aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/pom.xml27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java604
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java165
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java123
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java95
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java176
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java99
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java143
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html51
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/saml2-post-binding-moa.vm38
24 files changed, 823 insertions, 1116 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index cd9e0a7df..8a9cdd51f 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -25,16 +25,23 @@
</repositories>
<dependencies>
- <dependency>
- <groupId>MOA.id</groupId>
- <artifactId>stork-saml-engine</artifactId>
- <version>1.5.2</version>
- </dependency>
- <dependency>
- <groupId>MOA.id.server</groupId>
- <artifactId>moa-id-commons</artifactId>
- <version>${pom.version}</version>
- </dependency>
+
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>stork-saml-engine</artifactId>
+ <version>1.5.2</version>
+ </dependency>
+
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 278f93f14..f19881578 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,18 +24,18 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
-import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.security.GeneralSecurityException;
+import java.io.StringWriter;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
-//import java.security.cert.CertificateFactory;
import java.util.ArrayList;
+//import java.security.cert.CertificateFactory;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
@@ -50,11 +50,14 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
import org.apache.xpath.XPathAPI;
-import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.common.IdentifierGenerator;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
-import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -90,7 +93,7 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
-import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
@@ -103,6 +106,8 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants
import at.gv.egovernment.moa.id.client.SZRGWClient;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
+import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -118,6 +123,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
@@ -129,21 +135,19 @@ import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.common.STORKConstants;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
* stored in a session store and retrieved by giving the session ID.
- *
+ *
* @author Paul Ivancsics
* @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher
* $
@@ -166,7 +170,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* Returns the single instance of <code>AuthenticationServer</code>.
- *
+ *
* @return the single instance of <code>AuthenticationServer</code>
*/
public static AuthenticationServer getInstance() {
@@ -197,7 +201,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* response to</li>
* </ul>
* </ul>
- *
+ *
* @param authURL
* URL of the servlet to be used as data URL
* @param target
@@ -232,13 +236,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (session == null) {
throw new AuthenticationException("auth.18", new Object[] { });
}
-
+
//load OnlineApplication configuration
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
if (oaParam == null)
throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() });
-
+
//load Template
String template = null;
if (session.getTemplateURL() != null) {
@@ -251,7 +255,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
String infoboxReadRequest = "";
-
+
if (session.isSsoRequested()) {
//load identityLink with SSO Target
boolean isbuisness = false;
@@ -261,50 +265,50 @@ public class AuthenticationServer implements MOAIDAuthConstants {
isbuisness = true;
domainIdentifier = ssobusiness.getValue();
}
-
+
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
isbuisness, domainIdentifier);
-
+
} else {
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
oaParam.getBusinessService(), oaParam
.getIdentityLinkDomainIdentifier());
}
-
+
String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
.getSessionID());
-
+
//removed in MOAID 2.0
String pushInfobox = "";
-
+
// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
// .getVerifyInfoboxParameters();
// if (verifyInfoboxParameters != null) {
// pushInfobox = verifyInfoboxParameters.getPushInfobox();
// session.setPushInfobox(pushInfobox);
// }
-
+
//build CertInfo request
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
.build();
String certInfoDataURL = new DataURLBuilder()
.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
session.getSessionID());
-
+
//get Applet Parameters
String appletwidth = req.getParameter(PARAM_APPLET_WIDTH);
String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
-
+
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest,
certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth);
-
+
return htmlForm;
}
@@ -324,7 +328,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* containg the authentication block, meant to be returned to the security
* layer implementation</li>
* </ul>
- *
+ *
* @param sessionID
* ID of associated authentication session data
* @param infoboxReadResponseParameters
@@ -332,7 +336,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* including the <code>&lt;InfoboxReadResponse&gt;</code>
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * @throws BKUException
+ * @throws BKUException
*/
public String verifyIdentityLink(AuthenticationSession session,
Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
@@ -349,7 +353,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (isEmpty(xmlInfoboxReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE });
-
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -409,7 +413,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
-
+
//Removed in MOA-ID 2.0
//verifyInfoboxes(session, infoboxReadResponseParameters, false);
@@ -432,7 +436,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* containg the authentication block, meant to be returned to the security
* layer implementation</li>
* </ul>
- *
+ *
* @param sessionID
* ID of associated authentication session data
* @param infoboxReadResponseParameters
@@ -457,14 +461,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (certificate.getExtension(OWid) != null) {
session.setOW(true);
}
-
+
}
-
+
} catch (X509ExtensionInitException e) {
Logger.warn("Certificate extension is not readable.");
session.setOW(false);
}
-
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -473,10 +477,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
authConf, oaParam);
-
+
return returnvalue;
}
-
+
/**
* Processes an <code>Mandate</code> sent by the MIS.<br>
* <ul>
@@ -487,7 +491,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* containg the authentication block, meant to be returned to the security
* layer implementation</li>
* </ul>
- *
+ *
* @param sessionID
* ID of associated authentication session data
* @param infoboxReadResponseParameters
@@ -511,10 +515,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// sets the extended SAML attributes for OID (Organwalter)
setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
.getBusinessService());
-
+
validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
-
-
+
+
} catch (SAXException e) {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
@@ -528,11 +532,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
}
-
+
}
/**
- *
+ *
* @param session
* @param authConf
* @param oaParam
@@ -577,7 +581,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <ul>
* <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
* </ul>
- *
+ *
* @param sessionID
* ID of associated authentication session data
* @param cert
@@ -599,7 +603,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+
return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
cert);
}
@@ -637,13 +641,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Verifies signature by calling the MOA SP component</li>
* <li>Returns the signer certificate</li>
* </ul>
- *
+ *
* @param sessionID
* ID of associated authentication session data
* @param createXMLSignatureResponseParameters
* The parameters from the response returned from the BKU
* including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @throws BKUException
+ * @throws BKUException
*/
public X509Certificate verifyXMLSignature(String sessionID,
Map<String, String> createXMLSignatureResponseParameters)
@@ -697,13 +701,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Verifies signature by calling the MOA SP component</li>
* <li>Returns the signer certificate</li>
* </ul>
- *
+ *
* @param sessionID
* ID of associated authentication session data
* @param readInfoboxResponseParameters
* The parameters from the response returned from the BKU
* including the <code>&lt;ReadInfoboxResponse&gt;</code>
- * @throws BKUException
+ * @throws BKUException
*/
public X509Certificate getCertificate(String sessionID,
Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
@@ -733,80 +737,80 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
* given session data.
- *
+ *
* @param session
* authentication session
- *
+ *
* @return <code>&lt;saml:Assertion&gt;</code> as a String
- *
+ *
* @throws BuildException
* If an error occurs on serializing an extended SAML attribute
* to be appended to the AUTH-Block.
*/
private String buildAuthenticationBlock(AuthenticationSession session,
OAAuthParameter oaParam) throws BuildException {
-
+
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
String identificationValue = null;
String identificationType = null;
-
+
//set empty AuthBlock BPK in case of OW or SSO or bpk is not requested
if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) {
identificationType = "";
identificationValue = "";
-
+
} else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
if (oaParam.getBusinessService()) {
-
+
String bpkBase64 = new BPKBuilder().buildWBPK(identityLink
.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
identificationValue = bpkBase64;
-
+
if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" ))
identificationType = oaParam.getIdentityLinkDomainIdentifier();
else
identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
-
+
} else {
String bpkBase64 = new BPKBuilder().buildBPK(identityLink
.getIdentificationValue(), session.getTarget());
identificationValue = bpkBase64;
identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
}
-
+
} else {
identificationValue = identityLink.getIdentificationValue();
identificationType = identityLink.getIdentificationType();
-
+
}
-
+
String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
.getInstance());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
String targetFriendlyName = session.getTargetFriendlyName();
-
+
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
// String oaURL = session.getPublicOAURLPrefix();
-
+
List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
-
-
+
+
if (session.isSsoRequested()) {
String oaURL =new String();
try {
oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
-
+
if (MiscUtil.isNotEmpty(oaURL))
oaURL = oaURL.replaceAll("&", "&amp;");
-
+
} catch (ConfigurationException e) {
}
String authBlock = new AuthenticationBlockAssertionBuilder()
@@ -815,7 +819,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
return authBlock;
-
+
} else {
String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
String authBlock = new AuthenticationBlockAssertionBuilder()
@@ -824,20 +828,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
return authBlock;
- }
+ }
}
-
+
/**
* Verifies the infoboxes (except of the identity link infobox) returned by
* the BKU by calling appropriate validator classes.
- *
+ *
* @param session
* The actual authentication session.
* @param mandate
* The Mandate from the MIS
- *
+ *
* @throws AuthenticationException
* @throws ConfigurationException
* @throws TransformerException
@@ -860,19 +864,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
verifySAMLAttribute(samlAttribute, i, "MISService",
"MISService");
-
+
}
}
/**
* Verifies the infoboxes (except of the identity link infobox) returned by
* the BKU by calling appropriate validator classes.
