diff options
Diffstat (limited to 'id/server/modules')
10 files changed, 403 insertions, 49 deletions
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java index 1c1cbb723..a7d7b9759 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java @@ -33,7 +33,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.monitoring.TestManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,7 +54,7 @@ public class MonitoringServlet extends AuthServlet { throws ServletException, IOException { try { - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); if (config.isMonitoringActive()) { Logger.debug("Monitoring Servlet received request"); diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index a08ef5f0c..9896f2454 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -29,14 +29,12 @@ import java.util.List; import org.hibernate.Query; import org.hibernate.Session; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -47,7 +45,7 @@ public class DatabaseTestModule implements TestModuleInterface{ List<String> errors = new ArrayList<String>(); - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); String error = testMOAConfigurationDatabase(); if (MiscUtil.isNotEmpty(error)) @@ -95,10 +93,9 @@ public class DatabaseTestModule implements TestModuleInterface{ private String testMOAConfigurationDatabase() throws Exception{ - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - ConfigurationDBUtils.closeSession(); - - if (moaidconfig == null) + String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + + if (MiscUtil.isEmpty(publicURLPreFix)) return ("MOA-ID 2.x configuration can not be loaded from Database."); return null; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index b5220914c..824791797 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -37,7 +37,8 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.logging.Logger; @@ -61,13 +62,13 @@ public class IdentityLinkTestModule implements TestModuleInterface { public List<String> performTests() throws Exception{ Logger.trace("Start MOA-ID IdentityLink Test"); - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); IdentityLinkValidator.getInstance().validate(identityLink); // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, config - .getMoaSpIdentityLinkTrustProfileID()); + .getMoaSpIdentityLinkTrustProfileID(false)); // invokes the call Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 84581abe8..3c2b143b3 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -28,7 +28,8 @@ import java.util.List; import java.util.Map; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -47,7 +48,7 @@ public class TestManager { private TestManager() throws ConfigurationException { - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); //add Database test DatabaseTestModule test1 = new DatabaseTestModule(); diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java index 702e62fa0..939390847 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
@@ -54,6 +54,8 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList; public abstract class AbstractPepsConnectorWithLocalSigningTask extends AbstractAuthServletTask {
+ public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnectorWithLocalSigning";
+
String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException,
TransformerConfigurationException, UtilsException, TransformerException,
TransformerFactoryConfigurationError, IOException, ApiUtilsException {
@@ -77,7 +79,7 @@ public abstract class AbstractPepsConnectorWithLocalSigningTask extends Abstract Logger.debug("fetching OAParameters from database");
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(
moaSession.getPublicOAURLPrefix());
if (oaParam == null)
throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index 021ee62cf..06dfc95d3 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -2,13 +2,49 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.math.BigInteger;
+import java.net.URL;
+import java.security.NoSuchAlgorithmException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.IdentifierGenerator;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.w3c.dom.DOMException;
+
+import eu.stork.oasisdss.api.AdditionalProfiles;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.Profiles;
+import eu.stork.oasisdss.api.QualityLevels;
+import eu.stork.oasisdss.api.SignatureTypes;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.profile.AnyType;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -16,13 +52,24 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventLog;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -78,12 +125,16 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { }
AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
+ IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
if (StringUtils.isEmpty(moasession.getCcc())) {
// illegal state; task should not have been executed without a selected country
throw new AuthenticationException("stork.22", new Object[] { sessionID });
+
}
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+ MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED);
+
+ STORKConfig storkConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig();
if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) {
throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID });
}
@@ -95,7 +146,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
- AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+ startSTORKAuthentication(req, resp, moasession, pendingReq);
