aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java95
5 files changed, 112 insertions, 96 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 49e2cbdd5..fe23b545f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,7 +24,6 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
-import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -32,7 +31,6 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
-import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
@@ -60,7 +58,6 @@ import org.opensaml.common.IdentifierGenerator;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
-import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -123,8 +120,8 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
@@ -137,7 +134,6 @@ import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
@@ -1700,8 +1696,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return Identity link assertion
* @throws SZRGWClientException
*/
- public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse
- getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+
+ public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException {
SZRGWClient client = null;
@@ -1713,8 +1709,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
CreateIdentityLinkRequest request = new CreateIdentityLinkRequest();
- request.setSignature(DOMUtils.serializeNode(signature).getBytes());
+ request.setSignature(citizenSignature.getBytes());
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());
@@ -1735,17 +1732,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// throw new SZRGWClientException("Could not initialize SSL Factory");
// }
// }
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
}
catch (ConfigurationException e) {
Logger.warn(e);
Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
- } catch (TransformerException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
}
// // create request
@@ -1776,6 +1766,34 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
+ * Does the request to the SZR-GW.
+ *
+ * @param signature the signature
+ * @return the identity link
+ * @throws SZRGWClientException the sZRGW client exception
+ * @throws ConfigurationException the configuration exception
+ */
+ public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException {
+ return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null);
+ }
+
+ /**
+ * Does the request to the SZR-GW.
+ *
+ * @param PEPSIdentifier the pEPS identifier
+ * @param PEPSFirstname the pEPS firstname
+ * @param PEPSFamilyname the pEPS familyname
+ * @param PEPSDateOfBirth the pEPS date of birth
+ * @param signature XMLDSIG signature
+ * @return Identity link assertion
+ * @throws SZRGWClientException the sZRGW client exception
+ * @throws ConfigurationException the configuration exception
+ */
+ public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException, ConfigurationException {
+ return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null);
+ }
+
+ /**
* Starts a MOA-ID authentication process using STORK
* @param req HttpServletRequest
* @param resp HttpServletResponse
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 222faec37..be307ae14 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -162,7 +162,7 @@ public class GetForeignIDServlet extends AuthServlet {
}
// make SZR request to the identity link
- CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature);
+ CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
if (response.isError()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 653f40670..f1ee4c181 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -178,7 +178,7 @@ public class PEPSConnectorServlet extends AuthServlet {
//contact SZR Gateway
IdentityLink identityLink = null;
try {
- identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes());
+ identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList());
} catch (STORKException e) {
Logger.error("Error connecting SZR Gateway", e);
throw new MOAIDException("stork.10", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index e47a43c90..e2112a4d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.util.SAMLUtil;
import eu.stork.vidp.messages.util.XMLUtil;
@@ -294,29 +295,41 @@ public class STORKResponseProcessor {
}
-
+
+ /**
+ * helper for reading attributes. Handles logging and error handling.
+ *
+ * @param attributeName the attribute name
+ * @param attributeList the attribute list
+ * @return the attribute value
+ * @throws STORKException the sTORK exception
+ */
+ private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException {
+ try {
+ String result = attributeList.get(attributeName).getValue().get(0);
+ Logger.trace(attributeName + " : " + result);
+ return result;
+ } catch(NullPointerException e) {
+ Logger.error(attributeName + " not found in response");
+ throw new STORKException(attributeName + " not found in response");
+ }
+ }
+
/**
* Handels connection to SZR-GW and returns Identity Link on success
- * @param citizenSignature Citizen signature
- * @param attributeList Received attribute List in assertion
+ * @param iPersonalAttributeList Received attribute List in assertion
* @return Identity Link
* @throws STORKException
*/
- public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException {
Logger.trace("Calling SZR Gateway with the following attributes:");
- String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier);
-
- String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);
-
- String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName);
-
- String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth);
-
+ // fetch mandatory attributes
+ String citizenSignature = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, attributeList);
+ String eIdentifier = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, attributeList);
+ String givenName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, attributeList);
+ String lastName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SURNAME, attributeList);
+ String dateOfBirth = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, attributeList);
if (!StringUtils.isEmpty(dateOfBirth)) {
dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
}
@@ -325,7 +338,21 @@ public class STORKResponseProcessor {
IdentityLink identityLink = null;
try {
Logger.trace("Starting call...");
- response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
+
+ // do we have a case of representation?
+ try {
+ String representative = getAttributeValue("representative", attributeList);
+ String represented = getAttributeValue("represented", attributeList);
+ String mandate = getAttributeValue("mandateContent", attributeList);
+
+ // if we get here we have a representation case
+ response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
+
+ } catch(STORKException e) {
+ // we do not have a representation case
+ response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
+ }
+
if (response.isError()) {
Logger.error("Receveid ErrorResponse from SZR Gateway.");
throw new SZRGWClientException(response.getError());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index e3457f4de..325bf25a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -39,7 +39,6 @@ import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
@@ -254,8 +253,8 @@ public class SZRGWClient {
}
}
-
- public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+
+ public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String representative, String represented, String mandateContent) throws SZRGWClientException {
String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
try {
@@ -299,73 +298,25 @@ public class SZRGWClient {
Text text= doc.createTextNode(PEPSDateOfBirth);
elem.appendChild(text);
}
- }
-
- if (signature == null)
- throw new SZRGWClientException("Signature element must not be null!");
- else {
- Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
- Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent");
- sig.appendChild(xmlcontent);
- Node n = doc.importNode(signature, true);
- getIdentityLink.appendChild(sig);
- xmlcontent.appendChild(n);
- }
-
-
- return doc;
- } catch (ParserConfigurationException e) {
- throw new SZRGWClientException(e);
- } /*catch (CertificateEncodingException e) {
- throw new SZRGWClientException(e);
- }*/
-
- }
-
- public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
-
- String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
-
- try {
- DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.newDocument();
-
- Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
- getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
- doc.appendChild(getIdentityLink);
-
- if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
-
- Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
- getIdentityLink.appendChild(pepsDataElem);
-
- if (PEPSIdentifier != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSIdentifier);
- elem.appendChild(text);
- }
- if (PEPSFirstname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+ if (representative != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Representative");
pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFirstname);
+ Text text= doc.createTextNode(representative);
elem.appendChild(text);
- }
+ }
- if (PEPSFamilyname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+ if (represented != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Represented");
pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFamilyname);
+ Text text= doc.createTextNode(represented);
elem.appendChild(text);
}
- if (PEPSDateOfBirth != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+ if (mandateContent != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:MandateContent");
pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSDateOfBirth);
+ Text text= doc.createTextNode(mandateContent);
elem.appendChild(text);
}
}
@@ -380,7 +331,27 @@ public class SZRGWClient {
Text text= doc.createTextNode(signature);
base64content.appendChild(text);
}
-
+
+ if(representative != null && represented != null && mandateContent != null) {
+ Element mis = doc.createElementNS(SZRGW_NS, "szrgw:MIS");
+ Element filters = doc.createElementNS(SZRGW_NS, "szrgw:Filters");
+ mis.appendChild(filters);
+ Element target = doc.createElementNS(SZRGW_NS, "szrgw:Target");
+ mis.appendChild(target);
+ Element friendlyName = doc.createElementNS(SZRGW_NS, "szrgw:OAFriendlyName");
+ mis.appendChild(friendlyName);
+ getIdentityLink.appendChild(mis);
+
+// TODO fetch data from oa params
+// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+// moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
+// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
+// Text text = doc.createTextNode(oaParam.getFriendlyName());
+ }
+
return doc;
} catch (ParserConfigurationException e) {
throw new SZRGWClientException(e);