- *
+ *
* @param session
* The actual authentication session.
* @param mandate
* The Mandate from the MIS
- *
+ *
* @throws AuthenticationException
* @throws ConfigurationException
* @throws TransformerException
@@ -897,7 +901,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* Adds given SAML Attributes to the current session. They will be appended
* to the final SAML Assertion or the AUTH block. If the attributes are
* already in the list, they will be replaced.
- *
+ *
* @param session
* The current session
* @param extendedSAMLAttributes
@@ -968,7 +972,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* Adds the AUTH block related SAML attributes to the validation result.
* This is needed always before the AUTH block is to be signed, because the
* name of the mandator has to be set
- *
+ *
* @throws ParserConfigurationException
* @throws IOException
* @throws SAXException
@@ -1035,7 +1039,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* Adds the AUTH block related SAML attributes to the validation result.
* This is needed always before the AUTH block is to be signed, because the
* name of the mandator has to be set
- *
+ *
* @throws ParserConfigurationException
* @throws IOException
* @throws SAXException
@@ -1080,7 +1084,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- *
+ *
* @param mandate
* @return
* @throws ParserConfigurationException
@@ -1132,7 +1136,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Deletes authentication session</li>
* <li>Returns the SAML artifact, encoded BASE64</li>
* </ul>
- *
+ *
* @param sessionID
* session ID of the running authentication session
* @param xmlCreateXMLSignatureReadResponse
@@ -1140,20 +1144,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <code>&lt;CreateXMLSignatureResponse&gt;</code>
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
- * @throws BKUException
+ * @throws BKUException
*/
public String verifyAuthenticationBlock(AuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException, BKUException {
-
+
if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
if (isEmpty(xmlCreateXMLSignatureReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
// parses <CreateXMLSignatureResponse>
@@ -1176,7 +1180,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
else
new CreateXMLSignatureResponseValidator().validate(csresp, session);
-
+
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
@@ -1215,7 +1219,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// Compare AuthBlock Data with information stored in session, especially
// date and time
CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
-
+
// compares the public keys from the identityLink with the AuthBlock
VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
vsresp, session.getIdentityLink());
@@ -1258,29 +1262,29 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
}
-
+
session.setXMLVerifySignatureResponse(vsresp);
session.setSignerCertificate(vsresp.getX509certificate());
vsresp.setX509certificate(null);
session.setForeigner(false);
-
+
if (session.getUseMandate()) {
// mandate mode
return null;
-
+
} else {
-
+
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
-
+
String oldsessionID = session.getSessionID();
-
+
//Session is implicte stored in changeSessionID!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
+
Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-
+
return newMOASessionID;
}
}
@@ -1302,7 +1306,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Deletes authentication session</li>
* <li>Returns the SAML artifact, encoded BASE64</li>
* </ul>
- *
+ *
* @param sessionID
* session ID of the running authentication session
* @param xmlCreateXMLSignatureReadResponse
@@ -1363,7 +1367,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Deletes authentication session</li>
* <li>Returns the SAML artifact, encoded BASE64</li>
* </ul>
- *
+ *
* @param sessionID
* session ID of the running authentication session
* @return SAML artifact needed for retrieving authentication data, encoded
@@ -1372,11 +1376,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public String getForeignAuthenticationData(AuthenticationSession session)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
-
+
if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
-
+
// post processing of the infoboxes
Iterator iter = session.getInfoboxValidatorIterator();
boolean formpending = false;
@@ -1419,10 +1423,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
-
+
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
-
+
session.setXMLVerifySignatureResponse(vsresp);
session.setSignerCertificate(vsresp.getX509certificate());
@@ -1436,7 +1440,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* Builds the AuthenticationData object together with the corresponding
* <code>&lt;saml:Assertion&gt;</code>
- *
+ *
* @param session
* authentication session
* @param verifyXMLSigResp
@@ -1456,23 +1460,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
IdentityLink identityLink = session.getIdentityLink();
AuthenticationData authData = new AuthenticationData();
-
+
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
-
+
boolean businessService = oaParam.getBusinessService();
-
+
authData.setMajorVersion(1);
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
-
+
authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar
.getInstance()));
-
+
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
authData.setIdentificationValue(identityLink.getIdentificationValue());
authData.setIdentificationType(identityLink.getIdentificationType());
-
+
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
authData.setDateOfBirth(identityLink.getDateOfBirth());
@@ -1482,25 +1486,25 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setPublicAuthorityCode(verifyXMLSigResp
.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
-
+
try {
-
+
if (session.getUseMandate() && session.isOW()) {
MISMandate mandate = session.getMISMandate();
authData.setBPK(mandate.getOWbPK());
authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
authData.setIdentityLink(identityLink);
-
+
Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
-
+
} else {
-
+
if (businessService) {
//since we have foreigner, wbPK is not calculated in BKU
if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-
+
String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
+
if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
// If domainIdentifier starts with prefix
// "urn:publicid:gv.at:wbpk+"; remove this prefix
@@ -1508,47 +1512,47 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ registerAndOrdNr);
- }
-
+ }
+
String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
authData.setBPK(wbpkBase64);
authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
+
} else {
authData.setBPK(identityLink.getIdentificationValue());
authData.setBPKType(identityLink.getIdentificationType());
-
+
}
-
+
Logger.trace("Authenticate user with wbPK " + authData.getBPK());
-
+
Element idlassertion = session.getIdentityLink().getSamlAssertion();
//set bpk/wpbk;
Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
prIdentification.getFirstChild().setNodeValue(authData.getBPK());
- //set bkp/wpbk type
+ //set bkp/wpbk type
Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
-
+
IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
IdentityLink idl = idlparser.parseIdentityLink();
authData.setIdentityLink(idl);
-
+
} else {
-
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
// only compute bPK if online application is a public service and we have the Stammzahl
String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
authData.setBPK(bpkBase64);
authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
}
-
+
Logger.trace("Authenticate user with bPK " + authData.getBPK());
-
+
authData.setIdentityLink(identityLink);
}
}
-
+
return authData;
} catch (Throwable ex) {
@@ -1559,7 +1563,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* Retrieves a session from the session store.
- *
+ *
* @param id
* session ID
* @return <code>AuthenticationSession</code> stored with given session ID,
@@ -1567,7 +1571,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public static AuthenticationSession getSession(String id)
throws AuthenticationException {
-
+
AuthenticationSession session;
try {
session = AuthenticationSessionStoreage.getSession(id);
@@ -1575,10 +1579,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (session == null)
throw new AuthenticationException("auth.02", new Object[] { id });
return session;
-
+
} catch (MOADatabaseException e) {
throw new AuthenticationException("parser.04", new Object[] { id });
- }
+ }
}
/**
@@ -1586,38 +1590,38 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public void cleanup() {
long now = new Date().getTime();
-
- //clean AuthenticationSessionStore
-
+
+ //clean AuthenticationSessionStore
+
AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
-
+
//clean AssertionStore
AssertionStorage assertionstore = AssertionStorage.getInstance();
assertionstore.clean(now, authDataTimeOut);
-
- //clean ExeptionStore
+
+ //clean ExeptionStore
DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore();
exstore.clean(now, authDataTimeOut);
-
+
}
/**
* Sets the sessionTimeOut.
- *
+ *
* @param seconds
* Time out of the session in seconds
*/
public void setSecondsSessionTimeOutCreated(long seconds) {
sessionTimeOutCreated = seconds * 1000;
}
-
+
public void setSecondsSessionTimeOutUpdated(long seconds) {
sessionTimeOutUpdated = seconds * 1000;
}
/**
* Sets the authDataTimeOut.
- *
+ *
* @param seconds
* Time out for signing AuthData in seconds
*/
@@ -1627,7 +1631,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* Checks a parameter.
- *
+ *
* @param param
* parameter
* @return true if the parameter is null or empty
@@ -1638,7 +1642,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/**
* Checks the correctness of SAML attributes and returns its value.
