diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java')
5 files changed, 112 insertions, 96 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 49e2cbdd5..fe23b545f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,7 +24,6 @@  package at.gv.egovernment.moa.id.auth;  import iaik.asn1.ObjectID; -import iaik.pki.PKIException;  import iaik.x509.X509Certificate;  import iaik.x509.X509ExtensionInitException; @@ -32,7 +31,6 @@ import java.io.ByteArrayInputStream;  import java.io.IOException;  import java.io.InputStream;  import java.io.StringWriter; -import java.security.GeneralSecurityException;  import java.security.NoSuchAlgorithmException;  import java.security.Principal;  import java.security.cert.CertificateException; @@ -60,7 +58,6 @@ import org.opensaml.common.IdentifierGenerator;  import org.opensaml.common.impl.SecureRandomIdentifierGenerator;  import org.opensaml.xml.util.Base64;  import org.opensaml.xml.util.XMLHelper; -import org.springframework.util.xml.DomUtils;  import org.w3c.dom.Document;  import org.w3c.dom.Element;  import org.w3c.dom.Node; @@ -123,8 +120,8 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;  import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils;  import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;  import at.gv.egovernment.moa.logging.LogMsg;  import at.gv.egovernment.moa.logging.Logger; @@ -137,7 +134,6 @@ import at.gv.egovernment.moa.util.StringUtils;  import at.gv.egovernment.moa.util.XPathUtils;  import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;  import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKAuthnRequest;  import eu.stork.peps.auth.commons.PEPSUtil;  import eu.stork.peps.auth.commons.PersonalAttribute;  import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1700,8 +1696,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {  	   * @return Identity link assertion  	 * @throws SZRGWClientException   	   */ -	     public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse  -	     	getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + +	     public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException {  		    SZRGWClient client = null; @@ -1713,8 +1709,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {  		    	CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); -		    	request.setSignature(DOMUtils.serializeNode(signature).getBytes()); +		    	request.setSignature(citizenSignature.getBytes()); +		    	Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");  				CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1735,17 +1732,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {  //		    			throw new SZRGWClientException("Could not initialize SSL Factory");  //		    		}   //		    	} -		    	Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");  		    }  		    catch (ConfigurationException e) {  		    	Logger.warn(e);  		    	Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); -		    } catch (TransformerException e) { -				// TODO Auto-generated catch block -				e.printStackTrace(); -			} catch (IOException e) { -				// TODO Auto-generated catch block -				e.printStackTrace();  			}  //		    // create request @@ -1776,6 +1766,34 @@ public class AuthenticationServer implements MOAIDAuthConstants {  	  }  	/** +	 * Does the request to the SZR-GW. +	 * +	 * @param signature the signature +	 * @return the identity link +	 * @throws SZRGWClientException the sZRGW client exception +	 * @throws ConfigurationException the configuration exception +	 */ +	public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { +		return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); +	} + +	/** +	 * Does the request to the SZR-GW. +	 * +	 * @param PEPSIdentifier the pEPS identifier +	 * @param PEPSFirstname the pEPS firstname +	 * @param PEPSFamilyname the pEPS familyname +	 * @param PEPSDateOfBirth the pEPS date of birth +	 * @param signature XMLDSIG signature +	 * @return Identity link assertion +	 * @throws SZRGWClientException the sZRGW client exception +	 * @throws ConfigurationException the configuration exception +	 */ +	public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException, ConfigurationException { +		return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); +	} + +	/**  	 * Starts a MOA-ID authentication process using STORK  	 * @param req HttpServletRequest  	 * @param resp HttpServletResponse diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 222faec37..be307ae14 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -162,7 +162,7 @@ public class GetForeignIDServlet extends AuthServlet {  			}
  	    	// make SZR request to the identity link
 -	    	CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature);
 +	    	CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
  	    	if (response.isError()) {	    		
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 653f40670..f1ee4c181 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -178,7 +178,7 @@ public class PEPSConnectorServlet extends AuthServlet {  			//contact SZR Gateway
  			IdentityLink identityLink = null;
  			try {
 -				identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes());
 +				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList());
  			} catch (STORKException e) {
  				Logger.error("Error connecting SZR Gateway", e);
  				throw new MOAIDException("stork.10", null);
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e47a43c90..e2112a4d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.Constants;  import at.gv.egovernment.moa.util.DateTimeUtils;
  import at.gv.egovernment.moa.util.StringUtils;
  import eu.stork.mw.messages.saml.STORKResponse;
 +import eu.stork.peps.auth.commons.IPersonalAttributeList;
  import eu.stork.vidp.messages.common.STORKConstants;
  import eu.stork.vidp.messages.util.SAMLUtil;
  import eu.stork.vidp.messages.util.XMLUtil;
 @@ -294,29 +295,41 @@ public class STORKResponseProcessor {  	}
 -	
 +
 +	/**
 +	 * helper for reading attributes. Handles logging and error handling.