} catch (MOAIDException ex) {
throw new TaskExecutionException(ex.getMessage(), ex);
@@ -107,8 +158,290 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { }
finally {
- ConfigurationDBUtils.closeSession();
+
}
}
+
+ /**
+ * Starts a MOA-ID authentication process using STORK
+ *
+ * @param req HttpServletRequest
+ * @param resp HttpServletResponse
+ * @param pendingReq
+ * @param ccc Citizen country code
+ * @param oaURL URL of the online application
+ * @param target Target parameter
+ * @param targetFriendlyName Friendly Name of Target
+ * @param authURL Authentication URL
+ * @param sourceID SourceID parameter
+ * @throws MOAIDException
+ * @throws AuthenticationException
+ * @throws WrongParametersException
+ * @throws ConfigurationException
+ */
+ public void startSTORKAuthentication(
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ AuthenticationSession moasession, IRequest pendingReq) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
+
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[]{});
+ }
+
+ //read configuration paramters of OA
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()});
+
+ //Start of STORK Processing
+ STORKConfig storkConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig();
+
+ CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+
+ Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:");
+ String destination = cpeps.getPepsURL().toExternalForm();
+ Logger.debug("C-PEPS URL: " + destination);
+
+
+ String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ // String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
+ // PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
+
+
+ String providerName = oaParam.getFriendlyName();
+ Logger.debug("Issuer value: " + issuerValue);
+
+ // prepare collection of required attributes
+ // - attributes for online application
+ Collection<StorkAttribute> attributesFromConfig = oaParam.getRequestedSTORKAttributes();
+
+ // - prepare attribute list
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+
+ // - fill container
+ for (StorkAttribute current : attributesFromConfig) {
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(current.getName());
+
+ boolean globallyMandatory = false;
+ for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes())
+ if (current.getName().equals(currentGlobalAttribute.getName())) {
+ globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+ break;
+ }
+
+ newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
+ attributeList.add(newAttribute);
+ }
+
+ // add sign request
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName("signedDoc");
+ newAttribute.setIsRequired(true);
+ List<String> value = new ArrayList<String>();
+
+ Logger.debug("PEPS supports XMLSignatures:"+cpeps.isXMLSignatureSupported());
+ String acsURL;
+ if(cpeps.isXMLSignatureSupported())//Send SignRequest to PEPS
+ {
+ //solve Problem with sessionIDs
+ acsURL = issuerValue + PepsConnectorTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+ value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession),
+ "application/xhtml+xml", moasession.getCcc()));
+ newAttribute.setValue(value);
+ attributeList.add(newAttribute);
+
+ // TODO[branch]: STORK AuthReq CPEPS acsURL "/PEPSConnector"
+ }
+ else//Process SignRequest locally with MOCCA
+ {
+ String target = moasession.getTarget();
+ moasession.setTarget("AT");
+ String signedDoc = (generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession),
+ "application/xhtml+xml", "AT"));//moasession.getCcc()
+ moasession.setTarget(target);
+ Logger.warn("signedDoc to store:"+signedDoc);
+ //attributeList.add(newAttribute);
+
+ //store SignRequest for later...
+ moasession.setSignedDoc(signedDoc);
+
+ acsURL = issuerValue + AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+ // TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning"
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ }
+ Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
+
+ if (Logger.isDebugEnabled()) {
+ Logger.debug("The following attributes are requested for this OA:");
+ for (StorkAttribute logReqAttr : attributesFromConfig)
+ Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.getMandatory());
+ }
+
+ //TODO: check Target in case of SSO!!
+ String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
+ String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
+ String spApplication = spInstitution;
+ String spCountry = "AT"; // intentionally set AT - the flow is limited on that use case only
+
+ //generate AuthnRquest
+ STORKAuthnRequest authnRequest = new STORKAuthnRequest();
+ authnRequest.setDestination(destination);
+ authnRequest.setAssertionConsumerServiceURL(acsURL);//PEPSConnectorWithLocalSigning
+ authnRequest.setProviderName(providerName);
+ authnRequest.setIssuer(issuerValue);
+ authnRequest.setQaa(oaParam.getQaaLevel());
+ authnRequest.setSpInstitution(spInstitution);
+ authnRequest.setSpCountry(spCountry);
+ authnRequest.setSpApplication(spApplication);
+ authnRequest.setSpSector(spSector);
+ authnRequest.setPersonalAttributeList(attributeList);
+
+ //TODO change
+ authnRequest.setEIDCrossBorderShare(true);
+ authnRequest.setEIDCrossSectorShare(true);
+ authnRequest.setEIDSectorShare(true);
+
+ authnRequest.setCitizenCountryCode(moasession.getCcc());
+
+ Logger.debug("STORK AuthnRequest succesfully assembled.");
+ STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing");
+
+ if (samlEngine == null) {
+ Logger.error("Could not initalize STORK SAML engine.");
+ throw new MOAIDException("stork.00", null);
+ }
+
+ try {
+ authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Could not sign STORK SAML AuthnRequest.", e);
+ throw new MOAIDException("stork.00", null);
+ }
+
+ Logger.info("STORK AuthnRequest successfully signed!");
+
+ //validate AuthnRequest
+ try {
+ samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml());
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("STORK SAML AuthnRequest not valid.", e);
+ throw new MOAIDException("stork.01", null);
+ }
+
+ Logger.debug("STORK AuthnRequest successfully internally validated.");
+
+ //send
+ moasession.setStorkAuthnRequest(authnRequest);
+
+ // do PEPS-conform logging for easier evaluation
+ try {
+ // 2015-03-12 16:44:27.144#S-PEPS receives request from SP#spurl#spepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1#
+ Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives request from SP#" +
+ moasession.getPublicOAURLPrefix() + "#" + issuerValue + "#" + spApplication + "#" +
+ new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() +
+ "#_hash_#" + moasession.getProcessInstanceId() + "#");
+ } catch (Exception e1) {
+ Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage());
+ }
+
+ AuthenticationSessionStoreage.changeSessionID(moasession, authnRequest.getSamlId());
+
+
+ Logger.info("Preparing to send STORK AuthnRequest.");
+ Logger.info("prepared STORKAuthnRequest: ");
+ Logger.info(new String(authnRequest.getTokenSaml()));
+
+ try {
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm");
+ VelocityContext context = new VelocityContext();
+ context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()));
+ context.put("RelayState", moasession.getSessionID());
+ context.put("action", destination);
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ // TODO[branch]: SAML2 Form Submit to CPEPS, response to acsURL Servlet
+
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+
+ } catch (Exception e) {
+ Logger.error("Error sending STORK SAML AuthnRequest.", e);
+ throw new MOAIDException("stork.02", new Object[]{destination});
+
+ }
+
+ Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination());
+ MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getDestination());
+
+ // do PEPS-conform logging for easier evaluation
+ try {
+ // 2015-03-12 16:44:27.144#S-PEPS generates request to C-PEPS#spepsurl#cpepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1#id2#
+ Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates request to C-PEPS#" +
+ issuerValue + "#" + destination + "#" + spApplication + "#" +
+ new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() +
+ "#_hash_#" + moasession.getProcessInstanceId() + "#" + authnRequest.getSamlId() + "#");
+ } catch (Exception e1) {
+ Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage());
+ }
+ }
+
+ private String generateDssSignRequest(String text, String mimeType, String citizenCountry) {
+ IdentifierGenerator idGenerator;
+ try {
+ idGenerator = new SecureRandomIdentifierGenerator();
+
+ DocumentType doc = new DocumentType();
+ doc.setBase64XML(text.getBytes("UTF-8"));
+ doc.setID(idGenerator.generateIdentifier());
+
+ SignRequest request = new SignRequest();
+ request.setInputDocuments(ApiUtils.createInputDocuments(doc));
+
+ String id = idGenerator.generateIdentifier();
+ request.setRequestID(id);
+ request.setDocUI(id);
+
+ request.setProfile(Profiles.XADES_BES.toString());
+ request.setNumberOfSigners(BigInteger.ONE);
+ request.setTargetCountry(citizenCountry);
+
+ // no, no todo. PEPS will alter this value anyhow.
+ request.setReturnURL("http://invalid_return");
+
+ AnyType required = new AnyType();
+ required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString()));
+ required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString()));
+ required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG));
+ required.getAny().add(ApiUtils.createIncludeObject(doc));
+ request.setOptionalInputs(required);
+
+ return IOUtils.toString(ApiUtils.marshalToInputStream(request));
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Cannot generate id", e);
+ throw new RuntimeException(e);
+ } catch (ApiUtilsException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
+ } catch (DOMException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
+ } catch (IOException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
+ }
+ }
}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java index 1ae66f24e..a631489be 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java @@ -17,6 +17,8 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -24,13 +26,16 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.Base64Utils;
import eu.stork.oasisdss.api.ApiUtils;
import eu.stork.oasisdss.profile.SignResponse;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
@@ -112,8 +117,10 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
Logger.info("pendingRequestID:" + pendingRequestID);
- String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8");
+ String signResponseString = new String(Base64Utils.decode(signResponse, false), "UTF8");
Logger.info("RECEIVED signresponse:" + signResponseString);
// create SignResponse object
Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
@@ -182,6 +189,9 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec Logger.debug("Add full STORK AuthnResponse to MOA session");
moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
// authnResponse?
