aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/pom.xml5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java39
3 files changed, 53 insertions, 27 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 8a9cdd51f..245348d09 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -37,6 +37,11 @@
<artifactId>SamlEngine</artifactId>
<version>1.1.0</version>
</dependency>
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>oasis-dss-api</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ </dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ec1762cbf..decf166c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -58,6 +58,7 @@ import org.opensaml.common.IdentifierGenerator;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -137,6 +138,11 @@ import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.ApiUtilsException;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.InputDocuments;
+import eu.stork.oasisdss.profile.SignRequest;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
@@ -1882,7 +1888,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
PersonalAttribute newAttribute = new PersonalAttribute();
newAttribute.setName("signedDoc");
List<String> value = new ArrayList<String>();
- value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml"));
+ value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml"));
newAttribute.setValue(value);
attributeList.add(newAttribute);
@@ -1978,18 +1984,28 @@ public class AuthenticationServer implements MOAIDAuthConstants {
IdentifierGenerator idGenerator;
try {
idGenerator = new SecureRandomIdentifierGenerator();
-
- return "<dss:SignRequest xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" " +
- "RequestID=\"" + idGenerator.generateIdentifier() + "\">" +
- "<dss:InputDocuments>" +
- "<dss:Document>" +
- "<dss:Base64Data MimeType=\"" + mimeType + "\">" + text + "</dss:Base64Data>" +
- "</dss:Document>" +
- "</dss:InputDocuments>" +
- "</dss:SignRequest>";
+
+ DocumentType doc = new DocumentType();
+ doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes());
+
+ SignRequest request = new SignRequest();
+ request.setInputDocuments(ApiUtils.createInputDocuments(doc));
+
+ request.setRequestID(idGenerator.generateIdentifier());
+
+ return ApiUtils.marshalToDocument(request).getTextContent();
} catch (NoSuchAlgorithmException e) {
Logger.error("Cannot generate id", e);
throw new RuntimeException(e);
+ } catch (ApiUtilsException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
+ } catch (DOMException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
+ } catch (ParserConfigurationException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index a1d38d488..3129c9e31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.xml.transform.stream.StreamSource;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
@@ -30,11 +31,15 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.profile.SignResponse;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
@@ -144,23 +149,6 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- Logger.debug("Starting extraction of signedDoc attribute");
- //extract signed doc element and citizen signature
- Element citizenSignature = null;
- try {
-
- Assertion storkAssertion = authnResponse.getAssertions().get(0);
- citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion);
- moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature));
- moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature));
-
- } catch (Exception e) {
- Logger.error("Could not extract citizen signature from C-PEPS", e);
- throw new MOAIDException("stork.09", null);
- }
- Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
- Logger.debug("Citizen signature will be verified by SZR Gateway!");
-
////////////// incorporate gender from parameters if not in stork response
PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender");
@@ -179,6 +167,23 @@ public class PEPSConnectorServlet extends AuthServlet {
//////////////////////////////////////////////////////////////////////////
+ Logger.debug("Starting extraction of signedDoc attribute");
+ //extract signed doc element and citizen signature
+ String citizenSignature = null;
+ try {
+ citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ moaSession.setAuthBlock(citizenSignature);
+
+ // FIXME untested
+ Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature)));
+ moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp));
+
+ } catch (Exception e) {
+ Logger.error("Could not extract citizen signature from C-PEPS", e);
+ throw new MOAIDException("stork.09", null);
+ }
+ Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+ Logger.debug("Citizen signature will be verified by SZR Gateway!");
Logger.debug("Starting connecting SZR Gateway");
//contact SZR Gateway