diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java')
2 files changed, 117 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5e4aee81b..43384c58a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1652,6 +1652,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { data.setFamilyname(PEPSFamilyname); data.setFirstname(PEPSFirstname); data.setIdentifier(PEPSIdentifier); + + data.setFiscalNumber(PEPSFiscalNumber); data.setRepresentative(representative); data.setRepresented(represented); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 10d0ddbc4..0d40c9c9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -250,7 +250,56 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
throw new MOAIDException("stork.07", null);
}
-
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+ //================== Check QAA level start ====================
+ int reqQaa = -1;
+ int authQaa = -1;
+ String authQaaStr = null;
+ try {
+ reqQaa = storkAuthnRequest.getQaa();
+
+ //TODO: found better solution, but QAA Level in response could be not supported yet
+ try {
+
+ authQaaStr = authnResponse.getAssertions().get(0).
+ getAuthnStatements().get(0).getAuthnContext().
+ getAuthnContextClassRef().getAuthnContextClassRef();
+ moaSession.setQAALevel(authQaaStr);
+
+ } catch (Throwable e) {
+ Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+ moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+ authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
+ }
+ if(authQaaStr != null)//Check value only if set
+ {
+ authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length()));
+// authQaa = Integer.valueOf(authQaaStr);
+ if (reqQaa > authQaa) {
+ Logger.warn("Requested QAA level does not match to authenticated QAA level");
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+ }
+ } catch (MOAIDException e) {
+ throw e;
+
+ } catch (Exception e) {
+ if (Logger.isDebugEnabled())
+ Logger.warn("STORK QAA Level evaluation error", e);
+
+ else
+ Logger.warn("STORK QAA Level evaluation error (ErrorMessage="
+ + e.getMessage() + ")");
+
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+ //================== Check QAA level end ====================
+
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
////////////// incorporate gender from parameters if not in stork response
@@ -291,28 +340,41 @@ public class PEPSConnectorServlet extends AuthServlet { SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
// fetch signed doc
- DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+ DataSource ds = null;
+ try{
+ ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+ }catch(Exception e)
+ {
+ e.printStackTrace();
+ }
if(ds == null){
- throw new ApiUtilsException("No datasource found in response");
- }
-
- InputStream incoming = ds.getInputStream();
- citizenSignature = IOUtils.toString(incoming);
- incoming.close();
-
- Logger.debug("citizenSignature:"+citizenSignature);
- if(isDocumentServiceUsed(citizenSignature)==true)
+ //Normal DocumentServices return a http-page, but the SI DocumentService returns HTTP error 500
+ //which results in an exception and ds==null
+
+ //try to load document from documentservice
+ citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
+ //throw new ApiUtilsException("No datasource found in response");
+ }
+ else
{
- Logger.debug("Loading document from DocumentService.");
- String url = getDtlUrlFromResponse(dssSignResponse);
- //get Transferrequest
- String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
- //Load document from DocujmentService
- byte[] data = getDocumentFromDtl(transferRequest, url);
- citizenSignature = new String(data, "UTF-8");
- Logger.debug("Overridung citizenSignature with:"+citizenSignature);
+ InputStream incoming = ds.getInputStream();
+ citizenSignature = IOUtils.toString(incoming);
+ incoming.close();
+
+ Logger.debug("citizenSignature:"+citizenSignature);
+ if(isDocumentServiceUsed(citizenSignature)==true)
+ {
+ citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
+ // Logger.debug("Loading document from DocumentService.");
+ // String url = getDtlUrlFromResponse(dssSignResponse);
+ // //get Transferrequest
+ // String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
+ // //Load document from DocumentService
+ // byte[] data = getDocumentFromDtl(transferRequest, url);
+ // citizenSignature = new String(data, "UTF-8");
+ // Logger.debug("Overridung citizenSignature with:"+citizenSignature);
+ }
}
-
JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
@@ -349,9 +411,9 @@ public class PEPSConnectorServlet extends AuthServlet { // Logger.error("could not retrieve moa session");
// throw new AuthenticationException("auth.01", null);
// }
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
// retrieve target
//TODO: check in case of SSO!!!
@@ -477,18 +539,18 @@ public class PEPSConnectorServlet extends AuthServlet { // stork did the authentication step
moaSession.setAuthenticated(true);
- //TODO: found better solution, but QAA Level in response could be not supported yet
- try {
-
- moaSession.setQAALevel(authnResponse.getAssertions().get(0).
- getAuthnStatements().get(0).getAuthnContext().
- getAuthnContextClassRef().getAuthnContextClassRef());
-
- } catch (Throwable e) {
- Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
- moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-
- }
+// //TODO: found better solution, but QAA Level in response could be not supported yet
+// try {
+//
+// moaSession.setQAALevel(authnResponse.getAssertions().get(0).
+// getAuthnStatements().get(0).getAuthnContext().
+// getAuthnContextClassRef().getAuthnContextClassRef());
+//
+// } catch (Throwable e) {
+// Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+// moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+//
+// }
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
@@ -526,11 +588,28 @@ public class PEPSConnectorServlet extends AuthServlet { }
+ private String loadDocumentFromDocumentService(SignResponse dssSignResponse) throws Exception
+ {
+ Logger.debug("Loading document from DocumentService.");
+ String url = getDtlUrlFromResponse(dssSignResponse);
+ Logger.debug("Loading document from DocumentService, url:"+url);
+ //get Transferrequest
+ String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
+ //Load document from DocumentService
+ byte[] data = getDocumentFromDtl(transferRequest, url);
+ String citizenSignature = new String(data, "UTF-8");
+ Logger.debug("Overridung citizenSignature with:"+citizenSignature);
+ return citizenSignature;
+ }
private boolean isDocumentServiceUsed(String citizenSignature) //TODo add better check
{
if(citizenSignature.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
+ {
+ Logger.trace("isDocumentServiceUsed => true");
return true;
+ }
+ Logger.trace("isDocumentServiceUsed => false");
return false;
}
@@ -567,6 +646,7 @@ public class PEPSConnectorServlet extends AuthServlet { URL url = null;
try
{
+ Logger.debug("getDocumentFromDtl, dtlUrl:'"+dtlUrl+"' eDtlUrl:'"+eDtlUrl+"'");
url = new URL(dtlUrl);
QName qname = new QName("http://stork.eu",
"DocumentService");
|