diff options
Diffstat (limited to 'id/server/idserverlib/src/main')
3 files changed, 67 insertions, 87 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d77119f4a..5ae3d8e47 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1733,53 +1733,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); return response; - - -// client.setAddress(connectionParameters.getUrl()); -// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { -// Logger.debug("Initialisiere SSL Verbindung"); -// try { -// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); -// } catch (IOException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (GeneralSecurityException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (PKIException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } -// } } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); } -// // create request -// CreateIdentityLinkResponse response = null; -// Element request = null; -// try { -// Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature); -// request = doc.getDocumentElement(); -// -// // send request -// response = client.createIdentityLinkResponse(request, connectionParameters.getUrl()); -// -// -// -// } catch (SZRGWClientException e) { -// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. -//// try { -//// response = client.createIdentityLinkResponse(request); -//// } -//// catch (SZRGWClientException e1) { -//// throw new SZRGWClientException(e1); -//// } -// } - - return null; } @@ -1811,6 +1770,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + } /** * SZR-GW Client interface. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4819b8219..45e6ab816 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -137,29 +137,12 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-// Logger.debug("Starting validation of SAML assertion");
-// //verify SAML assertion
- Assertion storkAssertion = authnResponse.getAssertions().get(0);
-// try {
-// STORKResponseProcessor.verifySTORKAssertion(
-// storkAssertion, //assertion
-// request.getRemoteAddr(), //IP address of user
-// storkAuthnRequest.getID(), //ID of STORK AuthnRequest
-// request.getRequestURL().toString(), //destination
-// HTTPUtils.getBaseURL(request), //audience
-// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
-// } catch (STORKException e) {
-// Logger.error("Failed to verify STORK SAML Assertion", e);
-// throw new MOAIDException("stork.08", null);
-// }
-//
-// Logger.info("SAML assertion succesfully verified!");
-
Logger.debug("Starting extraction of signedDoc attribute");
//extract signed doc element and citizen signature
Element citizenSignature = null;
try {
+ Assertion storkAssertion = authnResponse.getAssertions().get(0);
citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);
moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e81adfb52..466d86f87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -296,6 +296,22 @@ public class STORKResponseProcessor { }
+
+ /**
+ * Checks for attribute.
+ *
+ * @param attributeName the attribute name
+ * @param attributeList the attribute list
+ * @return true, if successful
+ */
+ private static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) {
+ try {
+ getAttributeValue(attributeName, attributeList);
+ return true;
+ } catch(STORKException e) {
+ return false;
+ }
+ }
/**
* helper for reading attributes. Handles logging and error handling.
@@ -325,52 +341,56 @@ public class STORKResponseProcessor { public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException {
Logger.trace("Calling SZR Gateway with the following attributes:");
- // fetch mandatory attributes
- String citizenSignature = getAttributeValue("signedDoc", attributeList);
- String eIdentifier = getAttributeValue("eIdentifier", attributeList);
- String givenName = getAttributeValue("givenName", attributeList);
- String lastName = getAttributeValue("surname", attributeList);
- String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
- if (!StringUtils.isEmpty(dateOfBirth)) {
- dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
- }
-
- CreateIdentityLinkResponse response;
+ CreateIdentityLinkResponse identityLinkResponse = null;
IdentityLink identityLink = null;
try {
Logger.trace("Starting call...");
- // do we have a case of representation?
- try {
+
+ // if there is no signedDoc attribute, we cannot go on
+ String citizenSignature = getAttributeValue("signedDoc", attributeList);
+
+ // if we have a signedDoc we test for a representation case
+ if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) {
+ // we have a representation case
String representative = getAttributeValue("representative", attributeList);
String represented = getAttributeValue("represented", attributeList);
String mandate = getAttributeValue("mandateContent", attributeList);
- // we definitely know we have a representation case here
- // lets try if the represented is an organization
- try {
+ if(!hasAttribute("dateOfBirth", attributeList)) {
+ // if we get here, we have a natural person representing a legal person
String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList);
String organizationType = getAttributeValue("translateableType", attributeList);
- // if we got here, we have a natural person representing a legal person
- response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType);
- } catch(STORKException e1) {
+ identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType);
+ } else {
+ // if we get here, we have a natural person representing another natural person
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList);
+ String givenName = getAttributeValue("givenName", attributeList);
+ String lastName = getAttributeValue("surname", attributeList);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
+ if (!StringUtils.isEmpty(dateOfBirth))
+ dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
- // if we get here we have natural persons representing each other
- response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
+ identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
}
- } catch(STORKException e) {
+ } else {
// we do not have a representation case
- response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList);
+ String givenName = getAttributeValue("givenName", attributeList);
+ String lastName = getAttributeValue("surname", attributeList);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
+ if (!StringUtils.isEmpty(dateOfBirth))
+ dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
+ identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
}
-
-
- if (null != response.getErrorResponse()){
+
+ if (null != identityLinkResponse.getErrorResponse()){
// TODO fix exception parameter
- throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null);
}
else {
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink()));
identityLink = ilParser.parseIdentityLink();
Logger.debug("Received Identity Link from SZR Gateway");
|