 +	 *
 +	 * @param attributeName the attribute name
 +	 * @param attributeList the attribute list
 +	 * @return the attribute value
 +	 * @throws STORKException the sTORK exception
 +	 */
 +	private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException {
 +		try {
 +			String result = attributeList.get(attributeName).getValue().get(0);
 +			Logger.trace(attributeName + " : " + result);
 +			return result;
 +		} catch(NullPointerException e) {
 +			Logger.error(attributeName + " not found in response");
 +			throw new STORKException(attributeName + " not found in response");
 +		}
 +	}
 +
  	/**
  	 * Handels connection to SZR-GW and returns Identity Link on success
 -	 * @param citizenSignature Citizen signature
 -	 * @param attributeList Received attribute List in assertion
 +	 * @param iPersonalAttributeList Received attribute List in assertion
  	 * @return Identity Link
  	 * @throws STORKException
  	 */
 -	public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {				
 +	public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException {
  		Logger.trace("Calling SZR Gateway with the following attributes:");
 -		String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
 -		Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier);
 -
 -		String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);
 -		Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);
 -		
 -		String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME);
 -		Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName);
 -		
 -		String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH);
 -		Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth);
 -		
 +		// fetch mandatory attributes
 +		String citizenSignature = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, attributeList);
 +		String eIdentifier = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, attributeList);
 +		String givenName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, attributeList);
 +		String lastName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SURNAME, attributeList);
 +		String dateOfBirth = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, attributeList);
  		if (!StringUtils.isEmpty(dateOfBirth)) {
  			dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
  		} 
 @@ -325,7 +338,21 @@ public class STORKResponseProcessor {  		IdentityLink identityLink = null;
  		try {
  			Logger.trace("Starting call...");
 -			response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
 +
 +			// do we have a case of representation?
 +			try {
 +				String representative = getAttributeValue("representative", attributeList);
 +				String represented = getAttributeValue("represented", attributeList);
 +				String mandate = getAttributeValue("mandateContent", attributeList);
 +
 +				// if we get here we have a representation case
 +				response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
 +
 +			} catch(STORKException e) {
 +				// we do not have a representation case
 +				response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
 +			}
 +
  			if (response.isError()) {
  				Logger.error("Receveid ErrorResponse from SZR Gateway.");
  	    		throw new SZRGWClientException(response.getError());
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index e3457f4de..325bf25a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -39,7 +39,6 @@ import org.apache.commons.httpclient.protocol.Protocol;  import org.apache.xpath.XPathAPI;  import org.w3c.dom.Document;  import org.w3c.dom.Element; -import org.w3c.dom.Node;  import org.w3c.dom.NodeList;  import org.w3c.dom.Text; @@ -254,8 +253,8 @@ public class SZRGWClient {  	}    } -   -  public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + +  public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String representative, String represented, String mandateContent) throws SZRGWClientException {  	  String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";  		  try { @@ -299,73 +298,25 @@ public class SZRGWClient {  	            	Text text= doc.createTextNode(PEPSDateOfBirth);  	            	elem.appendChild(text);  	            } -	        } -	         -	        if (signature == null) -	        	throw new SZRGWClientException("Signature element must not be null!"); -	        else { -	        	Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); -	        	Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent"); -	        	sig.appendChild(xmlcontent);	        	 -	        	Node n = doc.importNode(signature, true);	        	 -	        	getIdentityLink.appendChild(sig); -	        	xmlcontent.appendChild(n); -	        } -	         -	                           -	        return doc; -	    } catch (ParserConfigurationException e) { -	    	throw new SZRGWClientException(e); -	    } /*catch (CertificateEncodingException e) { -	    	throw new SZRGWClientException(e); -		}*/ -	     -	} -   -  public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - -	  String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; -	   -	  try { -			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); -			factory.setNamespaceAware(true); -	        DocumentBuilder builder = factory.newDocumentBuilder(); -	        Document doc = builder.newDocument(); -	         -	        Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); -	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); -	        doc.appendChild(getIdentityLink); -	             -	        if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { -	        	 -	        	Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); -	        	getIdentityLink.appendChild(pepsDataElem); -	        	 -	        	if (PEPSIdentifier != null) { -	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); -	            	pepsDataElem.appendChild(elem); -	            	Text text= doc.createTextNode(PEPSIdentifier); -	            	elem.appendChild(text); -	            } -	        	if (PEPSFirstname != null) { -	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); +	        	if (representative != null) { +	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Representative");  	            	pepsDataElem.appendChild(elem); -	            	Text text= doc.createTextNode(PEPSFirstname); +	            	Text text= doc.createTextNode(representative);  	            	elem.appendChild(text); -	            } +	        	} -	        	if (PEPSFamilyname != null) { -	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); +	        	if (represented != null) { +	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Represented");  	            	pepsDataElem.appendChild(elem); -	            	Text text= doc.createTextNode(PEPSFamilyname); +	            	Text text= doc.createTextNode(represented);  	            	elem.appendChild(text);  	            } -	        	if (PEPSDateOfBirth != null) { -	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); +	        	if (mandateContent != null) { +	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:MandateContent");  	            	pepsDataElem.appendChild(elem); -	            	Text text= doc.createTextNode(PEPSDateOfBirth); +	            	Text text= doc.createTextNode(mandateContent);  	            	elem.appendChild(text);  	            }  	        } @@ -380,7 +331,27 @@ public class SZRGWClient {  	        	Text text= doc.createTextNode(signature);  	        	base64content.appendChild(text);  	        } -	                           + +	        if(representative != null && represented != null && mandateContent != null) { +	        	Element mis = doc.createElementNS(SZRGW_NS, "szrgw:MIS"); +	        	Element filters = doc.createElementNS(SZRGW_NS, "szrgw:Filters"); +	        	mis.appendChild(filters); +	        	Element target = doc.createElementNS(SZRGW_NS, "szrgw:Target"); +	        	mis.appendChild(target); +	        	Element friendlyName = doc.createElementNS(SZRGW_NS, "szrgw:OAFriendlyName"); +	        	mis.appendChild(friendlyName); +	        	getIdentityLink.appendChild(mis); + +//				TODO fetch data from oa params +//		    	String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +//		    	moasessionid = StringEscapeUtils.escapeHtml(moasessionid); +//	    	    AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); +//	    		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +//	    		if (oaParam == null) +//	    				throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); +//	        	Text text = doc.createTextNode(oaParam.getFriendlyName()); +	        } +  	        return doc;  	    } catch (ParserConfigurationException e) {  	    	throw new SZRGWClientException(e); | 
