- super(arg0);
- }
-
- /*
- * see super constructor
- */
- public SZRGWClientException(String arg0, Throwable arg1) {
- super(arg0, arg1);
- }
-}
+/**
+ * This class implements the basic exception type for the SZR-gateway client
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException() {
+ super();
+ }
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException(String arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super construction.
+ */
+ public SZRGWClientException(Throwable arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super constructor
+ */
+ public SZRGWClientException(String arg0, Throwable arg1) {
+ super(arg0, arg1);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
index 476573ec0..4e6f6fa1b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
@@ -15,54 +15,55 @@
*/
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-/**
- * This interface specifies all the constants needed for the communication with the SZR-gateway.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public interface SZRGWConstants {
-
- //PersonData
- public static final String PD_PREFIX = "pr:";
- public static final String PD_POSTFIX = ":pr";
- public static final String SAML_PREFIX = "saml:";
- public static final String SAML_POSTFIX = ":saml";
- public static final String PERSON = "Person";
- public static final String PHYSICALPERSON = "PhysicalPerson";
- public static final String CORPORATEBODY = "CorporateBody";
- public static final String IDENTIFICATION = "Identification";
- public static final String VALUE = "Value";
- public static final String TYPE = "Type";
- public static final String NAME = "Name";
- public static final String GIVENNAME = "GivenName";
- public static final String FAMILYNAME = "FamilyName";
- public static final String DATEOFBIRTH = "DateOfBirth";
- public static final String FULLNAME = "FullName";
- public static final String ORGANIZATION = "Organization";
-
- public static final String POSTALADDRESS = "PostalAddress";
- public static final String DELIVERYADDRESS = "DeliveryAddress";
- public static final String MUNICIPALITY = "Municipality";
- public static final String POSTALCODE = "PostalCode";
- public static final String STREETNAME = "StreetName";
- public static final String BUILDINGNUMBER = "BuildingNumber";
- public static final String UNIT = "Unit";
- //String ADDRESS = "Address";
- //String COUNTRYCODE = "CountryCode";
- //String DOORNUMBER = "DoorNumber";
-
- // SZR-gateway constants
- public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
- public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
- public static final String SZRGW_PREFIX = "sgw:";
- public static final String SZRGW_POSTFIX = ":sgw";
- public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
- public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
- public static final String ERROR_RESPONSE = "ErrorResponse";
- public static final String MANDATOR = "Mandator";
- public static final String REPRESENTATIVE = "Representative";
- public static final String MANDATE = "Mandate";
- public static final String MANDATE_PREFIX = "md:";
- public static final String MANDATE_POSTFIX = ":md";
-
-}
+/**
+ * This interface specifies all the constants needed for the communication with the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public interface SZRGWConstants {
+
+ //PersonData
+ public static final String PD_PREFIX = "pr:";
+ public static final String PD_POSTFIX = ":pr";
+ public static final String PERSON = "Person";
+ public static final String PHYSICALPERSON = "PhysicalPerson";
+ public static final String CORPORATEBODY = "CorporateBody";
+ public static final String IDENTIFICATION = "Identification";
+ public static final String VALUE = "Value";
+ public static final String TYPE = "Type";
+ public static final String NAME = "Name";
+ public static final String GIVENNAME = "GivenName";
+ public static final String FAMILYNAME = "FamilyName";
+ public static final String DATEOFBIRTH = "DateOfBirth";
+ public static final String FULLNAME = "FullName";
+ public static final String ORGANIZATION = "Organization";
+
+ public static final String POSTALADDRESS = "PostalAddress";
+ public static final String DELIVERYADDRESS = "DeliveryAddress";
+ public static final String MUNICIPALITY = "Municipality";
+ public static final String POSTALCODE = "PostalCode";
+ public static final String STREETNAME = "StreetName";
+ public static final String BUILDINGNUMBER = "BuildingNumber";
+ public static final String UNIT = "Unit";
+ //String ADDRESS = "Address";
+ //String COUNTRYCODE = "CountryCode";
+ //String DOORNUMBER = "DoorNumber";
+
+ // SZR-gateway constants
+ public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+ public static final String SZRGW_PREFIX = "sgw:";
+ public static final String SZRGW_POSTFIX = ":sgw";
+ public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
+ public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
+ public static final String ERROR_RESPONSE = "ErrorResponse";
+ public static final String MANDATOR = "Mandator";
+ public static final String REPRESENTATIVE = "Representative";
+ public static final String MANDATE = "Mandate";
+ public static final String MANDATE_PREFIX = "md:";
+ public static final String MANDATE_POSTFIX = ":md";
+
+ public static final String SAML_PREFIX = "saml:";
+ public static final String SAML_POSTFIX = ":saml";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
index af66ca331..bd0595524 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
@@ -14,126 +14,126 @@
* limitations under the License.
*/
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
-
-
-/**
- * This class implements a secure protocol socket factory
- * for the Apache HTTP client.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
-
- /**
- * The SSL socket factory.
