diff options
Diffstat (limited to 'id/server/modules/module-stork/src/main/java')
7 files changed, 360 insertions, 11 deletions
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index 06dfc95d3..a8792cd8f 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -43,9 +43,8 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -62,7 +61,6 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventLog;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -123,7 +121,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
}
- AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
+ AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID);
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java index a631489be..7b9fa3f12 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java @@ -19,7 +19,7 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -112,7 +112,7 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec try {
// load MOASession from database
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+ AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID);
// change MOASessionID
moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index d16719b3b..304e5f495 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -21,7 +21,7 @@ import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.core.StatusCode;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -187,7 +187,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
// load MOASession from database
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+ AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID);
// change MOASessionID
moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 01dad4ebb..b505605ab 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -35,7 +35,8 @@ import org.w3c.dom.Node; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+
+import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
@@ -225,7 +226,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
// load MOASession from database
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+ AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID);
// change MOASessionID
moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java new file mode 100644 index 000000000..79641d085 --- /dev/null +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java @@ -0,0 +1,64 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/** + * + */ +package at.gv.egovernment.moa.id.auth.stork; + + +/** + * Exception thrown if error occurs in STORK processing + * @author bzwattendorfer + * + */ +public class STORKException extends Exception{ + + /** + * + */ + private static final long serialVersionUID = 1L; + + public STORKException() { + super(); + + } + + public STORKException(String message, Throwable cause) { + super(message, cause); + + } + + public STORKException(String message) { + super(message); + + } + + public STORKException(Throwable cause) { + super(cause); + + } + + + + +} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java new file mode 100644 index 000000000..65a3637a9 --- /dev/null +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -0,0 +1,286 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/** + * + */ +package at.gv.egovernment.moa.id.auth.stork; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.List; +import java.util.Vector; + +import javax.activation.DataSource; +import javax.xml.transform.Source; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.stream.StreamSource; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.StringEscapeUtils; + +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.client.SZRGWClientException; +import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.UtilsException; +import eu.stork.oasisdss.profile.SignResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; + +/** + * + * Handles all functionality for the processing of a STORK response + * @author bzwattendorfer + * + */ +public class STORKResponseProcessor { + + /** OASIS DSS Namespace */ + public static final String OASIS_DSS_NS = "urn:oasis:names:tc:dss:1.0:core:schema"; + + /** OASIS DSS Success Message */ + public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success"; + + /** + * Checks for attribute. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return true, if successful + */ + public static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) { + try { + getAttributeValue(attributeName, attributeList); + return true; + } catch(STORKException e) { + return false; + } + } + + /** + * helper for reading attributes. Handles logging and error handling. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return the attribute value + * @throws STORKException the sTORK exception + */ + private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException { + return getAttributeValue(attributeName, attributeList, true); + } + public static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList, boolean throwException) throws STORKException { + try { + String result = attributeList.get(attributeName).getValue().get(0); + Logger.trace(attributeName + " : " + result); + return result; + } catch(Exception e) { + Logger.error(attributeName + " not found in response"); + if(throwException) + throw new STORKException(attributeName + " not found in response"); + else + return null; + } + } + + /** + * Handels connection to SZR-GW and returns Identity Link on success. + * + * @param attributeList the attribute list + * @param oaFriendlyName the oa friendly name + * @param targetType the target type + * @param targetValue the target value + * @param filters the filters + * @param citizenSignature2 + * @return Identity Link + * @throws STORKException the sTORK exception + * @throws MOAIDException + */ + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters, String citizenSignature) throws STORKException, MOAIDException { + Logger.trace("Calling SZR Gateway with the following attributes:"); + + CreateIdentityLinkResponse identityLinkResponse = null; + IdentityLink identityLink = null; + try { + Logger.trace("Starting call..."); + + // if there is no signedDoc attribute, we cannot go on + if(citizenSignature==null || citizenSignature.length()==0) + { + String signResponseString = getAttributeValue("signedDoc", attributeList); + + //Extract signature from SIgnResponse + Source response1 = new StreamSource(new java.io.StringReader(signResponseString)); + SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class); + citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); + } + + String fiscalNumber = getAttributeValue("fiscalNumber", attributeList, false); + + // if we have a signedDoc we test for a representation case + // - according to stork samlengine and commons + if(hasAttribute("mandate", attributeList)) { + // we have a representation case + String mandate = getAttributeValue("mandate", attributeList, false); + + if(!hasAttribute("dateOfBirth", attributeList)) { + // if we get here, we have a natural person representing a legal person + String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList, false); + String organizationType = getAttributeValue("translateableType", attributeList, false); + + identityLinkResponse = SZRGWClientUtils.getIdentityLink(citizenSignature, null, null, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); + } else { + // if we get here, we have a natural person representing another natural person + String eIdentifier = getAttributeValue("eIdentifier", attributeList, false); + String givenName = getAttributeValue("givenName", attributeList, false); + String lastName = getAttributeValue("surname", attributeList, false); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false); + + // gender attribute is mandatory here because of some legal stuff + String gender = getAttributeValue("gender", attributeList, false); + + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); + + identityLinkResponse = SZRGWClientUtils.getIdentityLink(eIdentifier, + givenName, lastName, dateOfBirth, gender, citizenSignature, null, + null, mandate, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); + } + } + // - according to stork spec + else if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) { + // we have a representation case + String representative = getAttributeValue("representative", attributeList, false); + String represented = getAttributeValue("represented", attributeList, false); + String mandate = getAttributeValue("mandateContent", attributeList, false); + + if(!hasAttribute("dateOfBirth", attributeList)) { + // if we get here, we have a natural person representing a legal person + String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList, false); + String organizationType = getAttributeValue("translateableType", attributeList, false); + + identityLinkResponse = SZRGWClientUtils.getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); + } else { + // if we get here, we have a natural person representing another natural person + String eIdentifier = getAttributeValue("eIdentifier", attributeList, false); + String givenName = getAttributeValue("givenName", attributeList, false); + String lastName = getAttributeValue("surname", attributeList, false); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false); + + // gender attribute is mandatory here because of some legal stuff + String gender = getAttributeValue("gender", attributeList, false); + + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); + + identityLinkResponse = SZRGWClientUtils.getIdentityLink(eIdentifier, + givenName, lastName, dateOfBirth, gender, citizenSignature, representative, + represented, mandate, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); + } + } else { + // we do not have a representation case + String eIdentifier = getAttributeValue("eIdentifier", attributeList, false); + String givenName = getAttributeValue("givenName", attributeList, false); + String lastName = getAttributeValue("surname", attributeList, false); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false); + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); + identityLinkResponse = SZRGWClientUtils.getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, fiscalNumber); + } + + if (null != identityLinkResponse.getErrorResponse()){ + throw new SZRGWClientException("service.08", (String)identityLinkResponse.getErrorResponse().getErrorCode(), + (String)identityLinkResponse.getErrorResponse().getInfo()); + } + else { + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink())); + identityLink = ilParser.parseIdentityLink(); + + Logger.debug("Received Identity Link from SZR Gateway"); + //TODO: is this ok? +// if (StringUtils.isEmpty(identityLink.getDateOfBirth())) { +// identityLink.setDateOfBirth("9999-12-31"); +// } + + } + + } catch (ParseException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (ApiUtilsException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (IllegalArgumentException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (TransformerConfigurationException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (UtilsException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (TransformerException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (TransformerFactoryConfigurationError e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (IOException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } + + return identityLink; + + } + + private static String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException + { + // fetch signed doc + DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse); + if(ds == null){ + throw new ApiUtilsException("No datasource found in response"); + } + + InputStream incoming = ds.getInputStream(); + String citizenSignature = IOUtils.toString(incoming); + incoming.close(); + + return citizenSignature; + } + +} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 59db5797d..4d3c01bee 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; @@ -36,7 +37,6 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; |