- *
+ *
* @param param
* samlAttribute
* @param i
@@ -1687,15 +1691,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return value;
}
-
+
/**
* Does the request to the SZR-GW
* @param signature XMLDSIG signature
* @return Identity link assertion
* @throws SZRGWClientException
*/
- public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse
- getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+
+ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException {
SZRGWClient client = null;
@@ -1707,9 +1711,28 @@ public class AuthenticationServer implements MOAIDAuthConstants {
CreateIdentityLinkRequest request = new CreateIdentityLinkRequest();
- request.setSignature(DOMUtils.serializeNode(signature).getBytes());
+ request.setSignature(citizenSignature.getBytes());
+ PEPSData data = new PEPSData();
+ data.setDateOfBirth(PEPSDateOfBirth);
+ data.setFamilyname(PEPSFamilyname);
+ data.setFirstname(PEPSFirstname);
+ data.setIdentifier(PEPSIdentifier);
+
+// TODO add mandate data
+// data.setRepresentative(representative);
+// data.setRepresented(represented);
+// data.setMandateContent(mandateContent);
+
+ if(null != PEPSIdentifier)
+ request.setPEPSData(data);
+
+ // TODO add MIS data
+// request.setMIS(value)
+
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());
+ return response;
@@ -1729,17 +1752,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// throw new SZRGWClientException("Could not initialize SSL Factory");
// }
// }
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
}
catch (ConfigurationException e) {
Logger.warn(e);
Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
- } catch (TransformerException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
}
// // create request
@@ -1768,13 +1784,41 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return null;
}
-
+
+ /**
+ * Does the request to the SZR-GW.
+ *
+ * @param signature the signature
+ * @return the identity link
+ * @throws SZRGWClientException the sZRGW client exception
+ * @throws ConfigurationException the configuration exception
+ */
+ public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException {
+ return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null);
+ }
+
+ /**
+ * Does the request to the SZR-GW.
+ *
+ * @param PEPSIdentifier the pEPS identifier
+ * @param PEPSFirstname the pEPS firstname
+ * @param PEPSFamilyname the pEPS familyname
+ * @param PEPSDateOfBirth the pEPS date of birth
+ * @param signature XMLDSIG signature
+ * @return Identity link assertion
+ * @throws SZRGWClientException the sZRGW client exception
+ * @throws ConfigurationException the configuration exception
+ */
+ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
+ return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null);
+ }
+
/**
* Starts a MOA-ID authentication process using STORK
* @param req HttpServletRequest
* @param resp HttpServletResponse
* @param ccc Citizen country code
- * @param oaURL URL of the online application
+ * @param oaURL URL of the online application
* @param target Target parameter
* @param targetFriendlyName Friendly Name of Target
* @param authURL Authentication URL
@@ -1786,138 +1830,114 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public static void startSTORKAuthentication(
HttpServletRequest req,
- HttpServletResponse resp,
+ HttpServletResponse resp,
AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
-
+
if (moasession == null) {
throw new AuthenticationException("auth.18", new Object[] { });
}
-
+
//read configuration paramters of OA
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
if (oaParam == null)
throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
-
- //Start of STORK Processing
+
+ //Start of STORK Processing
STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
+
CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
-
- Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:");
- String destination = cpeps.getPepsURL().toExternalForm();
+
+ Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:");
+ String destination = cpeps.getPepsURL().toExternalForm();
Logger.debug("C-PEPS URL: " + destination);
-
+
String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
-
+
String providerName= oaParam.getFriendlyName();
String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
-
-
- QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
- //Logger.debug("QAALevel: " + qaaLevel.getValue());
-
- RequestedAttributes requestedAttributes = null;
-
- requestedAttributes = oaParam.getRequestedAttributes();
- requestedAttributes.detach();
- List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
- List<RequestedAttribute> oaReqAttributeList = null;
- oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
-
- //check if country specific attributes must be additionally requested
- if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
- //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
- Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc());
- Logger.debug("The following attributes are requested for this specific country:");
- List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());
- for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) {
- csReqAttr.detach();
- if (!STORKConstants.DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET.contains(csReqAttr.getName())) {
- //this country specific attribute does not override default attribute
- if (SAMLUtil.containsAttribute(oaReqAttributeList, csReqAttr.getName())) {
- //the same attribute is requested for OA, applying hierachy
- //remove oa attribute
- oaReqAttributeList.remove(SAMLUtil.getAttribute(oaReqAttributeList, csReqAttr.getName()));
- //add country specific attribute instead
- Logger.debug("Requested Attribute (" + csReqAttr.getName() + ") is also requested by OA but we use Country Specific value instead");
- }
- oaReqAttributeList.add(csReqAttr);
- Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired());
- } else {
- Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired() + " tries to overwrite default requested and required attributes, hence we skip it.");
- }
-
- }
- reqAttributeList.addAll(oaReqAttributeList);
- } else {
- //no country specific requested attributes
- reqAttributeList.addAll(oaReqAttributeList);
+
+ // prepare collection of required attributes
+ // - attributes for online application
+ List<OAStorkAttribute> attributesFromConfig = oaParam.getRequestedAttributes();
+
+ // - prepare attribute list
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+
+ // - fill container
+ for(OAStorkAttribute current : attributesFromConfig) {
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(current.getName());
+
+ boolean globallyMandatory = false;
+ for(StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes())
+ if(current.getName().equals(currentGlobalAttribute.getName())) {
+ globallyMandatory = currentGlobalAttribute.isMandatory();
+ break;
+ }
+
+ newAttribute.setIsRequired(current.isMandatory() || globallyMandatory);
+ attributeList.add(newAttribute);
}
-
- reqAttributeList = (List<RequestedAttribute>) SAMLUtil.releaseDOM(reqAttributeList);
- requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList);
-
+
+ // add sign request
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName("signedDoc");
+ List<String> value = new ArrayList<String>();
+ value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml"));
+ newAttribute.setValue(value);
+ attributeList.add(newAttribute);
+
+
if (Logger.isDebugEnabled()) {
Logger.debug("The following attributes are requested for this OA:");
- for (RequestedAttribute logReqAttr : reqAttributeList) {
- Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isRequired());
-
- }
+ for (OAStorkAttribute logReqAttr : attributesFromConfig)
+ Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory());
}
-
-
+
//TODO: check Target in case of SSO!!
String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
String spCountry = "AT";
-
- String textToBeSigned =
- CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession);
-
- //generate AuthnRquest
- STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
- destination,
- acsURL,
- providerName,
- issuerValue,
- qaaLevel,
- requestedAttributes,
- spSector,
- spInstitution,
- spApplication,
- spCountry,
- textToBeSigned,
- "application/xhtml+xml");
-
+
+ //generate AuthnRquest
+ STORKAuthnRequest authnRequest = new STORKAuthnRequest();
+ authnRequest.setDestination(destination);
+ authnRequest.setAssertionConsumerServiceURL(acsURL);
+ authnRequest.setProviderName(providerName);
+ authnRequest.setIssuer(issuerValue);
+ authnRequest.setQaa(oaParam.getQaaLevel());
+ authnRequest.setSpInstitution(spInstitution);
+ authnRequest.setCountry(spCountry);
+ authnRequest.setSpApplication(spApplication);
+ authnRequest.setSpSector(spSector);
+ authnRequest.setPersonalAttributeList(attributeList);
+
+ authnRequest.setEIDCrossBorderShare(true);
+ authnRequest.setEIDCrossSectorShare(true);
+ authnRequest.setEIDSectorShare(true);
+
+ authnRequest.setCitizenCountryCode("LOCAL");
+
+
Logger.debug("STORK AuthnRequest succesfully assembled.");
-
- //sign AuthnRequest
- String keyStorePath = storkConfig.getSignatureCreationParameter().getKeyStorePath();
- String keyStorePassword = storkConfig.getSignatureCreationParameter().getKeyStorePassword();
- String keyName = storkConfig.getSignatureCreationParameter().getKeyName();
- String keyPassword = storkConfig.getSignatureCreationParameter().getKeyPassword();
-
- Logger.debug("Starting signing process of STORK AuthnRequest.");
- Logger.trace("Using the following Keystore and Key for that:");
- Logger.trace("KeyStore: " + keyStorePath);
- Logger.trace("KeyName: " + keyName);
-
+
+ STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("CONF0");
try {
- storkAuthnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(storkAuthnRequest, keyStorePath, keyStorePassword, keyName, keyPassword);
- } catch (SAMLException e) {
+ authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
+ } catch (STORKSAMLEngineException e) {
Logger.error("Could not sign STORK SAML AuthnRequest.", e);
throw new MOAIDException("stork.00", null);
}
-
+
Logger.info("STORK AuthnRequest successfully signed!");
//validate AuthnRequest
try {
- STORKAuthnRequestProcessor.validateSTORKAuthnRequest(storkAuthnRequest);
- } catch (SAMLValidationException e) {
+ samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml());
+ } catch (STORKSAMLEngineException e) {
Logger.error("STORK SAML AuthnRequest not valid.", e);
throw new MOAIDException("stork.01", null);
}
@@ -1925,28 +1945,56 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest successfully internally validated.");
//send
- moasession.setStorkAuthnRequest(storkAuthnRequest);
+ moasession.setStorkAuthnRequest(authnRequest);
HttpSession httpSession = req.getSession();
httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
-
- Logger.debug("Preparing to send STORK AuthnRequest.");
-
+
+
+ Logger.info("Preparing to send STORK AuthnRequest.");
