aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java1
6 files changed, 43 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 01c6a512f..103274c29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -15,10 +15,14 @@
*/
package at.gv.egovernment.moa.id.auth;
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
@@ -32,10 +36,13 @@ import java.util.Map;
import java.util.Set;
import java.util.Vector;
+import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+import HTTPClient.Util;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
@@ -431,6 +438,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE);
+
if (isEmpty(xmlInfoboxReadResponse))
throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
@@ -455,8 +463,30 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID.");
return null;
}
-
- // parses the <InfoboxReadResponse>
+
+ // for testing new identity link certificate
+// xmlInfoboxReadResponse = null;
+// try {
+// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml");
+// FileInputStream fis;
+//
+// fis = new FileInputStream(file);
+// byte[] array = Utils.readFromInputStream(fis);
+//
+// xmlInfoboxReadResponse = new String(array);
+// System.out.println(xmlInfoboxReadResponse);
+//
+// } catch (FileNotFoundException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (UtilsException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
+
+
+
+ // parses the <InfoboxReadResponse>
IdentityLink identityLink =
new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
// validates the identity link
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 88859dc3f..84f8f6985 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -86,7 +86,10 @@ public interface MOAIDAuthConstants {
*/
public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID =
new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
- "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};
+ "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission",
+ "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"};
+ //"E=dsk@dsk.gv.at,SERIALNUMBER=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"};
+
/** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */
public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index a14d0325f..2c97f01ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -131,6 +131,7 @@ public class VerifyXMLSignatureRequestBuilder {
Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+
for (int i = 0; i < dsigTransforms.length; i++) {
Element verifyTransformsInfoProfileElem =
requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 1fc5013f3..ba3e2141b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -106,6 +106,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+
+ Logger.debug(createXMLSignatureRequestOrRedirect);
if (createXMLSignatureRequestOrRedirect == null) {
// no identity link found
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index 1c9b66124..baaa21db2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -155,6 +155,9 @@ public class IdentityLinkValidator implements Constants {
if (attributeValue==null)
attributeValue =
(Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
+ if (attributeValue==null)
+ attributeValue =
+ (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue");
if (attributeValue == null)
throw new ValidateException("validator.02", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index bc7db72f4..affa95c2b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -124,6 +124,7 @@ public class VerifyXMLSignatureResponseValidator {
catch (RFC2253NameParserException e) {
throw new ValidateException("validator.17", null);
}
+ System.out.println("subjectDN: " + subjectDN);
// check the authorisation to sign the identity link
if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
// subject DN check failed, try OID check: