diff options
Diffstat (limited to 'id/server/idserverlib')
24 files changed, 823 insertions, 1116 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index cd9e0a7df..8a9cdd51f 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -25,16 +25,23 @@ </repositories>
<dependencies>
- <dependency>
- <groupId>MOA.id</groupId>
- <artifactId>stork-saml-engine</artifactId>
- <version>1.5.2</version>
- </dependency>
- <dependency>
- <groupId>MOA.id.server</groupId>
- <artifactId>moa-id-commons</artifactId>
- <version>${pom.version}</version>
- </dependency>
+
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>stork-saml-engine</artifactId>
+ <version>1.5.2</version>
+ </dependency>
+
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 278f93f14..f19881578 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,18 +24,18 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; -import iaik.pki.PKIException; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.security.GeneralSecurityException; +import java.io.StringWriter; +import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; -//import java.security.cert.CertificateFactory; import java.util.ArrayList; +//import java.security.cert.CertificateFactory; import java.util.Calendar; import java.util.Date; import java.util.Iterator; @@ -50,11 +50,14 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import org.apache.xpath.XPathAPI; -import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; -import org.springframework.util.xml.DomUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -90,7 +93,7 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; -import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -103,6 +106,8 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -118,6 +123,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; @@ -129,21 +135,19 @@ import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; +import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.exception.SAMLException; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is * stored in a session store and retrieved by giving the session ID. - * + * * @author Paul Ivancsics * @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher * $ @@ -166,7 +170,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Returns the single instance of <code>AuthenticationServer</code>. - * + * * @return the single instance of <code>AuthenticationServer</code> */ public static AuthenticationServer getInstance() { @@ -197,7 +201,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * response to</li> * </ul> * </ul> - * + * * @param authURL * URL of the servlet to be used as data URL * @param target @@ -232,13 +236,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (session == null) { throw new AuthenticationException("auth.18", new Object[] { }); } - + //load OnlineApplication configuration OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); - + //load Template String template = null; if (session.getTemplateURL() != null) { @@ -251,7 +255,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String infoboxReadRequest = ""; - + if (session.isSsoRequested()) { //load identityLink with SSO Target boolean isbuisness = false; @@ -261,50 +265,50 @@ public class AuthenticationServer implements MOAIDAuthConstants { isbuisness = true; domainIdentifier = ssobusiness.getValue(); } - + //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( isbuisness, domainIdentifier); - + } else { //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); } - + String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - + //removed in MOAID 2.0 String pushInfobox = ""; - + // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); // if (verifyInfoboxParameters != null) { // pushInfobox = verifyInfoboxParameters.getPushInfobox(); // session.setPushInfobox(pushInfobox); // } - + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); - + //get Applet Parameters String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); appletheigth = StringEscapeUtils.escapeHtml(appletheigth); appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - + String htmlForm = new GetIdentityLinkFormBuilder().build(template, session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); - + return htmlForm; } @@ -324,7 +328,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation</li> * </ul> - * + * * @param sessionID * ID of associated authentication session data * @param infoboxReadResponseParameters @@ -332,7 +336,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * including the <code><InfoboxReadResponse></code> * @return String representation of the * <code><CreateXMLSignatureRequest></code> - * @throws BKUException + * @throws BKUException */ public String verifyIdentityLink(AuthenticationSession session, Map<String, String> infoboxReadResponseParameters) throws AuthenticationException, @@ -349,7 +353,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(xmlInfoboxReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -409,7 +413,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - + //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); @@ -432,7 +436,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation</li> * </ul> - * + * * @param sessionID * ID of associated authentication session data * @param infoboxReadResponseParameters @@ -457,14 +461,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (certificate.getExtension(OWid) != null) { session.setOW(true); } - + } - + } catch (X509ExtensionInitException e) { Logger.warn("Certificate extension is not readable."); session.setOW(false); } - + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -473,10 +477,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); - + return returnvalue; } - + /** * Processes an <code>Mandate</code> sent by the MIS.<br> * <ul> @@ -487,7 +491,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation</li> * </ul> - * + * * @param sessionID * ID of associated authentication session data * @param infoboxReadResponseParameters @@ -511,10 +515,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam .getBusinessService()); - + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); - - + + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -528,11 +532,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } - + } /** - * + * * @param session * @param authConf * @param oaParam @@ -577,7 +581,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <ul> * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li> * </ul> - * + * * @param sessionID * ID of associated authentication session data * @param cert @@ -599,7 +603,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); } @@ -637,13 +641,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <li>Verifies signature by calling the MOA SP component</li> * <li>Returns the signer certificate</li> * </ul> - * + * * @param sessionID * ID of associated authentication session data * @param createXMLSignatureResponseParameters * The parameters from the response returned from the BKU * including the <code><CreateXMLSignatureResponse></code> - * @throws BKUException + * @throws BKUException */ public X509Certificate verifyXMLSignature(String sessionID, Map<String, String> createXMLSignatureResponseParameters) @@ -697,13 +701,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <li>Verifies signature by calling the MOA SP component</li> * <li>Returns the signer certificate</li> * </ul> - * + * * @param sessionID * ID of associated authentication session data * @param readInfoboxResponseParameters * The parameters from the response returned from the BKU * including the <code><ReadInfoboxResponse></code> - * @throws BKUException + * @throws BKUException */ public X509Certificate getCertificate(String sessionID, Map<String, String> readInfoboxResponseParameters) throws AuthenticationException, @@ -733,80 +737,80 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Builds an authentication block <code><saml:Assertion></code> from * given session data. - * + * * @param session * authentication session - * + * * @return <code><saml:Assertion></code> as a String - * + * * @throws BuildException * If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { - + IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); String identificationValue = null; String identificationType = null; - + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { identificationType = ""; identificationValue = ""; - + } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { if (oaParam.getBusinessService()) { - + String bpkBase64 = new BPKBuilder().buildWBPK(identityLink .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); identificationValue = bpkBase64; - + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) identificationType = oaParam.getIdentityLinkDomainIdentifier(); else identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - + } else { String bpkBase64 = new BPKBuilder().buildBPK(identityLink .getIdentificationValue(), session.getTarget()); identificationValue = bpkBase64; identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); } - + } else { identificationValue = identityLink.getIdentificationValue(); identificationType = identityLink.getIdentificationType(); - + } - + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar .getInstance()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); String targetFriendlyName = session.getTargetFriendlyName(); - + // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) // String oaURL = session.getPublicOAURLPrefix(); - + List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - - + + if (session.isSsoRequested()) { String oaURL =new String(); try { oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl(); - + if (MiscUtil.isNotEmpty(oaURL)) oaURL = oaURL.replaceAll("&", "&"); - + } catch (ConfigurationException e) { } String authBlock = new AuthenticationBlockAssertionBuilder() @@ -815,7 +819,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); return authBlock; - + } else { String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() @@ -824,20 +828,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); return authBlock; - } + } } - + /** * Verifies the infoboxes (except of the identity link infobox) returned by * the BKU by calling appropriate validator classes. - * + * * @param session * The actual authentication session. * @param mandate * The Mandate from the MIS - * + * * @throws AuthenticationException * @throws ConfigurationException * @throws TransformerException @@ -860,19 +864,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { verifySAMLAttribute(samlAttribute, i, "MISService", "MISService"); - + } } /** * Verifies the infoboxes (except of the identity link infobox) returned by * the BKU by calling appropriate validator classes. - * + * * @param session * The actual authentication session. * @param mandate * The Mandate from the MIS - * + * * @throws AuthenticationException * @throws ConfigurationException * @throws TransformerException @@ -897,7 +901,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Adds given SAML Attributes to the current session. They will be appended * to the final SAML Assertion or the AUTH block. If the attributes are * already in the list, they will be replaced. - * + * * @param session * The current session * @param extendedSAMLAttributes @@ -968,7 +972,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Adds the AUTH block related SAML attributes to the validation result. * This is needed always before the AUTH block is to be signed, because the * name of the mandator has to be set - * + * * @throws ParserConfigurationException * @throws IOException * @throws SAXException @@ -1035,7 +1039,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Adds the AUTH block related SAML attributes to the validation result. * This is needed always before the AUTH block is to be signed, because the * name of the mandator has to be set - * + * * @throws ParserConfigurationException * @throws IOException * @throws SAXException @@ -1080,7 +1084,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * + * * @param mandate * @return * @throws ParserConfigurationException @@ -1132,7 +1136,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <li>Deletes authentication session</li> * <li>Returns the SAML artifact, encoded BASE64</li> * </ul> - * + * * @param sessionID * session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse @@ -1140,20 +1144,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <code><CreateXMLSignatureResponse></code> * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 - * @throws BKUException + * @throws BKUException */ public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException { - + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses <CreateXMLSignatureResponse> @@ -1176,7 +1180,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); else new CreateXMLSignatureResponseValidator().validate(csresp, session); - + // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); @@ -1215,7 +1219,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // Compare AuthBlock Data with information stored in session, especially // date and time CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); - + // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( vsresp, session.getIdentityLink()); @@ -1258,29 +1262,29 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } } - + session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); vsresp.setX509certificate(null); session.setForeigner(false); - + if (session.getUseMandate()) { // mandate mode return null; - + } else { - + session.setAuthenticatedUsed(false); session.setAuthenticated(true); - + String oldsessionID = session.getSessionID(); - + //Session is implicte stored in changeSessionID!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - + return newMOASessionID; } } @@ -1302,7 +1306,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <li>Deletes authentication session</li> * <li>Returns the SAML artifact, encoded BASE64</li> * </ul> - * + * * @param sessionID * session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse @@ -1363,7 +1367,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <li>Deletes authentication session</li> * <li>Returns the SAML artifact, encoded BASE64</li> * </ul> - * + * * @param sessionID * session ID of the running authentication session * @return SAML artifact needed for retrieving authentication data, encoded @@ -1372,11 +1376,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String getForeignAuthenticationData(AuthenticationSession session) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - + // post processing of the infoboxes Iterator iter = session.getInfoboxValidatorIterator(); boolean formpending = false; @@ -1419,10 +1423,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - + session.setAuthenticatedUsed(false); session.setAuthenticated(true); - + session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); @@ -1436,7 +1440,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Builds the AuthenticationData object together with the corresponding * <code><saml:Assertion></code> - * + * * @param session * authentication session * @param verifyXMLSigResp @@ -1456,23 +1460,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - + boolean businessService = oaParam.getBusinessService(); - + authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); - + authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar .getInstance())); - + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); - + authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); @@ -1482,25 +1486,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setPublicAuthorityCode(verifyXMLSigResp .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); - + try { - + if (session.getUseMandate() && session.isOW()) { MISMandate mandate = session.getMISMandate(); authData.setBPK(mandate.getOWbPK()); authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); authData.setIdentityLink(identityLink); - + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - + } else { - + if (businessService) { //since we have foreigner, wbPK is not calculated in BKU if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { // If domainIdentifier starts with prefix // "urn:publicid:gv.at:wbpk+"; remove this prefix @@ -1508,47 +1512,47 @@ public class AuthenticationServer implements MOAIDAuthConstants { .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + registerAndOrdNr); - } - + } + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); authData.setBPK(wbpkBase64); authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - + } else { authData.setBPK(identityLink.getIdentificationValue()); authData.setBPKType(identityLink.getIdentificationType()); - + } - + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - + Element idlassertion = session.getIdentityLink().getSamlAssertion(); //set bpk/wpbk; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type + //set bkp/wpbk type Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); IdentityLink idl = idlparser.parseIdentityLink(); authData.setIdentityLink(idl); - + } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); authData.setBPK(bpkBase64); authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); } - + Logger.trace("Authenticate user with bPK " + authData.getBPK()); - + authData.setIdentityLink(identityLink); } } - + return authData; } catch (Throwable ex) { @@ -1559,7 +1563,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Retrieves a session from the session store. - * + * * @param id * session ID * @return <code>AuthenticationSession</code> stored with given session ID, @@ -1567,7 +1571,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public static AuthenticationSession getSession(String id) throws AuthenticationException { - + AuthenticationSession session; try { session = AuthenticationSessionStoreage.getSession(id); @@ -1575,10 +1579,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (session == null) throw new AuthenticationException("auth.02", new Object[] { id }); return session; - + } catch (MOADatabaseException e) { throw new AuthenticationException("parser.04", new Object[] { id }); - } + } } /** @@ -1586,38 +1590,38 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - - //clean AuthenticationSessionStore - + + //clean AuthenticationSessionStore + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); - + //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); assertionstore.clean(now, authDataTimeOut); - - //clean ExeptionStore + + //clean ExeptionStore DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); exstore.clean(now, authDataTimeOut); - + } /** * Sets the sessionTimeOut. - * + * * @param seconds * Time out of the session in seconds */ public void setSecondsSessionTimeOutCreated(long seconds) { sessionTimeOutCreated = seconds * 1000; } - + public void setSecondsSessionTimeOutUpdated(long seconds) { sessionTimeOutUpdated = seconds * 1000; } /** * Sets the authDataTimeOut. - * + * * @param seconds * Time out for signing AuthData in seconds */ @@ -1627,7 +1631,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Checks a parameter. - * + * * @param param * parameter * @return true if the parameter is null or empty @@ -1638,7 +1642,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Checks the correctness of SAML attributes and returns its value. - * + * * @param param * samlAttribute * @param i @@ -1687,15 +1691,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { return value; } - + /** * Does the request to the SZR-GW * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse - getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { SZRGWClient client = null; @@ -1707,9 +1711,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(DOMUtils.serializeNode(signature).getBytes()); + request.setSignature(citizenSignature.getBytes()); + PEPSData data = new PEPSData(); + data.setDateOfBirth(PEPSDateOfBirth); + data.setFamilyname(PEPSFamilyname); + data.setFirstname(PEPSFirstname); + data.setIdentifier(PEPSIdentifier); + +// TODO add mandate data +// data.setRepresentative(representative); +// data.setRepresented(represented); +// data.setMandateContent(mandateContent); + + if(null != PEPSIdentifier) + request.setPEPSData(data); + + // TODO add MIS data +// request.setMIS(value) + + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); + return response; @@ -1729,17 +1752,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // throw new SZRGWClientException("Could not initialize SSL Factory"); // } // } - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } catch (TransformerException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } // // create request @@ -1768,13 +1784,41 @@ public class AuthenticationServer implements MOAIDAuthConstants { return null; } - + + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); + } + /** * Starts a MOA-ID authentication process using STORK * @param req HttpServletRequest * @param resp HttpServletResponse * @param ccc Citizen country code - * @param oaURL URL of the online application + * @param oaURL URL of the online application * @param target Target parameter * @param targetFriendlyName Friendly Name of Target * @param authURL Authentication URL @@ -1786,138 +1830,114 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public static void startSTORKAuthentication( HttpServletRequest req, - HttpServletResponse resp, + HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - + if (moasession == null) { throw new AuthenticationException("auth.18", new Object[] { }); } - + //read configuration paramters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); - - //Start of STORK Processing + + //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); + + Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); Logger.debug("C-PEPS URL: " + destination); - + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - + String providerName= oaParam.getFriendlyName(); String issuerValue = HTTPUtils.getBaseURL(req); Logger.debug("Issuer value: " + issuerValue); - - - QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); - //Logger.debug("QAALevel: " + qaaLevel.getValue()); - - RequestedAttributes requestedAttributes = null; - - requestedAttributes = oaParam.getRequestedAttributes(); - requestedAttributes.detach(); - List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); - List<RequestedAttribute> oaReqAttributeList = null; - oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); - - //check if country specific attributes must be additionally requested - if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { - //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); - Logger.debug("The following attributes are requested for this specific country:"); - List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes()); - for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { - csReqAttr.detach(); - if (!STORKConstants.DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET.contains(csReqAttr.getName())) { - //this country specific attribute does not override default attribute - if (SAMLUtil.containsAttribute(oaReqAttributeList, csReqAttr.getName())) { - //the same attribute is requested for OA, applying hierachy - //remove oa attribute - oaReqAttributeList.remove(SAMLUtil.getAttribute(oaReqAttributeList, csReqAttr.getName())); - //add country specific attribute instead - Logger.debug("Requested Attribute (" + csReqAttr.getName() + ") is also requested by OA but we use Country Specific value instead"); - } - oaReqAttributeList.add(csReqAttr); - Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired()); - } else { - Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired() + " tries to overwrite default requested and required attributes, hence we skip it."); - } - - } - reqAttributeList.addAll(oaReqAttributeList); - } else { - //no country specific requested attributes - reqAttributeList.addAll(oaReqAttributeList); + + // prepare collection of required attributes + // - attributes for online application + List<OAStorkAttribute> attributesFromConfig = oaParam.getRequestedAttributes(); + + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + // - fill container + for(OAStorkAttribute current : attributesFromConfig) { + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(current.getName()); + + boolean globallyMandatory = false; + for(StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) + if(current.getName().equals(currentGlobalAttribute.getName())) { + globallyMandatory = currentGlobalAttribute.isMandatory(); + break; + } + + newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); + attributeList.add(newAttribute); } - - reqAttributeList = (List<RequestedAttribute>) SAMLUtil.releaseDOM(reqAttributeList); - requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); - + + // add sign request + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("signedDoc"); + List<String> value = new ArrayList<String>(); + value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml")); + newAttribute.setValue(value); + attributeList.add(newAttribute); + + if (Logger.isDebugEnabled()) { Logger.debug("The following attributes are requested for this OA:"); - for (RequestedAttribute logReqAttr : reqAttributeList) { - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isRequired()); - - } + for (OAStorkAttribute logReqAttr : attributesFromConfig) + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); } - - + //TODO: check Target in case of SSO!! String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; - - String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); - - //generate AuthnRquest - STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( - destination, - acsURL, - providerName, - issuerValue, - qaaLevel, - requestedAttributes, - spSector, - spInstitution, - spApplication, - spCountry, - textToBeSigned, - "application/xhtml+xml"); - + + //generate AuthnRquest + STORKAuthnRequest authnRequest = new STORKAuthnRequest(); + authnRequest.setDestination(destination); + authnRequest.setAssertionConsumerServiceURL(acsURL); + authnRequest.setProviderName(providerName); + authnRequest.setIssuer(issuerValue); + authnRequest.setQaa(oaParam.getQaaLevel()); + authnRequest.setSpInstitution(spInstitution); + authnRequest.setCountry(spCountry); + authnRequest.setSpApplication(spApplication); + authnRequest.setSpSector(spSector); + authnRequest.setPersonalAttributeList(attributeList); + + authnRequest.setEIDCrossBorderShare(true); + authnRequest.setEIDCrossSectorShare(true); + authnRequest.setEIDSectorShare(true); + + authnRequest.setCitizenCountryCode("LOCAL"); + + Logger.debug("STORK AuthnRequest succesfully assembled."); - - //sign AuthnRequest - String keyStorePath = storkConfig.getSignatureCreationParameter().getKeyStorePath(); - String keyStorePassword = storkConfig.getSignatureCreationParameter().getKeyStorePassword(); - String keyName = storkConfig.getSignatureCreationParameter().getKeyName(); - String keyPassword = storkConfig.getSignatureCreationParameter().getKeyPassword(); - - Logger.debug("Starting signing process of STORK AuthnRequest."); - Logger.trace("Using the following Keystore and Key for that:"); - Logger.trace("KeyStore: " + keyStorePath); - Logger.trace("KeyName: " + keyName); - + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("CONF0"); try { - storkAuthnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(storkAuthnRequest, keyStorePath, keyStorePassword, keyName, keyPassword); - } catch (SAMLException e) { + authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); + } catch (STORKSAMLEngineException e) { Logger.error("Could not sign STORK SAML AuthnRequest.", e); throw new MOAIDException("stork.00", null); } - + Logger.info("STORK AuthnRequest successfully signed!"); //validate AuthnRequest try { - STORKAuthnRequestProcessor.validateSTORKAuthnRequest(storkAuthnRequest); - } catch (SAMLValidationException e) { + samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { Logger.error("STORK SAML AuthnRequest not valid.", e); throw new MOAIDException("stork.01", null); } @@ -1925,28 +1945,56 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moasession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(authnRequest); HttpSession httpSession = req.getSession(); httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); - - Logger.debug("Preparing to send STORK AuthnRequest."); - + + + Logger.info("Preparing to send STORK AuthnRequest."); + Logger.info("prepared STORKAuthnRequest: "); + Logger.info(new String(authnRequest.getTokenSaml())); + try { - STORKAuthnRequestProcessor.sendSTORKAuthnRequest(req, resp, storkAuthnRequest); + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); } catch (Exception e) { Logger.error("Error sending STORK SAML AuthnRequest.", e); httpSession.invalidate(); throw new MOAIDException("stork.02", new Object[] { destination }); } - - Logger.info("STORK AuthnRequest successfully sent to: " + storkAuthnRequest.getDestination()); - Logger.debug("STORKAuthnRequest sent (pretty print): "); - Logger.debug(XMLHelper.prettyPrintXML(storkAuthnRequest.getDOM())); - Logger.trace("STORKAuthnRequest sent (original): "); - Logger.trace(XMLUtil.printXML(storkAuthnRequest.getDOM())); - + + Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); + } + + private static String generateDssSignRequest(String text, String mimeType) { + IdentifierGenerator idGenerator; + try { + idGenerator = new SecureRandomIdentifierGenerator(); + + return "<dss:SignRequest xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" " + + "RequestID=\"" + idGenerator.generateIdentifier() + "\">" + + "<dss:InputDocuments>" + + "<dss:Document>" + + "<dss:Base64Data MimeType=\"" + mimeType + "\">" + text + "</dss:Base64Data>" + + "</dss:Document>" + + "</dss:InputDocuments>" + + "</dss:SignRequest>"; + } catch (NoSuchAlgorithmException e) { + Logger.error("Cannot generate id", e); + throw new RuntimeException(e); + } } - + /** * Extracts an X509 Certificate out of an XML signagture element * @param signedXML XML signature element @@ -1954,27 +2002,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws CertificateException */ public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { - + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); - + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(base64CertString)) { + + if (StringUtils.isEmpty(base64CertString)) { String msg = "XML does not contain a X509Certificate element."; Logger.error(msg); throw new CertificateException(msg); } - + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - + X509Certificate cert; try { cert = new X509Certificate(is); return cert; - + } catch (Throwable e) { throw new CertificateException(e); } } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index a00ae4ccf..cad8857a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -114,7 +114,8 @@ public class LoginFormBuilder { value = FormBuildUtils.customiceLayoutBKUSelection(value, oaParam.isShowMandateCheckBox(), oaParam.isOnlyMandateAllowed(), - oaParam.getFormCustomizaten()); + oaParam.getFormCustomizaten(), + oaParam.isShowStorkLogin()); } return value; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index b763afd65..49bdf3bbd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -101,7 +101,8 @@ public class SendAssertionFormBuilder { value = FormBuildUtils.customiceLayoutBKUSelection(value, oaParam.isShowMandateCheckBox(), oaParam.isOnlyMandateAllowed(), - oaParam.getFormCustomizaten()); + oaParam.getFormCustomizaten(), + oaParam.isShowStorkLogin()); } return value; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java index e4bf37417..3bc152ec8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -36,8 +36,7 @@ public class StartAuthenticationBuilder { Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); // STORK or normal authentication - //TODO: commented because npe was thrown - /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { //STORK authentication Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); Logger.debug("Starting STORK authentication"); @@ -45,13 +44,13 @@ public class StartAuthenticationBuilder { AuthenticationServer.startSTORKAuthentication(req, resp, moasession); return ""; - } else {*/ + } else { //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req); return getIdentityLinkForm; - //} + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 9aecefd43..3ab6701c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -26,6 +26,9 @@ import java.util.Vector; import org.w3c.dom.Element; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; @@ -33,7 +36,6 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -import eu.stork.mw.messages.saml.STORKAuthnRequest; /** * Session data to be stored between <code>AuthenticationServer</code> API calls. @@ -253,7 +255,9 @@ public class AuthenticationSession implements Serializable { private VerifyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; - + + private IPersonalAttributeList storkAttributes; + // private String requestedProtocolURL = null; public String getModul() { @@ -961,6 +965,24 @@ public class AuthenticationSession implements Serializable { public void setAuthBlockTokken(String authBlockTokken) { this.authBlockTokken = authBlockTokken; } + + /** + * Memorizes the stork attribute list. + * + * @param personalAttributeList the new stork attributes + */ + public void setStorkAttributes(IPersonalAttributeList personalAttributeList) { + this.storkAttributes = personalAttributeList; + } + + /** + * Recalls the stork attribute list. + * + * @return the stork attributes + */ + public IPersonalAttributeList getStorkAttributes() { + return this.storkAttributes; + } /** // * @return the oAuth20SessionObject diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index bc8693b55..553b8db9d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
+import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.CertificateException; import java.util.Map; @@ -47,14 +48,14 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /**
* Servlet requested for getting the foreign eID
@@ -162,23 +163,15 @@ public class GetForeignIDServlet extends AuthServlet { }
// make SZR request to the identity link
- CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature);
+ CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
- if (response.isError()) {
- throw new SZRGWClientException(response.getError());
+ if (null != response.getErrorResponse()){ + // TODO fix exception parameter
+ throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
}
else {
-
- Element samlAssertion = response.getAssertion();
-
- try {
- System.out.println("PB: " + DOMUtils.serializeNode(samlAssertion));
- } catch (TransformerException e) {
- e.printStackTrace();
- }
-
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
IdentityLink identitylink = ilParser.parseIdentityLink();
session.setIdentityLink(identitylink); @@ -225,9 +218,9 @@ public class GetForeignIDServlet extends AuthServlet { }
catch (MOAIDException ex) {
handleError(null, ex, req, resp, pendingRequestID);
- }
- catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ } catch (Exception e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index df93f4d85..f05180932 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -11,7 +11,6 @@ import javax.servlet.http.HttpSession; import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -30,19 +29,21 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.mw.messages.saml.STORKResponse;
-import eu.stork.vidp.messages.util.XMLUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* Endpoint for receiving STORK response messages
*/
public class PEPSConnectorServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
-
+
public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";
-
+
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@@ -77,9 +78,6 @@ public class PEPSConnectorServlet extends AuthServlet { //No authentication session has been started before
Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
- } else {
- //We know user and MOA takes over session handling, invalidate HttpSession
- httpSession.invalidate();
}
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
@@ -89,33 +87,35 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
//extract STORK Response from HTTP Request
- STORKResponse storkResponse = null;
+ //Decodes SAML Response
+ byte[] decSamlToken;
try {
- storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response);
- } catch (STORKException e) {
+ decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+ } catch(NullPointerException e) {
Logger.error("Unable to retrieve STORK Response", e);
throw new MOAIDException("stork.04", null);
}
-
- Logger.info("STORK SAML Response message succesfully extracted");
- Logger.debug("STORK response (pretty print): ");
- Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM()));
- Logger.trace("STORK response (original): ");
- Logger.trace(XMLUtil.printXML(storkResponse.getDOM()));
-
- Logger.debug("Starting validation of SAML response");
- //verify SAML response
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0");
+
+ STORKAuthnResponse authnResponse = null;
try {
- STORKResponseProcessor.verifySTORKResponse(storkResponse);
- } catch (STORKException e) {
+ //validate SAML Token
+ Logger.debug("Starting validation of SAML response");
+ authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ Logger.info("SAML response succesfully verified!");
+ }catch(STORKSAMLEngineException e){
Logger.error("Failed to verify STORK SAML Response", e);
throw new MOAIDException("stork.05", null);
}
-
- Logger.info("SAML response succesfully verified!");
-
- String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue();
-
+
+ Logger.info("STORK SAML Response message succesfully extracted");
+ Logger.debug("STORK response: ");
+ Logger.debug(authnResponse.toString());
+
+ String statusCodeValue = authnResponse.getStatusCode();
+
if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
@@ -136,26 +136,26 @@ public class PEPSConnectorServlet extends AuthServlet { }
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
- Logger.debug("Starting validation of SAML assertion");
- //verify SAML assertion
- Assertion storkAssertion = storkResponse.getAssertions().get(0);
- try {
- STORKResponseProcessor.verifySTORKAssertion(
- storkAssertion, //assertion
- request.getRemoteAddr(), //IP address of user
- storkAuthnRequest.getID(), //ID of STORK AuthnRequest
- request.getRequestURL().toString(), //destination
- HTTPUtils.getBaseURL(request), //audience
- storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
- } catch (STORKException e) {
- Logger.error("Failed to verify STORK SAML Assertion", e);
- throw new MOAIDException("stork.08", null);
- }
-
- Logger.info("SAML assertion succesfully verified!");
-
- Logger.debug("Starting extraction of signedDoc attribute");
+
+// Logger.debug("Starting validation of SAML assertion");
+// //verify SAML assertion
+ Assertion storkAssertion = authnResponse.getAssertions().get(0);
+// try {
+// STORKResponseProcessor.verifySTORKAssertion(
+// storkAssertion, //assertion
+// request.getRemoteAddr(), //IP address of user
+// storkAuthnRequest.getID(), //ID of STORK AuthnRequest
+// request.getRequestURL().toString(), //destination
+// HTTPUtils.getBaseURL(request), //audience
+// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
+// } catch (STORKException e) {
+// Logger.error("Failed to verify STORK SAML Assertion", e);
+// throw new MOAIDException("stork.08", null);
+// }
+//
+// Logger.info("SAML assertion succesfully verified!");
+
+ Logger.debug("Starting extraction of signedDoc attribute");
//extract signed doc element and citizen signature
Element citizenSignature = null;
try {
@@ -175,7 +175,7 @@ public class PEPSConnectorServlet extends AuthServlet { //contact SZR Gateway
IdentityLink identityLink = null;
try {
- identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes());
+ identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList());
} catch (STORKException e) {
Logger.error("Error connecting SZR Gateway", e);
throw new MOAIDException("stork.10", null);
@@ -189,49 +189,28 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.info("Received Identity Link from SZR Gateway");
moaSession.setIdentityLink(identityLink);
- Logger.debug("Adding addtional STORK attributes to MOA assertion");
- //add other stork attributes to MOA assertion
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes());
- moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes);
+ Logger.debug("Adding addtional STORK attributes to MOA session");
+ moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
//We don't have BKUURL, setting from null to "Not applicable"
moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
- Logger.debug("Starting to assemble MOA assertion");
- //produce MOA-Assertion and artifact
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
- Logger.info("MOA assertion assembled and SAML Artifact generated.");
+
+ // free for single use
+ moaSession.setAuthenticatedUsed(false);
+
+ // stork did the authentication step
+ moaSession.setAuthenticated(true);
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
//redirect
String redirectURL = null;
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- /*redirectURL = moaSession.getOAURLRequested();
- if (!moaSession.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = response.encodeRedirectURL(redirectURL);*/
-
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
- } else {
-
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
- }
-
- try {
- AuthenticationSessionStoreage.storeSession(moaSession);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("Session store error", null);
- }
response.setContentType("text/html");
response.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java index f78067b5f..b3a707134 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java @@ -40,11 +40,11 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.exception.SAMLValidationException;
import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
/**
* Verifies the SMAL response according to the STORK specification
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java deleted file mode 100644 index e5c55d038..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java +++ /dev/null @@ -1,165 +0,0 @@ -/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Class handling all necessary functionality for STORK AuthnRequest processing
- *
- * @author bzwattendorfer
- *
- */
-public class STORKAuthnRequestProcessor {
-
- /**
- * Creates a STORK AuthnRequest
- * @param destination Destination URL
- * @param acsURL Assertion Consumer Service URL
- * @param providerName SP Provider Name
- * @param issuerValue Issuer Name
- * @param qaaLevel STORK QAALevel to be requested
- * @param requestedAttributes Requested Attributes to be requested
- * @param spSector Sp Sector
- * @param spInstitution SP Institution
- * @param spApplication SP Application
- * @param spCountry SP Country
- * @param textToBeSigned text to be included in signedDoc element
- * @param mimeType mimeType for the text to be signed in signedDoc
- * @return STORK AuthnRequest
- */
- public static STORKAuthnRequest generateSTORKAuthnRequest(
- String destination,
- String acsURL,
- String providerName,
- String issuerValue,
- QualityAuthenticationAssuranceLevel qaaLevel,
- RequestedAttributes requestedAttributes,
- String spSector,
- String spInstitution,
- String spApplication,
- String spCountry,
- String textToBeSigned,
- String mimeType) {
-
-
- STORKAuthnRequest storkAuthnRequest =
- STORKMessagesBuilder.buildSTORKAuthnRequest(
- destination,
- acsURL,
- providerName,
- issuerValue,
- qaaLevel,
- requestedAttributes,
- spSector,
- spInstitution,
- spApplication,
- spCountry);
-
- STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
-
- Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
-
- return storkAuthnRequest;
-
- }
-
- /**
- * Signs a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthRequest to sign
- * @param keyStorePath KeyStorePath to the signing key
- * @param keyStorePassword KeyStore Password
- * @param keyName Signing key name
- * @param keyPassword Signing key password
- * @return Signed STORK AuthnRequest
- * @throws SAMLException
- */
- public static STORKAuthnRequest signSTORKAuthnRequest(
- STORKAuthnRequest storkAuthnRequest,
- String keyStorePath,
- String keyStorePassword,
- String keyName,
- String keyPassword) throws SAMLException {
-
- Logger.trace("Building Credential Provider for signing process");
-
- CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
-
- Credential credential = credentialProvider.getCredential();
-
- Logger.trace("Credentials found");
-
- SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
-
- return storkAuthnRequest;
- }
-
- /**
- * Validates a STORK AuthnRequest
- * @param storkAuthnRequest STORK AuthnRequest to validate
- * @throws SAMLValidationException
- */
- public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
-
- SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
-
- }
-
- /**
- * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
- * @param request HttpServletRequest
- * @param response HttpServletResponse
- * @param storkAuthnRequest STORK AuthnRequest to send
- * @throws Exception
- */
- public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
-
- Logger.trace("Create endpoint...");
- Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
- endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- endpoint.setLocation(storkAuthnRequest.getDestination());
-
-
- Logger.trace("Prepare SAMLMessageContext...");
- HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());
- BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
- samlMessageContext.setOutboundMessageTransport(outTransport);
- samlMessageContext.setPeerEntityEndpoint(endpoint);
-
- Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
- samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
-
- Logger.trace("Initialize VelocityEngine...");
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-
-// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
- HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
-
- Logger.trace("HTTP-Post encode SAMLMessageContext...");
- encoder.encode(samlMessageContext);
- }
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index a6e595239..664d0cf57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -3,6 +3,7 @@ */
package at.gv.egovernment.moa.id.auth.stork;
+import java.io.ByteArrayInputStream;
import java.util.List;
import java.util.Vector;
@@ -13,7 +14,6 @@ import javax.xml.namespace.QName; import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
@@ -33,16 +33,18 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
+import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
import eu.stork.mw.messages.saml.STORKResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
/**
*
@@ -294,29 +296,41 @@ public class STORKResponseProcessor { }
-
+
+ /**
+ * helper for reading attributes. Handles logging and error handling.
+ *
+ * @param attributeName the attribute name
+ * @param attributeList the attribute list
+ * @return the attribute value
+ * @throws STORKException the sTORK exception
+ */
+ private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException {
+ try {
+ String result = attributeList.get(attributeName).getValue().get(0);
+ Logger.trace(attributeName + " : " + result);
+ return result;
+ } catch(NullPointerException e) {
+ Logger.error(attributeName + " not found in response");
+ throw new STORKException(attributeName + " not found in response");
+ }
+ }
+
/**
* Handels connection to SZR-GW and returns Identity Link on success
- * @param citizenSignature Citizen signature
- * @param attributeList Received attribute List in assertion
+ * @param iPersonalAttributeList Received attribute List in assertion
* @return Identity Link
* @throws STORKException
*/
- public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException {
Logger.trace("Calling SZR Gateway with the following attributes:");
- String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber);
-
- String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);
-
- String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName);
-
- String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH);
- Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth);
-
+ // fetch mandatory attributes
+ String citizenSignature = getAttributeValue("signedDoc", attributeList);
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList);
+ String givenName = getAttributeValue("givenName", attributeList);
+ String lastName = getAttributeValue("surname", attributeList);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
if (!StringUtils.isEmpty(dateOfBirth)) {
dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
}
@@ -325,19 +339,30 @@ public class STORKResponseProcessor { IdentityLink identityLink = null;
try {
Logger.trace("Starting call...");
- response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature);
- if (response.isError()) {
- Logger.error("Receveid ErrorResponse from SZR Gateway.");
- throw new SZRGWClientException(response.getError());
+
+ // do we have a case of representation?
+ try {
+ String representative = getAttributeValue("representative", attributeList);
+ String represented = getAttributeValue("represented", attributeList);
+ String mandate = getAttributeValue("mandateContent", attributeList);
+
+ // if we get here we have a representation case
+ response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
+
+ } catch(STORKException e) {
+ // we do not have a representation case
+ response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
+ }
+
+
+ if (null != response.getErrorResponse()){
+ // TODO fix exception parameter
+ throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
}
else {
- Logger.trace("Receveid Success Response from SZR Gateway.");
- Element samlAssertion = response.getAssertion();
-
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
identityLink = ilParser.parseIdentityLink();
-
Logger.debug("Received Identity Link from SZR Gateway");
//TODO: is this ok?
// if (StringUtils.isEmpty(identityLink.getDateOfBirth())) {
@@ -351,9 +376,9 @@ public class STORKResponseProcessor { } catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
- } catch (at.gv.egovernment.moa.id.client.SZRGWClientException e) {
- Logger.error("Error connecting SZR-Gateway: ", e);
- throw new STORKException("Error connecting SZR-Gateway: ", e);
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
}
return identityLink;
@@ -363,33 +388,29 @@ public class STORKResponseProcessor { /**
* Transforms additional STORK attributes to MOA Extended attributes
- * @param storkAttributeList STORK attribute list
+ * @param iPersonalAttributeList STORK attribute list
* @return
*/
- public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(List<Attribute> storkAttributeList) {
+ public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
+ if(null == iPersonalAttributeList)
+ return moaExtendedSAMLAttributeList;
+
Logger.trace("Adding the following attributes to MOA assertion: ");
int count = 0;
- //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc
- for (Attribute attribute : storkAttributeList) {
- //attribute is not in default returned attribute set
- if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) {
-
- String attributeValue = null;
- if (!attribute.getAttributeValues().isEmpty()) {
- //we have attribute value
- attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0));
- }
- ExtendedSAMLAttribute extendedSAMLAttribute =
- new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
- moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
- count++;
- Logger.trace("Additional attribute: " + attribute.getName());
- }
+
+ for (PersonalAttribute attribute : iPersonalAttributeList) {
+ Object attributeValue = attribute.getValue();
+ if (null == attributeValue)
+ attributeValue = attribute.getComplexValue();
+ ExtendedSAMLAttribute extendedSAMLAttribute =
+ new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
+ moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
+ count++;
+ Logger.trace("Additional attribute: " + attribute.getName());
}
-
Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion.");
return moaExtendedSAMLAttributeList;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index e3457f4de..325bf25a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -39,7 +39,6 @@ import org.apache.commons.httpclient.protocol.Protocol; import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.Text; @@ -254,8 +253,8 @@ public class SZRGWClient { } } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String representative, String represented, String mandateContent) throws SZRGWClientException { String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; try { @@ -299,73 +298,25 @@ public class SZRGWClient { Text text= doc.createTextNode(PEPSDateOfBirth); elem.appendChild(text); } - } - - if (signature == null) - throw new SZRGWClientException("Signature element must not be null!"); - else { - Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); - Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent"); - sig.appendChild(xmlcontent); - Node n = doc.importNode(signature, true); - getIdentityLink.appendChild(sig); - xmlcontent.appendChild(n); - } - - - return doc; - } catch (ParserConfigurationException e) { - throw new SZRGWClientException(e); - } /*catch (CertificateEncodingException e) { - throw new SZRGWClientException(e); - }*/ - - } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - - String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; - - try { - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); - doc.appendChild(getIdentityLink); - - if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { - - Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); - getIdentityLink.appendChild(pepsDataElem); - - if (PEPSIdentifier != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); - pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSIdentifier); - elem.appendChild(text); - } - if (PEPSFirstname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + if (representative != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Representative"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFirstname); + Text text= doc.createTextNode(representative); elem.appendChild(text); - } + } - if (PEPSFamilyname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + if (represented != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Represented"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFamilyname); + Text text= doc.createTextNode(represented); elem.appendChild(text); } - if (PEPSDateOfBirth != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + if (mandateContent != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:MandateContent"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSDateOfBirth); + Text text= doc.createTextNode(mandateContent); elem.appendChild(text); } } @@ -380,7 +331,27 @@ public class SZRGWClient { Text text= doc.createTextNode(signature); base64content.appendChild(text); } - + + if(representative != null && represented != null && mandateContent != null) { + Element mis = doc.createElementNS(SZRGW_NS, "szrgw:MIS"); + Element filters = doc.createElementNS(SZRGW_NS, "szrgw:Filters"); + mis.appendChild(filters); + Element target = doc.createElementNS(SZRGW_NS, "szrgw:Target"); + mis.appendChild(target); + Element friendlyName = doc.createElementNS(SZRGW_NS, "szrgw:OAFriendlyName"); + mis.appendChild(friendlyName); + getIdentityLink.appendChild(mis); + +// TODO fetch data from oa params +// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +// moasessionid = StringEscapeUtils.escapeHtml(moasessionid); +// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); +// Text text = doc.createTextNode(oaParam.getFriendlyName()); + } + return doc; } catch (ParserConfigurationException e) { throw new SZRGWClientException(e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 29f567324..8de47f5f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -88,11 +88,10 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import eu.stork.vidp.messages.common.STORKBootstrap; /** * A class providing access to the Auth Part of the MOA-ID configuration data. - * + * * <p>Configuration data is read from an XML file, whose location is given by * the <code>moa.id.configuration</code> system property.</p> * <p>This class implements the Singleton pattern. The <code>reload()</code> @@ -339,9 +338,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //Initialize OpenSAML for STORK - Logger.info("Starting initialization of OpenSAML..."); - STORKBootstrap.bootstrap(); - Logger.debug("OpenSAML successfully initialized"); +// Logger.info("Starting initialization of OpenSAML..."); +// STORKBootstrap.bootstrap(); +// Logger.debug("OpenSAML successfully initialized"); String legacyconfig = props.getProperty("configuration.xml.legacy"); @@ -431,12 +430,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { ForeignIdentities foreign = auth.getForeignIdentities(); if (foreign == null ) { Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); - - } - //TODO: commented because npe was thrown - //else - //storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); - + } else + storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); //load Chaining modes ChainingModes cm = moaidconfig.getChainingModes(); @@ -1008,4 +1003,4 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return moasp; } -}
\ No newline at end of file +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 3c4234114..60803bb8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; @@ -46,10 +47,6 @@ import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; /** * Configuration parameters belonging to an online application, @@ -78,21 +75,6 @@ public class OAAuthParameter extends OAParameter { this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); } - - /** - * STORK QAA Level, Default = 4 - */ - private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); - - /** - * STORK RequestedAttributes for Online Application - * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth - */ - private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); private String keyBoxIdentifier; @@ -263,6 +245,15 @@ public boolean isOnlyMandateAllowed() { return false; } + /** + * Shall we show the stork login in the bku selection frontend? + * + * @return true, if is we should show stork login + */ + public boolean isShowStorkLogin() { + return oa_auth.getOASTORK().isStorkLogonEnabled(); + } + public Map<String, String> getFormCustomizaten() { TemplatesType templates = oa_auth.getTemplates(); @@ -308,18 +299,15 @@ public Map<String, String> getFormCustomizaten() { return map; } -/** - * @return the qaaLevel - */ -public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; +public Integer getQaaLevel() { + return oa_auth.getOASTORK().getQaa(); } /** * @return the requestedAttributes */ -public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; +public List<OAStorkAttribute> getRequestedAttributes() { + return oa_auth.getOASTORK().getOAAttributes(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 7ef043abe..f5fdbd90a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -14,16 +14,11 @@ import java.util.Map; import java.util.Properties; import java.util.Set; -import org.opensaml.saml2.metadata.RequestedAttribute; import org.w3c.dom.Element; -import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; - import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; @@ -33,8 +28,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName; -import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; @@ -48,13 +41,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; @@ -283,63 +272,6 @@ public class BuildFromLegacyConfig { parseConnectionParameterClientAuth(foreignIDConnectionParameter); auth_foreign.setConnectionParameter(auth_foreign_connection); - //set STORK configuration - STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); - STORK auth_foreign_stork = new STORK(); - auth_foreign.setSTORK(auth_foreign_stork); - - //set CPEPS - Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap(); - Set<String> map_keys = map.keySet(); - List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>(); - for (String key : map_keys) { - CPEPS cpep = new CPEPS(); - cpep.setCountryCode(map.get(key).getCountryCode()); - cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!! - - List<String> cpep_reqs = new ArrayList<String>(); - - List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes(); - for (RequestedAttribute e1 : map1) { - Element element = SAMLUtil.marshallMessage(e1); - cpep_reqs.add(XMLUtil.printXML(element)); - } - cpep.setAttributeValue(cpep_reqs); - auth_foreign_stork_cpeps.add(cpep); - } - auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); - - - //set SAMLSigningParameter - if (storkConfig.getSignatureCreationParameter() != null && - storkConfig.getSignatureVerificationParameter() != null) { - SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); - auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); - - SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); - auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); - KeyStore stork_saml_creat_keystore = new KeyStore(); - stork_saml_creat.setKeyStore(stork_saml_creat_keystore); - stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); - stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); - KeyName stork_saml_creat_keyname = new KeyName(); - stork_saml_creat.setKeyName(stork_saml_creat_keyname); - stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); - stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); - - - - SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); - auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); - stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); - - } - - //TODO: check correctness - //set QualityAuthenticationAssurance - //set RequestedAttbutes - - //set OnlineMandates config ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); if (onlineMandatesConnectionParameter != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 3abc94b02..525c5a24e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -30,8 +30,6 @@ import iaik.utils.RFC2253NameParserException; import java.io.IOException; import java.math.BigInteger; -import java.net.MalformedURLException; -import java.net.URL; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -41,8 +39,6 @@ import java.util.List; import java.util.Map; import java.util.Vector; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.ws.message.encoder.MessageEncodingException; import org.w3c.dom.Attr; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -56,9 +52,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter; import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.legacy.CPEPS; import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter; -import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -66,15 +60,9 @@ import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; /** * A class that builds configuration data from a DOM based representation. @@ -1219,170 +1207,6 @@ public List getTrustedTemplateURLs() { } /** - * Creates a SignatureVerificationParameter object from the MOA-ID configuration - * This configuration object contains the TrustProfile to be used for signature verification (STORK SAML Signature Verification) - * - * @return TrustProfileID for signature verification (STORK SAML Signature Verification) - */ - public SignatureVerificationParameter buildSTORKSignatureVerificationParameter() { - - Logger.debug("Loading STORK signature verification parameters."); - - Element signatureVerificationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER); - if (signatureVerificationParameterElement == null) { - Logger.debug("No STORK verification parameters found, " +AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER + "is missing."); - return null; - } - - SignatureVerificationParameter signatureVerificationParameter = new SignatureVerificationParameter(); - - String trustProfileID = XPathUtils.getElementValue(signatureVerificationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID, null); - if (StringUtils.isEmpty(trustProfileID)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID + "is missing."); - return null; - } - Logger.trace("Using the following MOA-SP TrustProfile for STORK SAML signature verification: " + trustProfileID); - signatureVerificationParameter.setTrustProfileID(trustProfileID); - - Logger.info("STORK signature verification parameters loaded."); - - return signatureVerificationParameter; - } - - /** - * Builds a C-PEPS object from configuration - * @param cpepsElement DOM Element of C-PEPS from configuration - * @return C-PEPS object - */ - public CPEPS buildSTORKCpeps(Element cpepsElement) { - - String countryCode = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE); - String cpepsURLString = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL); - if (StringUtils.isEmpty(countryCode)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE + "is missing."); - return null; - } - if (StringUtils.isEmpty(cpepsURLString)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL + "is missing."); - return null; - } - - URL cpepsURL; - try { - cpepsURL = new URL(cpepsURLString); - } catch (MalformedURLException e) { - Logger.error("Provided CPEPS-URL (" + cpepsURLString + ") for country " + countryCode + " is not a URL", e); - return null; - } - CPEPS cpeps = new CPEPS(countryCode, cpepsURL); - Logger.debug("Adding C-PEPS for country: " + cpeps.getCountryCode() + ", URL: " + cpeps.getPepsURL()); - - Element reqAttributeElement; - NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(cpepsElement, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES); - - while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { - RequestedAttribute requestedAttribute; - try { - requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); - } catch (MessageEncodingException e) { - Logger.error("Provided RequestedAttributes for CPEPS from country " + countryCode + " is malformed.", e); - return null; - } - //only add if STORK attribute is correct - if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { - cpeps.addCountrySpecificRequestedAttribute(requestedAttribute); - Logger.debug("Adding also country specific requested attribute for C-PEPS (" + countryCode + "): " + requestedAttribute.getName() + ", isRequired: " + requestedAttribute.isRequired()); - } else { - Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); - } - - } - - return cpeps; - } - - /** - * Builds the supported C-PEPS Map from configuration - * @return Map of C-PEPS - */ - public Map<String, CPEPS> buildSTORKcPEPSMap() { - - Logger.debug("Loading STORK C-PEPS information"); - - Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); - - NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS); - - Element cpepsElement; - CPEPS cpeps; - - while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) { - cpeps = buildSTORKCpeps(cpepsElement); - if (cpeps != null) { - cpepsMap.put(cpeps.getCountryCode(), cpeps); - } - } - - if(!cpepsMap.isEmpty()) { - Logger.info("STORK C-PEPS information loaded"); - } - - return cpepsMap; - - } - - /** - * Builds the required STORK QAALevel for this OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK QAALevel for this OA - */ - public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) { - Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA); - - if (qaaLevelElement == null) return null; - - try { - QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement); - return qaaLevel; - } catch (MessageEncodingException e) { - Logger.error("Could not build STORK QAALevel, using default."); - return null; - } - - } - - /** - * Builds the Requested Attributes specific for an OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK RequestedAttributes for this OA - */ - public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) { - List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); - - - Element reqAttributeElement; - NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE); - - while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { - RequestedAttribute requestedAttribute; - try { - requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); - } catch (MessageEncodingException e) { - Logger.error("Provided RequestedAttributes Online Application is malformed.", e); - return null; - } - //only add if STORK attribute is correct - if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { - reqAttributeList.add(requestedAttribute); - } else { - Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); - } - } - - return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); - } - - /** * Method warn. * @param messageId to identify a country-specific message * @param parameters for the logger diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java index 3948522c0..7174e05dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java @@ -24,15 +24,6 @@ package at.gv.egovernment.moa.id.config.legacy; -import java.util.ArrayList; - -import org.opensaml.saml2.metadata.RequestedAttribute; - -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; - /** * Configuration parameters belonging to an online application, * to use with the MOA ID Auth component. @@ -129,22 +120,6 @@ public class OAAuthParameter extends OAParameter { */ private String identityLinkDomainIdentifierType; - /** - * STORK QAA Level, Default = 4 - */ - private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); - - /** - * STORK RequestedAttributes for Online Application - * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth - */ - private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); - - /** * Returns <code>true</code> if the Security Layer version is version 1.2, * otherwise <code>false</code>. @@ -464,38 +439,4 @@ public class OAAuthParameter extends OAParameter { return this.mandateProfiles; } - /** - * Returns the defined STORK QAALevel - * @return STORK QAALevel - */ - public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; - } - - /** - * Sets the STORK QAALevel - * @param qaaLevel - */ - public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { - this.qaaLevel = qaaLevel; - } - - /** - * Returns the desired STORK Requested Attributes - * @return STORK Requested Attributes - */ - public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; - } - - /** - * Sets the desired STORK Requested Attributes - * @param requestedAttributes - */ - public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - this.requestedAttributes = requestedAttributes; - } - - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 6a3f4cc9e..95ed628fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -1,9 +1,8 @@ /**
- *
+ *
*/
package at.gv.egovernment.moa.id.config.stork;
-import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
@@ -12,133 +11,91 @@ import java.util.List; import java.util.Map;
import java.util.Properties;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import eu.stork.vidp.messages.util.SAMLUtil;
-import eu.stork.vidp.messages.util.XMLUtil;
-
-import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
-import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
* Encapsulates several STORK configuration parameters according MOA configuration
- *
+ *
* @author bzwattendorfer
*
*/
public class STORKConfig {
-
+
/** STORK SAML signature creation parameters */
private Properties props = null;
private Map<String, CPEPS> cpepsMap = null;
private String basedirectory = null;
private SignatureVerificationParameter sigverifyparam = null;
-
-
+ private List<StorkAttribute> attr = null;
+
+
public STORKConfig(STORK stork, Properties props, String basedirectory) {
this.basedirectory = basedirectory;
this.props = props;
-
+
//create CPEPS map
List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
cpepsMap = new HashMap<String, CPEPS>();
-
+
for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
-
+
try {
CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
-
- List<String> attr = cpep.getAttributeValue();
-
- ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
-
- for (String e1 : attr) {
- Element element = XMLUtil.stringToDOM(e1);
- RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
- requestedAttributes.add(requestedAttribute);
- }
- moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
-
+
cpepsMap.put(cpep.getCountryCode(), moacpep);
-
+
} catch (MalformedURLException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ cpep.getCountryCode() + " has an invalid URL and is ignored.");
- } catch (ParserConfigurationException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (SAXException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (IOException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
- } catch (MessageEncodingException e) {
- Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
- + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
}
}
- SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
-
- if (samlsign == null) {
- Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
- } else {
- SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
-
- if (sigverify == null) {
- Logger.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
-
- } else {
- sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID());
- }
+ attr = new ArrayList<StorkAttribute>();
+ for(StorkAttribute current : stork.getAttributes()) {
+ attr.add(current);
}
-
+
}
public SignatureCreationParameter getSignatureCreationParameter() {
-
+
return new SignatureCreationParameter(props, basedirectory);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
-
- return sigverifyparam;
+
+ return sigverifyparam;
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
+
public boolean isSTORKAuthentication(String ccc) {
-
+
if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
return false;
-
+
if (this.cpepsMap.containsKey(ccc.toUpperCase()))
return true;
else
return false;
-
+
}
-
+
public CPEPS getCPEPS(String ccc) {
if (isSTORKAuthentication(ccc))
return this.cpepsMap.get(ccc);
else
return null;
}
-
+ public List<StorkAttribute> getStorkAttributes() {
+ return attr;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java index c744abdf5..495f5f0db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -15,8 +15,8 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.vidp.messages.util.XMLUtil; public class SAMLVerifierMOASP implements ISAMLVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index fa9dbe990..bf353bce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -1,12 +1,17 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -48,6 +53,15 @@ public class GetArtifactAction implements IAction { oaParam, target); + // add other stork attributes to MOA assertion if available + if(null != session.getStorkAttributes()) { + List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes()); + session.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); + //produce MOA-Assertion and artifact + AuthenticationServer.getInstance().getForeignAuthenticationData(session); + Logger.info("MOA assertion assembled and SAML Artifact generated."); + } + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java index e8af82872..9de1e8d88 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java @@ -24,6 +24,9 @@ public class FormBuildUtils { private static String MANDATEVISIBLE = "#MANDATEVISIBLE#"; private static String MANDATECHECKED = "#MANDATECHECKED#"; + + private static String STORKVISIBLE = "#STORKVISIBLE#"; + private static final String TEMPLATEVISIBLE = " display: none"; private static final String TEMPLATEDISABLED = "disabled=\"true\""; private static final String TEMPLATECHECKED = "checked=\"true\""; @@ -52,7 +55,8 @@ public class FormBuildUtils { public static String customiceLayoutBKUSelection(String value, boolean isShowMandateCheckbox, - boolean isOnlyMandateAllowed, Map<String, String> map) { + boolean isOnlyMandateAllowed, + Map<String, String> map, boolean showStorkLogin) { if (isShowMandateCheckbox) value = value.replace(MANDATEVISIBLE, ""); @@ -67,6 +71,11 @@ public class FormBuildUtils { } else value = value.replace(MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); + if (showStorkLogin) + value = value.replace(STORKVISIBLE, ""); + else + value = value.replace(STORKVISIBLE, TEMPLATEVISIBLE); + String fonttype = map.get(FONTFAMILY); if (MiscUtil.isNotEmpty(fonttype)) { String[] fonttypeList = fonttype.split(","); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java new file mode 100644 index 000000000..d87d510fa --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java @@ -0,0 +1,143 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * Helper class for XML processing
+ * @author bzwattendorfer
+ *
+ */
+public class XMLUtil {
+
+ /**
+ * Transforms a string representation to a DOM representation
+ * @param xmlString XML as string
+ * @return DOM representation of String
+ * @throws ParserConfigurationException
+ * @throws SAXException
+ * @throws IOException
+ */
+ public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+
+ Reader reader = new StringReader(xmlString);
+ InputSource src = new InputSource(reader);
+ Document domDoc = builder.parse(src);
+ return domDoc.getDocumentElement();
+ }
+
+ /**
+ * Creates a new and empty XML document
+ * @return New XML document
+ * @throws ParserConfigurationException
+ */
+ public static Document createNewDocument() throws ParserConfigurationException {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ return builder.newDocument();
+ }
+
+ /**
+ * Transforms an XML to a String
+ * @param node XML node
+ * @return String represenation of XML
+ */
+ public static String printXML(Node node) {
+ TransformerFactory tfactory = TransformerFactory.newInstance();
+ Transformer serializer;
+ try {
+ serializer = tfactory.newTransformer();
+
+ serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8");
+
+ StringWriter output = new StringWriter();
+ serializer.transform(new DOMSource(node), new StreamResult(output));
+ return output.toString();
+ } catch (TransformerException e) {
+
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Writes an XML element to a given file
+ * @param doc XML element
+ * @param filename Filename of the file where to write XML
+ */
+ public static void writeXmlFile(Element doc, String filename) {
+ try {
+
+ Source source = new DOMSource(doc);
+ File file = new File(filename);
+ Result result = new StreamResult(file);
+
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, result);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Gets the first text value of a NodeList
+ * @param nList NodeList
+ * @return first text value of a NodeList
+ */
+ public static String getFirstTextValueFromNodeList(NodeList nList) {
+ if (nList != null && nList.getLength() != 0) {
+ return nList.item(0).getTextContent();
+ }
+ return null;
+ }
+
+ /**
+ * Gets the first element of a Node
+ * @param parent Node
+ * @return first element of a Node
+ */
+ public static Element getFirstElement(Node parent) {
+ Node n = parent.getFirstChild();
+ while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
+ n = n.getNextSibling();
+ }
+ if (n == null) {
+ return null;
+ }
+ return (Element)n;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 801a2dbf1..e28a67d75 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -424,11 +424,6 @@ text-align: right; } - #stork { - margin-bottom: 10px; - margin-top: 5px; - } - #mandateLogin { padding-bottom: 4%; padding-top: 4%; @@ -812,32 +807,26 @@ </p--> </form> </div> - - <!-- <div id="stork" align="center"> - <div id="leftcontent" style="margin-bottom:10px"> - <h2 id="tabheader" class="dunkel"> - Home Country Selection - </h2> - </div> - <p> - <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > - <option value="BE">België/Belgique</option> - <option value="EE">Eesti</option> - <option value="ES">España</option> - <option value="IS">Ísland</option> - <option value="IT">Italia</option> - <option value="LI">Liechtenstein</option> - <option value="LT">Lithuania</option> - <option value="PT">Portugal</option> - <option value="SI">Slovenija</option> - <option value="FI">Suomi</option> - <option value="SE">Sverige</option> - </select> - <button name="bkuButton" type="button" onClick="storkClicked();">Send</button> - <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> - </p> - </div> - </div> --> + <div id="stork" align="center" style="#STORKVISIBLE#"> + <h2 id="tabheader" class="dunkel">Home Country Selection</h2> + <p> + <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > + <option value="BE">België/Belgique</option> + <option value="EE">Eesti</option> + <option value="ES">España</option> + <option value="IS">Ísland</option> + <option value="IT">Italia</option> + <option value="LI">Liechtenstein</option> + <option value="LT">Lithuania</option> + <option value="PT">Portugal</option> + <option value="SI">Slovenija</option> + <option value="FI">Suomi</option> + <option value="SE">Sverige</option> + </select> + <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button> + <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> + </p> + </div> <div id="metroDetected" style="display:none"> <p>Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können. diff --git a/id/server/idserverlib/src/main/resources/resources/templates/saml2-post-binding-moa.vm b/id/server/idserverlib/src/main/resources/resources/templates/saml2-post-binding-moa.vm new file mode 100644 index 000000000..cac0bda76 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/saml2-post-binding-moa.vm @@ -0,0 +1,38 @@ +## +## Velocity Template for SAML 2 HTTP-POST binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## RelayState - String - the relay state for the message +## SAMLRequest - String - the Base64 encoded SAML Request +## SAMLResponse - String - the Base64 encoded SAML Response +## Contains target attribute to delegate PEPS authentication out of iFrame + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + + <body onload="document.forms[0].submit()"> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support JavaScript, + you must press the Continue button once to proceed. + </p> + </noscript> + + <form action="${action}" method="post" target="_parent"> + <div> + #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end + + #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end + + #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end + + </div> + <noscript> + <div> + <input type="submit" value="Continue"/> + </div> + </noscript> + </form> + + </body> +</html>
\ No newline at end of file |