+ Logger.info("prepared STORKAuthnRequest: ");
+ Logger.info(new String(authnRequest.getTokenSaml()));
+
try {
- STORKAuthnRequestProcessor.sendSTORKAuthnRequest(req, resp, storkAuthnRequest);
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/saml2-post-binding-moa.vm");
+ VelocityContext context = new VelocityContext();
+ context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()));
+ context.put("action", destination);
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ resp.getOutputStream().write(writer.toString().getBytes());
} catch (Exception e) {
Logger.error("Error sending STORK SAML AuthnRequest.", e);
httpSession.invalidate();
throw new MOAIDException("stork.02", new Object[] { destination });
}
-
- Logger.info("STORK AuthnRequest successfully sent to: " + storkAuthnRequest.getDestination());
- Logger.debug("STORKAuthnRequest sent (pretty print): ");
- Logger.debug(XMLHelper.prettyPrintXML(storkAuthnRequest.getDOM()));
- Logger.trace("STORKAuthnRequest sent (original): ");
- Logger.trace(XMLUtil.printXML(storkAuthnRequest.getDOM()));
-
+
+ Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination());
+ }
+
+ private static String generateDssSignRequest(String text, String mimeType) {
+ IdentifierGenerator idGenerator;
+ try {
+ idGenerator = new SecureRandomIdentifierGenerator();
+
+ return "<dss:SignRequest xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" " +
+ "RequestID=\"" + idGenerator.generateIdentifier() + "\">" +
+ "<dss:InputDocuments>" +
+ "<dss:Document>" +
+ "<dss:Base64Data MimeType=\"" + mimeType + "\">" + text + "</dss:Base64Data>" +
+ "</dss:Document>" +
+ "</dss:InputDocuments>" +
+ "</dss:SignRequest>";
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Cannot generate id", e);
+ throw new RuntimeException(e);
+ }
}
-
+
/**
* Extracts an X509 Certificate out of an XML signagture element
* @param signedXML XML signature element
@@ -1954,27 +2002,27 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws CertificateException
*/
public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException {
-
+
NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate");
-
+
String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList);
-
- if (StringUtils.isEmpty(base64CertString)) {
+
+ if (StringUtils.isEmpty(base64CertString)) {
String msg = "XML does not contain a X509Certificate element.";
Logger.error(msg);
throw new CertificateException(msg);
}
-
+
InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
-
+
X509Certificate cert;
try {
cert = new X509Certificate(is);
return cert;
-
+
} catch (Throwable e) {
throw new CertificateException(e);
}
}
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index a00ae4ccf..cad8857a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -114,7 +114,8 @@ public class LoginFormBuilder {
value = FormBuildUtils.customiceLayoutBKUSelection(value,
oaParam.isShowMandateCheckBox(),
oaParam.isOnlyMandateAllowed(),
- oaParam.getFormCustomizaten());
+ oaParam.getFormCustomizaten(),
+ oaParam.isShowStorkLogin());
}
return value;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
index b763afd65..49bdf3bbd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -101,7 +101,8 @@ public class SendAssertionFormBuilder {
value = FormBuildUtils.customiceLayoutBKUSelection(value,
oaParam.isShowMandateCheckBox(),
oaParam.isOnlyMandateAllowed(),
- oaParam.getFormCustomizaten());
+ oaParam.getFormCustomizaten(),
+ oaParam.isShowStorkLogin());
}
return value;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index e4bf37417..3bc152ec8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -36,8 +36,7 @@ public class StartAuthenticationBuilder {
Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
// STORK or normal authentication
- //TODO: commented because npe was thrown
- /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
//STORK authentication
Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
Logger.debug("Starting STORK authentication");
@@ -45,13 +44,13 @@ public class StartAuthenticationBuilder {
AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
return "";
- } else {*/
+ } else {
//normal MOA-ID authentication
Logger.debug("Starting normal MOA-ID authentication");
String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req);
return getIdentityLinkForm;
- //}
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 9aecefd43..3ab6701c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -26,6 +26,9 @@ import java.util.Vector;
import org.w3c.dom.Element;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
@@ -33,7 +36,6 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
* Session data to be stored between <code>AuthenticationServer</code> API calls.
@@ -253,7 +255,9 @@ public class AuthenticationSession implements Serializable {
private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
private boolean isForeigner;
-
+
+ private IPersonalAttributeList storkAttributes;
+
// private String requestedProtocolURL = null;
public String getModul() {
@@ -961,6 +965,24 @@ public class AuthenticationSession implements Serializable {
public void setAuthBlockTokken(String authBlockTokken) {
this.authBlockTokken = authBlockTokken;
}
+
+ /**
+ * Memorizes the stork attribute list.
+ *
+ * @param personalAttributeList the new stork attributes
+ */
+ public void setStorkAttributes(IPersonalAttributeList personalAttributeList) {
+ this.storkAttributes = personalAttributeList;
+ }
+
+ /**
+ * Recalls the stork attribute list.
+ *
+ * @return the stork attributes
+ */
+ public IPersonalAttributeList getStorkAttributes() {
+ return this.storkAttributes;
+ }
/**
// * @return the oAuth20SessionObject
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index bc8693b55..553b8db9d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -24,6 +24,7 @@
package at.gv.egovernment.moa.id.auth.servlet;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Map;
@@ -47,14 +48,14 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
/**
* Servlet requested for getting the foreign eID
@@ -162,23 +163,15 @@ public class GetForeignIDServlet extends AuthServlet {
}
// make SZR request to the identity link
- CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature);
+ CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
- if (response.isError()) {
- throw new SZRGWClientException(response.getError());
+ if (null != response.getErrorResponse()){
+ // TODO fix exception parameter
+ throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
}
else {
-
- Element samlAssertion = response.getAssertion();
-
- try {
- System.out.println("PB: " + DOMUtils.serializeNode(samlAssertion));
- } catch (TransformerException e) {
- e.printStackTrace();
- }
-
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
IdentityLink identitylink = ilParser.parseIdentityLink();
session.setIdentityLink(identitylink);
@@ -225,9 +218,9 @@ public class GetForeignIDServlet extends AuthServlet {
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp, pendingRequestID);
- }
- catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ } catch (Exception e1) {
+ // TODO Auto-generated catch block
+ e1.printStackTrace();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index df93f4d85..f05180932 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -11,7 +11,6 @@ import javax.servlet.http.HttpSession;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -30,19 +29,21 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.mw.messages.saml.STORKResponse;
-import eu.stork.vidp.messages.util.XMLUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* Endpoint for receiving STORK response messages
*/
public class PEPSConnectorServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
-
+
public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";
-
+
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@@ -77,9 +78,6 @@ public class PEPSConnectorServlet extends AuthServlet {
//No authentication session has been started before
Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
- } else {
- //We know user and MOA takes over session handling, invalidate HttpSession
- httpSession.invalidate();
}
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
@@ -89,33 +87,35 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
//extract STORK Response from HTTP Request
- STORKResponse storkResponse = null;
+ //Decodes SAML Response
+ byte[] decSamlToken;
try {
- storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response);
- } catch (STORKException e) {
+ decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+ } catch(NullPointerException e) {
Logger.error("Unable to retrieve STORK Response", e);
throw new MOAIDException("stork.04", null);
}
-
- Logger.info("STORK SAML Response message succesfully extracted");
- Logger.debug("STORK response (pretty print): ");
- Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM()));
- Logger.trace("STORK response (original): ");
- Logger.trace(XMLUtil.printXML(storkResponse.getDOM()));
-
- Logger.debug("Starting validation of SAML response");
- //verify SAML response
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0");
+
+ STORKAuthnResponse authnResponse = null;
try {
- STORKResponseProcessor.verifySTORKResponse(storkResponse);
- } catch (STORKException e) {
+ //validate SAML Token
+ Logger.debug("Starting validation of SAML response");
+ authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ Logger.info("SAML response succesfully verified!");
+ }catch(STORKSAMLEngineException e){
Logger.error("Failed to verify STORK SAML Response", e);
throw new MOAIDException("stork.05", null);
}
-
- Logger.info("SAML response succesfully verified!");
-
- String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue();
-
+
+ Logger.info("STORK SAML Response message succesfully extracted");
+ Logger.debug("STORK response: ");
+ Logger.debug(authnResponse.toString());
+
+ String statusCodeValue = authnResponse.getStatusCode();
+
if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
@@ -136,26 +136,26 @@ public class PEPSConnectorServlet extends AuthServlet {
}
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
- Logger.debug("Starting validation of SAML assertion");
- //verify SAML assertion
- Assertion storkAssertion = storkResponse.getAssertions().get(0);
- try {
- STORKResponseProcessor.verifySTORKAssertion(
- storkAssertion, //assertion
- request.getRemoteAddr(), //IP address of user
- storkAuthnRequest.getID(), //ID of STORK AuthnRequest
- request.getRequestURL().toString(), //destination
- HTTPUtils.getBaseURL(request), //audience
- storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
- } catch (STORKException e) {
- Logger.error("Failed to verify STORK SAML Assertion", e);
- throw new MOAIDException("stork.08", null);
- }
-
- Logger.info("SAML assertion succesfully verified!");
-
- Logger.debug("Starting extraction of signedDoc attribute");
+
+// Logger.debug("Starting validation of SAML assertion");
+// //verify SAML assertion
+ Assertion storkAssertion = authnResponse.getAssertions().get(0);
+// try {
+// STORKResponseProcessor.verifySTORKAssertion(
+// storkAssertion, //assertion
+// request.getRemoteAddr(), //IP address of user
+// storkAuthnRequest.getID(), //ID of STORK AuthnRequest
+// request.getRequestURL().toString(), //destination
+// HTTPUtils.getBaseURL(request), //audience
+// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
+// } catch (STORKException e) {
+// Logger.error("Failed to verify STORK SAML Assertion", e);
+// throw new MOAIDException("stork.08", null);
+// }
+//
+// Logger.info("SAML assertion succesfully verified!");
+
+ Logger.debug("Starting extraction of signedDoc attribute");
//extract signed doc element and citizen signature
Element citizenSignature = null;
try {
@@ -175,7 +175,7 @@ public class PEPSConnectorServlet extends AuthServlet {
//contact SZR Gateway
IdentityLink identityLink = null;
try {
- identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes());
+ identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList());
} catch (STORKException e) {
Logger.error("Error connecting SZR Gateway", e);
throw new MOAIDException("stork.10", null);
@@ -189,49 +189,28 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.info("Received Identity Link from SZR Gateway");
moaSession.setIdentityLink(identityLink);
- Logger.debug("Adding addtional STORK attributes to MOA assertion");
- //add other stork attributes to MOA assertion
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes());
- moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes);
+ Logger.debug("Adding addtional STORK attributes to MOA session");
+ moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
//We don't have BKUURL, setting from null to "Not applicable"
moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
- Logger.debug("Starting to assemble MOA assertion");
- //produce MOA-Assertion and artifact
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
- Logger.info("MOA assertion assembled and SAML Artifact generated.");
+
+ // free for single use
+ moaSession.setAuthenticatedUsed(false);
+
+ // stork did the authentication step
+ moaSession.setAuthenticated(true);
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
//redirect
String redirectURL = null;
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- /*redirectURL = moaSession.getOAURLRequested();
- if (!moaSession.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = response.encodeRedirectURL(redirectURL);*/
-
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
- } else {
-
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
- }
-
- try {
- AuthenticationSessionStoreage.storeSession(moaSession);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("Session store error", null);
- }
response.setContentType("text/html");
response.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
index f78067b5f..b3a707134 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
@@ -40,11 +40,11 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.exception.SAMLValidationException;
import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
/**
* Verifies the SMAL response according to the STORK specification
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
deleted file mode 100644
index e5c55d038..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Class handling all necessary functionality for STORK AuthnRequest processing
- *
- * @author bzwattendorfer
- *
- */
-public class STORKAuthnRequestProcessor {
-
- /**
- * Creates a STORK AuthnRequest
- * @param destination Destination URL
- * @param acsURL Assertion Consumer Service URL
- * @param providerName SP Provider Name
- * @param issuerValue Issuer Name
- * @param qaaLevel STORK QAALevel to be requested
- * @param requestedAttributes Requested Attributes to be requested
- * @param spSector Sp Sector
- * @param spInstitution SP Institution
- * @param spApplication SP Application
- * @param spCountry SP Country
- * @param textToBeSigned text to be included in signedDoc element
- * @param mimeType mimeType for the text to be signed in signedDoc
- * @return STORK AuthnRequest
- */
- public static STORKAuthnRequest generateSTORKAuthnRequest(
- String destination,
- String acsURL,
- String providerName,
- String issuerValue,
- QualityAuthenticationAssuranceLevel qaaLevel,
- RequestedAttributes requestedAttributes,
- String spSector,
- String spInstitution,
- String spApplication,
- String spCountry,
- String textToBeSigned,
- String mimeType) {
-
-
- STORKAuthnRequest storkAuthnRequest =
- STORKMessagesBuilder.buildSTORKAuthnRequest(
- destination,
- acsURL,
- providerName,
- issuerValue,
- qaaLevel,
- requestedAttributes,
- spSector,
- spInstitution,
- spApplication,
- spCountry);
-
- STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
-
- Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
-
- return storkAuthnRequest;
-
- }
-
- /**
- * Signs a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthRequest to sign
- * @param keyStorePath KeyStorePath to the signing key
- * @param keyStorePassword KeyStore Password
- * @param keyName Signing key name
- * @param keyPassword Signing key password
- * @return Signed STORK AuthnRequest
- * @throws SAMLException
- */
- public static STORKAuthnRequest signSTORKAuthnRequest(
- STORKAuthnRequest storkAuthnRequest,
- String keyStorePath,
- String keyStorePassword,
- String keyName,
- String keyPassword) throws SAMLException {
-
- Logger.trace("Building Credential Provider for signing process");
-
- CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
-
- Credential credential = credentialProvider.getCredential();
-
- Logger.trace("Credentials found");
-
- SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
-
- return storkAuthnRequest;
- }
-
- /**
- * Validates a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthnRequest to validate
- * @throws SAMLValidationException
- */
- public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
-
- SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
-
- }
-
- /**
- * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
- * @param request HttpServletRequest
- * @param response HttpServletResponse
- * @param storkAuthnRequest STORK AuthnRequest to send
- * @throws Exception
- */
- public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
-
- Logger.trace("Create endpoint...");
- Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
- endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- endpoint.setLocation(storkAuthnRequest.getDestination());
-
-
- Logger.trace("Prepare SAMLMessageContext...");
- HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());
- BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
- samlMessageContext.setOutboundMessageTransport(outTransport);
- samlMessageContext.setPeerEntityEndpoint(endpoint);
-
- Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
- samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
-
- Logger.trace("Initialize VelocityEngine...");
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-
-// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
- HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
-
- Logger.trace("HTTP-Post encode SAMLMessageContext...");
- encoder.encode(samlMessageContext);
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index a6e595239..664d0cf57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -3,6 +3,7 @@
*/
package at.gv.egovernment.moa.id.auth.stork;
+import java.io.ByteArrayInputStream;
import java.util.List;
import java.util.Vector;
@@ -13,7 +14,6 @@ import javax.xml.namespace.QName;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -33,16 +33,18 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
+import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
/**
*
@@ -294,29 +296,41 @@ public class STORKResponseProcessor {
}
-
+
+ /**
+ * helper for reading attributes. Handles logging and error handling.
+ *
+ * @param attributeName the attribute name
+ * @param attributeList the attribute list
+ * @return the attribute value
+ * @throws STORKException the sTORK exception
+ */
+ private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException {
+ try {
+ String result = attributeList.get(attributeName).getValue().get(0);
+ Logger.trace(attributeName + " : " + result);
+ return result;
+ } catch(NullPointerException e) {
+ Logger.error(attributeName + " not found in response");
+ throw new STORKException(attributeName + " not found in response");
+ }
+ }
+
/**
* Handels connection to SZR-GW and returns Identity Link on success
- * @param citizenSignature Citizen signature
- * @param attributeList Received attribute List in assertion
+ * @param iPersonalAttributeList Received attribute List in assertion
* @return Identity Link
* @throws STORKException
*/
- public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException {
Logger.trace("Calling SZR Gateway with the following attributes:");
- String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber);
-
- String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);
-
- String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName);
-
- String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth);
-
+ // fetch mandatory attributes
+ String citizenSignature = getAttributeValue("signedDoc", attributeList);
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList);
+ String givenName = getAttributeValue("givenName", attributeList);
+ String lastName = getAttributeValue("surname", attributeList);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
if (!StringUtils.isEmpty(dateOfBirth)) {
dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
}
@@ -325,19 +339,30 @@ public class STORKResponseProcessor {
IdentityLink identityLink = null;
try {
Logger.trace("Starting call...");
- response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature);
- if (response.isError()) {
- Logger.error("Receveid ErrorResponse from SZR Gateway.");
- throw new SZRGWClientException(response.getError());
+
+ // do we have a case of representation?
+ try {
+ String representative = getAttributeValue("representative", attributeList);
+ String represented = getAttributeValue("represented", attributeList);
+ String mandate = getAttributeValue("mandateContent", attributeList);
+
+ // if we get here we have a representation case
+ response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
+
+ } catch(STORKException e) {
+ // we do not have a representation case
+ response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
+ }
+
+
+ if (null != response.getErrorResponse()){
+ // TODO fix exception parameter
+ throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
}
else {
- Logger.trace("Receveid Success Response from SZR Gateway.");
- Element samlAssertion = response.getAssertion();
-
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
identityLink = ilParser.parseIdentityLink();
-
Logger.debug("Received Identity Link from SZR Gateway");
//TODO: is this ok?
// if (StringUtils.isEmpty(identityLink.getDateOfBirth())) {
@@ -351,9 +376,9 @@ public class STORKResponseProcessor {
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
- } catch (at.gv.egovernment.moa.id.client.SZRGWClientException e) {
- Logger.error("Error connecting SZR-Gateway: ", e);
- throw new STORKException("Error connecting SZR-Gateway: ", e);
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
}
return identityLink;
@@ -363,33 +388,29 @@ public class STORKResponseProcessor {
/**
* Transforms additional STORK attributes to MOA Extended attributes
- * @param storkAttributeList STORK attribute list
+ * @param iPersonalAttributeList STORK attribute list
* @return
*/
- public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(List<Attribute> storkAttributeList) {
+ public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
+ if(null == iPersonalAttributeList)
+ return moaExtendedSAMLAttributeList;
+
Logger.trace("Adding the following attributes to MOA assertion: ");
int count = 0;
- //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc
- for (Attribute attribute : storkAttributeList) {
- //attribute is not in default returned attribute set
- if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) {
-
- String attributeValue = null;
- if (!attribute.getAttributeValues().isEmpty()) {
- //we have attribute value
- attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0));
- }
- ExtendedSAMLAttribute extendedSAMLAttribute =
- new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
- moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
- count++;
- Logger.trace("Additional attribute: " + attribute.getName());
- }
+
+ for (PersonalAttribute attribute : iPersonalAttributeList) {
+ Object attributeValue = attribute.getValue();
+ if (null == attributeValue)
+ attributeValue = attribute.getComplexValue();
+ ExtendedSAMLAttribute extendedSAMLAttribute =
+ new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
+ moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
+ count++;
+ Logger.trace("Additional attribute: " + attribute.getName());
}
-
Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
return moaExtendedSAMLAttributeList;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index e3457f4de..325bf25a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -39,7 +39,6 @@ import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
@@ -254,8 +253,8 @@ public class SZRGWClient {
}
}
-
- public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+
+ public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String representative, String represented, String mandateContent) throws SZRGWClientException {
String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
try {
@@ -299,73 +298,25 @@ public class SZRGWClient {
Text text= doc.createTextNode(PEPSDateOfBirth);
elem.appendChild(text);
}
- }
-
- if (signature == null)
- throw new SZRGWClientException("Signature element must not be null!");
- else {
- Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
- Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent");
- sig.appendChild(xmlcontent);
- Node n = doc.importNode(signature, true);
- getIdentityLink.appendChild(sig);
- xmlcontent.appendChild(n);
- }
-
-
- return doc;
- } catch (ParserConfigurationException e) {
- throw new SZRGWClientException(e);
- } /*catch (CertificateEncodingException e) {
- throw new SZRGWClientException(e);
- }*/
-
- }
-
- public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
-
- String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
-
- try {
- DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.newDocument();
-
- Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
- getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
- doc.appendChild(getIdentityLink);
-
- if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
-
- Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
- getIdentityLink.appendChild(pepsDataElem);
-
- if (PEPSIdentifier != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSIdentifier);
- elem.appendChild(text);
- }
- if (PEPSFirstname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+ if (representative != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Representative");
pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFirstname);
+ Text text= doc.createTextNode(representative);
elem.appendChild(text);
- }
+ }
- if (PEPSFamilyname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+ if (represented != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Represented");
pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFamilyname);
+ Text text= doc.createTextNode(represented);
elem.appendChild(text);
}
- if (PEPSDateOfBirth != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+ if (mandateContent != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:MandateContent");
pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSDateOfBirth);
+ Text text= doc.createTextNode(mandateContent);
elem.appendChild(text);
}
}
@@ -380,7 +331,27 @@ public class SZRGWClient {
Text text= doc.createTextNode(signature);
base64content.appendChild(text);
}
-
+
+ if(representative != null && represented != null && mandateContent != null) {
+ Element mis = doc.createElementNS(SZRGW_NS, "szrgw:MIS");
+ Element filters = doc.createElementNS(SZRGW_NS, "szrgw:Filters");
+ mis.appendChild(filters);
+ Element target = doc.createElementNS(SZRGW_NS, "szrgw:Target");
+ mis.appendChild(target);
+ Element friendlyName = doc.createElementNS(SZRGW_NS, "szrgw:OAFriendlyName");
+ mis.appendChild(friendlyName);
+ getIdentityLink.appendChild(mis);
+
+// TODO fetch data from oa params
+// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+// moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
+// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
+// Text text = doc.createTextNode(oaParam.getFriendlyName());
+ }
+
return doc;
} catch (ParserConfigurationException e) {
throw new SZRGWClientException(e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 29f567324..8de47f5f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -88,11 +88,10 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.stork.vidp.messages.common.STORKBootstrap;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
- *
+ *
* <p>Configuration data is read from an XML file, whose location is given by
* the <code>moa.id.configuration</code> system property.</p>
* <p>This class implements the Singleton pattern. The <code>reload()</code>
@@ -339,9 +338,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//Initialize OpenSAML for STORK
- Logger.info("Starting initialization of OpenSAML...");
- STORKBootstrap.bootstrap();
- Logger.debug("OpenSAML successfully initialized");
+// Logger.info("Starting initialization of OpenSAML...");
+// STORKBootstrap.bootstrap();
+// Logger.debug("OpenSAML successfully initialized");
String legacyconfig = props.getProperty("configuration.xml.legacy");
@@ -431,12 +430,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
ForeignIdentities foreign = auth.getForeignIdentities();
if (foreign == null ) {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
-
- }
- //TODO: commented because npe was thrown
- //else
- //storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
-
+ } else
+ storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
//load Chaining modes
ChainingModes cm = moaidconfig.getChainingModes();
@@ -1008,4 +1003,4 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return moasp;
}
-} \ No newline at end of file
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 3c4234114..60803bb8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
@@ -46,10 +47,6 @@ import at.gv.egovernment.moa.id.config.OAParameter;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.common.STORKConstants;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
/**
* Configuration parameters belonging to an online application,
@@ -78,21 +75,6 @@ public class OAAuthParameter extends OAParameter {
this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
}
-
- /**
- * STORK QAA Level, Default = 4
- */
- private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
-
- /**
- * STORK RequestedAttributes for Online Application
- * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
- */
- private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
private String keyBoxIdentifier;
@@ -263,6 +245,15 @@ public boolean isOnlyMandateAllowed() {
return false;
}
+ /**
+ * Shall we show the stork login in the bku selection frontend?
+ *
+ * @return true, if is we should show stork login
+ */
+ public boolean isShowStorkLogin() {
+ return oa_auth.getOASTORK().isStorkLogonEnabled();
+ }
+
public Map<String, String> getFormCustomizaten() {
TemplatesType templates = oa_auth.getTemplates();
@@ -308,18 +299,15 @@ public Map<String, String> getFormCustomizaten() {
return map;
}
-/**
- * @return the qaaLevel
- */
-public QualityAuthenticationAssuranceLevel getQaaLevel() {
- return qaaLevel;
+public Integer getQaaLevel() {
+ return oa_auth.getOASTORK().getQaa();
}
/**
* @return the requestedAttributes
*/
-public RequestedAttributes getRequestedAttributes() {
- return requestedAttributes;
+public List<OAStorkAttribute> getRequestedAttributes() {
+ return oa_auth.getOASTORK().getOAAttributes();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 7ef043abe..f5fdbd90a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -14,16 +14,11 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import org.opensaml.saml2.metadata.RequestedAttribute;
import org.w3c.dom.Element;
-import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
-
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
-import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
@@ -33,8 +28,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
-import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName;
-import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore;
import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
@@ -48,13 +41,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
-import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
@@ -283,63 +272,6 @@ public class BuildFromLegacyConfig {
parseConnectionParameterClientAuth(foreignIDConnectionParameter);
auth_foreign.setConnectionParameter(auth_foreign_connection);
- //set STORK configuration
- STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap());
- STORK auth_foreign_stork = new STORK();
- auth_foreign.setSTORK(auth_foreign_stork);
-
- //set CPEPS
- Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap();
- Set<String> map_keys = map.keySet();
- List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>();
- for (String key : map_keys) {
- CPEPS cpep = new CPEPS();
- cpep.setCountryCode(map.get(key).getCountryCode());
- cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!!
-
- List<String> cpep_reqs = new ArrayList<String>();
-
- List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes();
- for (RequestedAttribute e1 : map1) {
- Element element = SAMLUtil.marshallMessage(e1);
- cpep_reqs.add(XMLUtil.printXML(element));
- }
- cpep.setAttributeValue(cpep_reqs);
- auth_foreign_stork_cpeps.add(cpep);
- }
- auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps);
-
-
- //set SAMLSigningParameter
- if (storkConfig.getSignatureCreationParameter() != null &&
- storkConfig.getSignatureVerificationParameter() != null) {
- SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter();
- auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign);
-
- SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType();
- auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat);
- KeyStore stork_saml_creat_keystore = new KeyStore();
- stork_saml_creat.setKeyStore(stork_saml_creat_keystore);
- stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword());
- stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath());
- KeyName stork_saml_creat_keyname = new KeyName();
- stork_saml_creat.setKeyName(stork_saml_creat_keyname);
- stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName());
- stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword());
-
-
-
- SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType();
- auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify);
- stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID());
-
- }
-
- //TODO: check correctness
- //set QualityAuthenticationAssurance
- //set RequestedAttbutes
-
-
//set OnlineMandates config
ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
if (onlineMandatesConnectionParameter != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
index 3abc94b02..525c5a24e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
@@ -30,8 +30,6 @@ import iaik.utils.RFC2253NameParserException;
import java.io.IOException;
import java.math.BigInteger;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
@@ -41,8 +39,6 @@ import java.util.List;
import java.util.Map;
import java.util.Vector;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -56,9 +52,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter;
import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter;
import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters;
-import at.gv.egovernment.moa.id.config.legacy.CPEPS;
import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter;
-import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -66,15 +60,9 @@ import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathException;
import at.gv.egovernment.moa.util.XPathUtils;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.common.STORKConstants;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
/**
* A class that builds configuration data from a DOM based representation.
@@ -1219,170 +1207,6 @@ public List getTrustedTemplateURLs() {
}
/**
- * Creates a SignatureVerificationParameter object from the MOA-ID configuration
- * This configuration object contains the TrustProfile to be used for signature verification (STORK SAML Signature Verification)
- *
- * @return TrustProfileID for signature verification (STORK SAML Signature Verification)
- */
- public SignatureVerificationParameter buildSTORKSignatureVerificationParameter() {
-
- Logger.debug("Loading STORK signature verification parameters.");
-
- Element signatureVerificationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER);
- if (signatureVerificationParameterElement == null) {
- Logger.debug("No STORK verification parameters found, " +AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER + "is missing.");
- return null;
- }
-
- SignatureVerificationParameter signatureVerificationParameter = new SignatureVerificationParameter();
-
- String trustProfileID = XPathUtils.getElementValue(signatureVerificationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID, null);
- if (StringUtils.isEmpty(trustProfileID)) {
- Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID + "is missing.");
- return null;
- }
- Logger.trace("Using the following MOA-SP TrustProfile for STORK SAML signature verification: " + trustProfileID);
- signatureVerificationParameter.setTrustProfileID(trustProfileID);
-
- Logger.info("STORK signature verification parameters loaded.");
-
- return signatureVerificationParameter;
- }
-
- /**
- * Builds a C-PEPS object from configuration
- * @param cpepsElement DOM Element of C-PEPS from configuration
- * @return C-PEPS object
- */
- public CPEPS buildSTORKCpeps(Element cpepsElement) {
-
- String countryCode = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE);
- String cpepsURLString = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL);
- if (StringUtils.isEmpty(countryCode)) {
- Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE + "is missing.");
- return null;
- }
- if (StringUtils.isEmpty(cpepsURLString)) {
- Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL + "is missing.");
- return null;
- }
-
- URL cpepsURL;
- try {
- cpepsURL = new URL(cpepsURLString);
- } catch (MalformedURLException e) {
- Logger.error("Provided CPEPS-URL (" + cpepsURLString + ") for country " + countryCode + " is not a URL", e);
- return null;
- }
- CPEPS cpeps = new CPEPS(countryCode, cpepsURL);
- Logger.debug("Adding C-PEPS for country: " + cpeps.getCountryCode() + ", URL: " + cpeps.getPepsURL());
-
- Element reqAttributeElement;
- NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(cpepsElement, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES);
-
- while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) {
- RequestedAttribute requestedAttribute;
- try {
- requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement);
- } catch (MessageEncodingException e) {
- Logger.error("Provided RequestedAttributes for CPEPS from country " + countryCode + " is malformed.", e);
- return null;
- }
- //only add if STORK attribute is correct
- if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) {
- cpeps.addCountrySpecificRequestedAttribute(requestedAttribute);
- Logger.debug("Adding also country specific requested attribute for C-PEPS (" + countryCode + "): " + requestedAttribute.getName() + ", isRequired: " + requestedAttribute.isRequired());
- } else {
- Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName());
- }
-
- }
-
- return cpeps;
- }
-
- /**
- * Builds the supported C-PEPS Map from configuration
- * @return Map of C-PEPS
- */
- public Map<String, CPEPS> buildSTORKcPEPSMap() {
-
- Logger.debug("Loading STORK C-PEPS information");
-
- Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
-
- NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS);
-
- Element cpepsElement;
- CPEPS cpeps;
-
- while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) {
- cpeps = buildSTORKCpeps(cpepsElement);
- if (cpeps != null) {
- cpepsMap.put(cpeps.getCountryCode(), cpeps);
- }
- }
-
- if(!cpepsMap.isEmpty()) {
- Logger.info("STORK C-PEPS information loaded");
- }
-
- return cpepsMap;
-
- }
-
- /**
- * Builds the required STORK QAALevel for this OA
- * @param authComponentElement DOM Element of AuthComponent (from MOA configuration)
- * @return STORK QAALevel for this OA
- */
- public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) {
- Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA);
-
- if (qaaLevelElement == null) return null;
-
- try {
- QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement);
- return qaaLevel;
- } catch (MessageEncodingException e) {
- Logger.error("Could not build STORK QAALevel, using default.");
- return null;
- }
-
- }
-
- /**
- * Builds the Requested Attributes specific for an OA
- * @param authComponentElement DOM Element of AuthComponent (from MOA configuration)
- * @return STORK RequestedAttributes for this OA
- */
- public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) {
- List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
-
-
- Element reqAttributeElement;
- NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE);
-
- while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) {
- RequestedAttribute requestedAttribute;
- try {
- requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement);
- } catch (MessageEncodingException e) {
- Logger.error("Provided RequestedAttributes Online Application is malformed.", e);
- return null;
- }
- //only add if STORK attribute is correct
- if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) {
- reqAttributeList.add(requestedAttribute);
- } else {
- Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName());
- }
- }
-
- return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList);
- }
-
- /**
* Method warn.
* @param messageId to identify a country-specific message
* @param parameters for the logger
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
index 3948522c0..7174e05dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
@@ -24,15 +24,6 @@
package at.gv.egovernment.moa.id.config.legacy;
-import java.util.ArrayList;
-
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.common.STORKConstants;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-
/**
* Configuration parameters belonging to an online application,
* to use with the MOA ID Auth component.
@@ -129,22 +120,6 @@ public class OAAuthParameter extends OAParameter {
*/
private String identityLinkDomainIdentifierType;
- /**
- * STORK QAA Level, Default = 4
- */
- private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
-
- /**
- * STORK RequestedAttributes for Online Application
- * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
- */
- private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
-
-
/**
* Returns <code>true</code> if the Security Layer version is version 1.2,
* otherwise <code>false</code>.