+
+ MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED);
+
moaSession.setForeigner(true);
// session is implicit stored in changeSessionID!!!!
@@ -211,7 +221,7 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec }
finally {
- ConfigurationDBUtils.closeSession();
+
}
}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index aff69aa9c..d16719b3b 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -5,6 +5,7 @@ import iaik.x509.X509Certificate; import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
@@ -26,18 +27,18 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.StringUtils;
import eu.stork.oasisdss.api.ApiUtils;
import eu.stork.oasisdss.profile.SignRequest;
@@ -288,19 +289,19 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
// signRequest
- String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
String acsURL = issuerValue
- + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+ + AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
String url = acsURL + "?moaSessionID=" + newMOASessionID;
// redirect to OASIS module and sign there
boolean found = false;
try {
- List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance()
+ Collection<StorkAttributeProviderPlugin> aps = AuthConfigurationProviderFactory.getInstance()
.getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs();
Logger.info("Found AttributeProviderPlugins:" + aps.size());
- for (AttributeProviderPlugin ap : aps) {
+ for (StorkAttributeProviderPlugin ap : aps) {
Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes());
if (ap.getAttributes().equalsIgnoreCase("signedDoc")) {
// FIXME: A servlet's class field is not thread safe!!!
@@ -411,7 +412,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep }
finally {
- ConfigurationDBUtils.closeSession();
+
}
}
@@ -431,7 +432,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class);
signRequest.setReturnURL("TODO");
signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest));
- context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8")));
+ context.put("signrequest", Base64Utils.encode(signRequestString.getBytes("UTF8")));
context.put("clienturl", url);
context.put("action", oasisDssWebFormURL);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index b89571fde..01dad4ebb 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -30,10 +30,11 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.saml2.core.StatusCode;
-import org.springframework.format.datetime.DateFormatter;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -43,13 +44,15 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -63,10 +66,8 @@ import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.xmldsig.SignatureType;
import at.gv.util.xsd.xmldsig.X509DataType;
import eu.stork.documentservice.DocumentService;
-import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl;
import eu.stork.oasisdss.api.ApiUtils;
import eu.stork.oasisdss.api.LightweightSourceResolver;
-import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
import eu.stork.oasisdss.profile.DocumentType;
import eu.stork.oasisdss.profile.DocumentWithSignature;
import eu.stork.oasisdss.profile.SignResponse;
@@ -122,6 +123,8 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; */
public class PepsConnectorTask extends AbstractAuthServletTask {
+ public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";
+
public PepsConnectorTask() {
super();
@@ -219,7 +222,8 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
+ IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
// load MOASession from database
AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
// change MOASessionID
@@ -245,7 +249,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { throw new MOAIDException("stork.07", null);
}
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
if (oaParam == null)
throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
@@ -341,7 +345,9 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // ////////////////////////////////////////////////////////////////////////
- AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED);
+
+ AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
String citizenSignature = null;
if(config.isStorkFakeIdLActive() && config.getStorkNoSignatureCountries().contains(storkAuthnRequest.getCitizenCountryCode()) && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) {
Logger.debug("signedDoc extraction skipped due to configuration");
@@ -559,6 +565,8 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.error("SZR Gateway did not return an identity link.");
throw new MOAIDException("stork.10", null);
}
+
+ MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
moaSession.setForeigner(true);
Logger.info("Received Identity Link from SZR Gateway");
@@ -631,7 +639,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { }
finally {
- ConfigurationDBUtils.closeSession();
+
}
}
@@ -740,7 +748,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { private String getdtlUrl() {
String dtlUrl;
try {
- AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance();
+ AuthConfiguration authConfigurationProvider = AuthConfigurationProviderFactory.getInstance();
dtlUrl = authConfigurationProvider.getDocumentServiceUrl();
Logger.info ("PEPSConnectorServlet, using dtlUrl:"+dtlUrl);
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index e9234a62f..1ca5b3835 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>2.x</version> + <version>3.x</version> </parent> <groupId>MOA.id.server.modules</groupId> |