- */
- private SSLSocketFactory factory;
-
- /**
- * Creates a new Secure socket factory for the
- * Apache HTTP client.
- *
- * @param factory the SSL socket factory to use.
- */
- public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
- this.factory = factory;
- }
-
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
- */
- public Socket createSocket(
- String host,
- int port,
- InetAddress clientHost,
- int clientPort)
- throws IOException, UnknownHostException {
-
- return this.factory.createSocket(
- host,
- port,
- clientHost,
- clientPort
- );
- }
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
- */
- public Socket createSocket(String host, int port)
- throws IOException, UnknownHostException {
- return this.factory.createSocket(
- host,
- port
- );
- }
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
- */
- public Socket createSocket(
- Socket socket,
- String host,
- int port,
- boolean autoClose)
- throws IOException, UnknownHostException {
- return this.factory.createSocket(
- socket,
- host,
- port,
- autoClose
- );
- }
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
- */
- public Socket createSocket(
- String host,
- int port,
- InetAddress clientHost,
- int clientPort,
- HttpConnectionParams params)
- throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
-
- Socket socket = createSocket(host, port, clientHost, clientPort);
- if (socket != null) {
- // socket.setKeepAlive(false);
- if (params.getReceiveBufferSize() >= 0)
- socket.setReceiveBufferSize(params.getReceiveBufferSize());
- if (params.getSendBufferSize() >= 0)
- socket.setSendBufferSize(params.getSendBufferSize());
- socket.setReuseAddress(true);
- if (params.getSoTimeout() >= 0)
- socket.setSoTimeout(params.getSoTimeout());
- }
- return socket;
-
- }
-
- /**
- * @see java.lang.Object#equals(java.lang.Object)
- */
- public boolean equals(Object obj) {
- return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
- }
-
- /**
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- return SZRGWSecureSocketFactory.class.hashCode();
- }
-
-}
+/**
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+
+ /**
+ * The SSL socket factory.
+ */
+ private SSLSocketFactory factory;
+
+ /**
+ * Creates a new Secure socket factory for the
+ * Apache HTTP client.
+ *
+ * @param factory the SSL socket factory to use.
+ */
+ public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+ this.factory = factory;
+ }
+
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort)
+ throws IOException, UnknownHostException {
+
+ return this.factory.createSocket(
+ host,
+ port,
+ clientHost,
+ clientPort
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+ */
+ public Socket createSocket(String host, int port)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ host,
+ port
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+ */
+ public Socket createSocket(
+ Socket socket,
+ String host,
+ int port,
+ boolean autoClose)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ socket,
+ host,
+ port,
+ autoClose
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort,
+ HttpConnectionParams params)
+ throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
+
+ Socket socket = createSocket(host, port, clientHost, clientPort);
+ if (socket != null) {
+ // socket.setKeepAlive(false);
+ if (params.getReceiveBufferSize() >= 0)
+ socket.setReceiveBufferSize(params.getReceiveBufferSize());
+ if (params.getSendBufferSize() >= 0)
+ socket.setSendBufferSize(params.getSendBufferSize());
+ socket.setReuseAddress(true);
+ if (params.getSoTimeout() >= 0)
+ socket.setSoTimeout(params.getSoTimeout());
+ }
+ return socket;
+
+ }
+
+ /**
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object obj) {
+ return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+ }
+
+ /**
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ return SZRGWSecureSocketFactory.class.hashCode();
+ }
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index a61a3de97..9193a591e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -118,13 +118,4 @@ public class ConnectionParameter {
this.clientKeyStorePassword = clientKeyStorePassword;
}
- public String toString() {
- String s = "* ConnectionParameter *\n";
- s += "URL: " + url + "\n";
- s += "acceptedServerCertificates: " + acceptedServerCertificates + "\n";
- s += "clientKeyStore: " + clientKeyStore + "\n";
- s += "clientKeyStorePassword: " + clientKeyStorePassword;
-
- return s;
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 8799082b3..a50a366a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -20,7 +20,6 @@ import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
import iaik.pki.PKIProfile;
import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
@@ -51,6 +50,7 @@ import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
import at.gv.egovernment.moa.logging.Logger;
+
/**
* Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
* This <code>TrustManager</code> implementation features CRL checking.<br/>
@@ -102,25 +102,29 @@ public class SSLUtils {
Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
// retrieve SSLSocketFactory if already created
SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
+ if (ssf != null)
return ssf;
+
// else create new SSLSocketFactory
String trustStoreURL = conf.getTrustedCACertificates();
+
if (trustStoreURL == null)
throw new ConfigurationException(
"config.08", new Object[] {"TrustedCACertificates"});
String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+
TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
+
KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
"pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- ssf = ctx.getSocketFactory();
+ ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
// store SSLSocketFactory
sslSocketFactories.put(connParam.getUrl(), ssf);
return ssf;
}
-
+
+
/**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
* using configuration data.