diff options
Diffstat (limited to 'id/server')
3 files changed, 67 insertions, 87 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d77119f4a..5ae3d8e47 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1733,53 +1733,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {  				CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());  				return response; -				 -				 -//		    	client.setAddress(connectionParameters.getUrl()); -//		    	if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { -//		    		Logger.debug("Initialisiere SSL Verbindung"); -//		    		try { -//		    			client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); -//		    		} catch (IOException e) { -//		    			Logger.error("Could not initialize SSL Factory", e); -//		    			throw new SZRGWClientException("Could not initialize SSL Factory"); -//		    		} catch (GeneralSecurityException e) { -//		    			Logger.error("Could not initialize SSL Factory", e); -//		    			throw new SZRGWClientException("Could not initialize SSL Factory"); -//		    		} catch (PKIException e) { -//		    			Logger.error("Could not initialize SSL Factory", e); -//		    			throw new SZRGWClientException("Could not initialize SSL Factory"); -//		    		}  -//		    	}  		    }  		    catch (ConfigurationException e) {  		    	Logger.warn(e);  		    	Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));  			} -//		    // create request -//		    CreateIdentityLinkResponse response = null; -//		    Element request = null; -//		    try { -//		    	Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature); -//		    	request = doc.getDocumentElement(); -//		    	 -//		    	// send request -//		    	response = client.createIdentityLinkResponse(request, connectionParameters.getUrl()); -//		    -//		     -//		     -//		    } catch (SZRGWClientException e) { -//		    	// 	give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. -////		    	try { -////		    		response = client.createIdentityLinkResponse(request); -////		    	}  -////		    	catch (SZRGWClientException e1) { -////		    		throw new SZRGWClientException(e1); -////		    	} -//		    } -	         -		      		    return null;  	  } @@ -1811,6 +1770,24 @@ public class AuthenticationServer implements MOAIDAuthConstants {  	public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {  		return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null);  	} + +	/** +	 * Gets the identity link. +	 * +	 * @param citizenSignature the citizen signature +	 * @param representative the representative +	 * @param represented the represented +	 * @param mandate the mandate +	 * @param organizationAddress the organization address +	 * @param organizationType the organization type +	 * @return the identity link +	 * @throws SZRGWClientException  +	 */ +	public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, +			String representative, String represented, String mandateContent, +			String organizationAddress, String organizationType) throws SZRGWClientException { +		return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); +	}   	/**  	  * SZR-GW Client interface. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4819b8219..45e6ab816 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -137,29 +137,12 @@ public class PEPSConnectorServlet extends AuthServlet {  			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
 -//			Logger.debug("Starting validation of SAML assertion");
 -//			//verify SAML assertion
 -			Assertion storkAssertion = authnResponse.getAssertions().get(0);
 -//			try {
 -//				STORKResponseProcessor.verifySTORKAssertion(
 -//						storkAssertion, //assertion
 -//						request.getRemoteAddr(), //IP address of user
 -//						storkAuthnRequest.getID(), //ID of STORK AuthnRequest
 -//						request.getRequestURL().toString(), //destination
 -//						HTTPUtils.getBaseURL(request), //audience
 -//						storkAuthnRequest.getRequestedAttributes()); //Requested Attributes
 -//			} catch (STORKException e) {
 -//				Logger.error("Failed to verify STORK SAML Assertion", e);
 -//				throw new MOAIDException("stork.08", null);
 -//			}
 -//
 -//			Logger.info("SAML assertion succesfully verified!");
 -
  			Logger.debug("Starting extraction of signedDoc attribute");
  			//extract signed doc element and citizen signature
  			Element citizenSignature = null;
  			try {
 +				Assertion storkAssertion = authnResponse.getAssertions().get(0);
  				citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);				
  				moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
  				moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e81adfb52..466d86f87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -296,6 +296,22 @@ public class STORKResponseProcessor {  	}
 +	
 +	/**
 +	 * Checks for attribute.
 +	 *
 +	 * @param attributeName the attribute name
 +	 * @param attributeList the attribute list
 +	 * @return true, if successful
 +	 */
 +	private static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) {
 +		try {
 +			getAttributeValue(attributeName, attributeList);
 +			return true;
 +		} catch(STORKException e) {
 +			return false;
 +		}
 +	}
  	/**
  	 * helper for reading attributes. Handles logging and error handling.
 @@ -325,52 +341,56 @@ public class STORKResponseProcessor {  	public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException {
  		Logger.trace("Calling SZR Gateway with the following attributes:");
 -		// fetch mandatory attributes
 -		String citizenSignature = getAttributeValue("signedDoc", attributeList);
 -		String eIdentifier = getAttributeValue("eIdentifier", attributeList);
 -		String givenName = getAttributeValue("givenName", attributeList);
 -		String lastName = getAttributeValue("surname", attributeList);
 -		String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
 -		if (!StringUtils.isEmpty(dateOfBirth)) {
 -			dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
 -		} 
 -		
 -		CreateIdentityLinkResponse response;
 +		CreateIdentityLinkResponse identityLinkResponse = null;
  		IdentityLink identityLink = null;
  		try {
  			Logger.trace("Starting call...");
 -			// do we have a case of representation?
 -			try {
 +			
 +			// if there is no signedDoc attribute, we cannot go on
 +			String citizenSignature = getAttributeValue("signedDoc", attributeList);
 +			
 +			// if we have a signedDoc we test for a representation case
 +			if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) {
 +				// we have a representation case
  				String representative = getAttributeValue("representative", attributeList);
  				String represented = getAttributeValue("represented", attributeList);
  				String mandate = getAttributeValue("mandateContent", attributeList);
 -				// we definitely know we have a representation case here
 -				// lets try if the represented is an organization
 -				try {
 +				if(!hasAttribute("dateOfBirth", attributeList)) {
 +					// if we get here, we have a natural person representing a legal person
  					String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList);
  					String organizationType = getAttributeValue("translateableType", attributeList);
 -					// if we got here, we have a natural person representing a legal person
 -					response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType);
 -				} catch(STORKException e1) {
 +					identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType);
 +				} else {
 +					// if we get here, we have a natural person representing another natural person
 +					String eIdentifier = getAttributeValue("eIdentifier", attributeList);
 +					String givenName = getAttributeValue("givenName", attributeList);
 +					String lastName = getAttributeValue("surname", attributeList);
 +					String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
 +					if (!StringUtils.isEmpty(dateOfBirth))
 +						dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
 -					// if we get here we have natural persons representing each other
 -					response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
 +					identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate);
  				}
 -			} catch(STORKException e) {
 +			} else {
  				// we do not have a representation case
 -				response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
 +				String eIdentifier = getAttributeValue("eIdentifier", attributeList);
 +				String givenName = getAttributeValue("givenName", attributeList);
 +				String lastName = getAttributeValue("surname", attributeList);
 +				String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
 +				if (!StringUtils.isEmpty(dateOfBirth))
 +					dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
 +				identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);
  			}
 -
 -   	    	
 -	    	if (null != response.getErrorResponse()){
 +	    	
 +	    	if (null != identityLinkResponse.getErrorResponse()){
  	    		// TODO fix exception parameter
 -	    		throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
 +	    		throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null);
  	    	}
  	    	else {
 -		    	IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
 +		    	IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink()));
  		    	identityLink = ilParser.parseIdentityLink();
  		    	Logger.debug("Received Identity Link from SZR Gateway");
 | 