@@ -464,38 +439,4 @@ public class OAAuthParameter extends OAParameter {
return this.mandateProfiles;
}
- /**
- * Returns the defined STORK QAALevel
- * @return STORK QAALevel
- */
- public QualityAuthenticationAssuranceLevel getQaaLevel() {
- return qaaLevel;
- }
-
- /**
- * Sets the STORK QAALevel
- * @param qaaLevel
- */
- public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) {
- this.qaaLevel = qaaLevel;
- }
-
- /**
- * Returns the desired STORK Requested Attributes
- * @return STORK Requested Attributes
- */
- public RequestedAttributes getRequestedAttributes() {
- return requestedAttributes;
- }
-
- /**
- * Sets the desired STORK Requested Attributes
- * @param requestedAttributes
- */
- public void setRequestedAttributes(RequestedAttributes requestedAttributes) {
- this.requestedAttributes = requestedAttributes;
- }
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 6a3f4cc9e..95ed628fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -1,9 +1,8 @@
/**
- *
+ *
*/
package at.gv.egovernment.moa.id.config.stork;
-import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
@@ -12,133 +11,91 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
-
-import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
* Encapsulates several STORK configuration parameters according MOA configuration
- *
+ *
* @author bzwattendorfer
*
*/
public class STORKConfig {
-
+
/** STORK SAML signature creation parameters */
private Properties props = null;
private Map<String, CPEPS> cpepsMap = null;
private String basedirectory = null;
private SignatureVerificationParameter sigverifyparam = null;
-
-
+ private List<StorkAttribute> attr = null;
+
+
public STORKConfig(STORK stork, Properties props, String basedirectory) {
this.basedirectory = basedirectory;
this.props = props;
-
+
//create CPEPS map
List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
cpepsMap = new HashMap<String, CPEPS>();
-
+
for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
-
+
try {
CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
-
- List<String> attr = cpep.getAttributeValue();
-
- ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
-
- for (String e1 : attr) {
- Element element = XMLUtil.stringToDOM(e1);
- RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
- requestedAttributes.add(requestedAttribute);
- }
- moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
-
+
cpepsMap.put(cpep.getCountryCode(), moacpep);
-
+
} catch (MalformedURLException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ cpep.getCountryCode() + " has an invalid URL and is ignored.");
- } catch (ParserConfigurationException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (SAXException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (IOException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (MessageEncodingException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
}
}
- SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
-
- if (samlsign == null) {
- Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
- } else {
- SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
-
- if (sigverify == null) {
- Logger.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
-
- } else {
- sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID());
- }
+ attr = new ArrayList<StorkAttribute>();
+ for(StorkAttribute current : stork.getAttributes()) {
+ attr.add(current);
}
-
+
}
public SignatureCreationParameter getSignatureCreationParameter() {
-
+
return new SignatureCreationParameter(props, basedirectory);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
-
- return sigverifyparam;
+
+ return sigverifyparam;
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
+
public boolean isSTORKAuthentication(String ccc) {
-
+
if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
return false;
-
+
if (this.cpepsMap.containsKey(ccc.toUpperCase()))
return true;
else
return false;
-
+
}
-
+
public CPEPS getCPEPS(String ccc) {
if (isSTORKAuthentication(ccc))
return this.cpepsMap.get(ccc);
else
return null;
}
-
+ public List<StorkAttribute> getStorkAttributes() {
+ return attr;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
index c744abdf5..495f5f0db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
@@ -15,8 +15,8 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.vidp.messages.util.XMLUtil;
public class SAMLVerifierMOASP implements ISAMLVerifier {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index fa9dbe990..bf353bce4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -1,12 +1,17 @@
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -48,6 +53,15 @@ public class GetArtifactAction implements IAction {
oaParam,
target);
+ // add other stork attributes to MOA assertion if available
+ if(null != session.getStorkAttributes()) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes());
+ session.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes);
+ //produce MOA-Assertion and artifact
+ AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+ Logger.info("MOA assertion assembled and SAML Artifact generated.");
+ }
+
String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
index e8af82872..9de1e8d88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
@@ -24,6 +24,9 @@ public class FormBuildUtils {
private static String MANDATEVISIBLE = "#MANDATEVISIBLE#";
private static String MANDATECHECKED = "#MANDATECHECKED#";
+
+ private static String STORKVISIBLE = "#STORKVISIBLE#";
+
private static final String TEMPLATEVISIBLE = " display: none";
private static final String TEMPLATEDISABLED = "disabled=\"true\"";
private static final String TEMPLATECHECKED = "checked=\"true\"";
@@ -52,7 +55,8 @@ public class FormBuildUtils {
public static String customiceLayoutBKUSelection(String value, boolean isShowMandateCheckbox,
- boolean isOnlyMandateAllowed, Map<String, String> map) {
+ boolean isOnlyMandateAllowed,
+ Map<String, String> map, boolean showStorkLogin) {
if (isShowMandateCheckbox)
value = value.replace(MANDATEVISIBLE, "");
@@ -67,6 +71,11 @@ public class FormBuildUtils {
} else
value = value.replace(MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
+ if (showStorkLogin)
+ value = value.replace(STORKVISIBLE, "");
+ else
+ value = value.replace(STORKVISIBLE, TEMPLATEVISIBLE);
+
String fonttype = map.get(FONTFAMILY);
if (MiscUtil.isNotEmpty(fonttype)) {
String[] fonttypeList = fonttype.split(",");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java
new file mode 100644
index 000000000..d87d510fa
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java
@@ -0,0 +1,143 @@
+/**
+ *
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * Helper class for XML processing
+ * @author bzwattendorfer
+ *
+ */
+public class XMLUtil {
+
+ /**
+ * Transforms a string representation to a DOM representation
+ * @param xmlString XML as string
+ * @return DOM representation of String
+ * @throws ParserConfigurationException
+ * @throws SAXException
+ * @throws IOException
+ */
+ public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+
+ Reader reader = new StringReader(xmlString);
+ InputSource src = new InputSource(reader);
+ Document domDoc = builder.parse(src);
+ return domDoc.getDocumentElement();
+ }
+
+ /**
+ * Creates a new and empty XML document
+ * @return New XML document
+ * @throws ParserConfigurationException
+ */
+ public static Document createNewDocument() throws ParserConfigurationException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ return builder.newDocument();
+ }
+
+ /**
+ * Transforms an XML to a String
+ * @param node XML node
+ * @return String represenation of XML
+ */
+ public static String printXML(Node node) {
+ TransformerFactory tfactory = TransformerFactory.newInstance();
+ Transformer serializer;
+ try {
+ serializer = tfactory.newTransformer();
+
+ serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8");
+
+ StringWriter output = new StringWriter();
+ serializer.transform(new DOMSource(node), new StreamResult(output));
+ return output.toString();
+ } catch (TransformerException e) {
+
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Writes an XML element to a given file
+ * @param doc XML element
+ * @param filename Filename of the file where to write XML
+ */
+ public static void writeXmlFile(Element doc, String filename) {
+ try {
+
+ Source source = new DOMSource(doc);
+ File file = new File(filename);
+ Result result = new StreamResult(file);
+
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, result);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Gets the first text value of a NodeList
+ * @param nList NodeList
+ * @return first text value of a NodeList
+ */
+ public static String getFirstTextValueFromNodeList(NodeList nList) {
+ if (nList != null && nList.getLength() != 0) {
+ return nList.item(0).getTextContent();
+ }
+ return null;
+ }
+
+ /**
+ * Gets the first element of a Node
+ * @param parent Node
+ * @return first element of a Node
+ */
+ public static Element getFirstElement(Node parent) {
+ Node n = parent.getFirstChild();
+ while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
+ n = n.getNextSibling();
+ }
+ if (n == null) {
+ return null;
+ }
+ return (Element)n;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 801a2dbf1..e28a67d75 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -424,11 +424,6 @@
text-align: right;
}
- #stork {
- margin-bottom: 10px;
- margin-top: 5px;
- }
-
#mandateLogin {
padding-bottom: 4%;
padding-top: 4%;
@@ -812,32 +807,26 @@
</p-->
</form>
</div>
-
- <!-- <div id="stork" align="center">
- <div id="leftcontent" style="margin-bottom:10px">
- <h2 id="tabheader" class="dunkel">
- Home Country Selection
- </h2>
- </div>
- <p>
- <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
- <option value="BE">Belgi&euml;/Belgique</option>
- <option value="EE">Eesti</option>
- <option value="ES">Espa&ntilde;a</option>
- <option value="IS">&Iacute;sland</option>
- <option value="IT">Italia</option>
- <option value="LI">Liechtenstein</option>
- <option value="LT">Lithuania</option>
- <option value="PT">Portugal</option>
- <option value="SI">Slovenija</option>
- <option value="FI">Suomi</option>
- <option value="SE">Sverige</option>
- </select>
- <button name="bkuButton" type="button" onClick="storkClicked();">Send</button>
- <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
- </p>
- </div>
- </div> -->
+ <div id="stork" align="center" style="#STORKVISIBLE#">
+ <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
+ <p>
+ <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
+ <option value="BE">Belgi&euml;/Belgique</option>
+ <option value="EE">Eesti</option>
+ <option value="ES">Espa&ntilde;a</option>
+ <option value="IS">&Iacute;sland</option>
+ <option value="IT">Italia</option>
+ <option value="LI">Liechtenstein</option>
+ <option value="LT">Lithuania</option>
+ <option value="PT">Portugal</option>
+ <option value="SI">Slovenija</option>
+ <option value="FI">Suomi</option>
+ <option value="SE">Sverige</option>
+ </select>
+ <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
+ <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </p>
+ </div>
<div id="metroDetected" style="display:none">
<p>Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können.
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/saml2-post-binding-moa.vm b/id/server/idserverlib/src/main/resources/resources/templates/saml2-post-binding-moa.vm
new file mode 100644
index 000000000..cac0bda76
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/saml2-post-binding-moa.vm
@@ -0,0 +1,38 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Contains target attribute to delegate PEPS authentication out of iFrame
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+ <body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support JavaScript,
+ you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+ <form action="${action}" method="post" target="_parent">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+
+ #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+
+ #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue"/>
+ </div>
+ </noscript>
+ </form>
+
+ </body>
+</html> \ No newline at end of file