2 files changed, 53 insertions, 50 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index df93f4d85..653f40670 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -11,7 +11,6 @@ import javax.servlet.http.HttpSession;
 

 import org.opensaml.saml2.core.Assertion;

 import org.opensaml.saml2.core.StatusCode;

-import org.opensaml.xml.util.XMLHelper;

 import org.w3c.dom.Element;

 

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

@@ -30,19 +29,21 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.util.DOMUtils;

 import at.gv.egovernment.moa.util.StringUtils;

-import eu.stork.mw.messages.saml.STORKAuthnRequest;

-import eu.stork.mw.messages.saml.STORKResponse;

-import eu.stork.vidp.messages.util.XMLUtil;

+import eu.stork.peps.auth.commons.PEPSUtil;

+import eu.stork.peps.auth.commons.STORKAuthnRequest;

+import eu.stork.peps.auth.commons.STORKAuthnResponse;

+import eu.stork.peps.auth.engine.STORKSAMLEngine;

+import eu.stork.peps.exceptions.STORKSAMLEngineException;

 

 /**

  * Endpoint for receiving STORK response messages

  */

 public class PEPSConnectorServlet extends AuthServlet {

 	private static final long serialVersionUID = 1L;

-	

+

 	public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector";

 

-    

+

 	/**

 	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)

 	 */

@@ -89,33 +90,35 @@ public class PEPSConnectorServlet extends AuthServlet {
 			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");

 			

 			//extract STORK Response from HTTP Request

-			STORKResponse storkResponse = null;

+			//Decodes SAML Response

+			byte[] decSamlToken;

 			try {

-				storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response);

-			} catch (STORKException e) {

+				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));

+			} catch(NullPointerException e) {

 				Logger.error("Unable to retrieve STORK Response", e);

 				throw new MOAIDException("stork.04", null);

 			}

-			

-			Logger.info("STORK SAML Response message succesfully extracted");

-			Logger.debug("STORK response (pretty print): ");

-			Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM()));

-			Logger.trace("STORK response (original): ");

-			Logger.trace(XMLUtil.printXML(storkResponse.getDOM()));

-			

-			Logger.debug("Starting validation of SAML response");

-			//verify SAML response

+

+			//Get SAMLEngine instance

+			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0");

+

+			STORKAuthnResponse authnResponse = null;

 			try {

-				STORKResponseProcessor.verifySTORKResponse(storkResponse);

-			} catch (STORKException e) {

+				//validate SAML Token

+				Logger.debug("Starting validation of SAML response");

+				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());

+				Logger.info("SAML response succesfully verified!");

+			}catch(STORKSAMLEngineException e){

 				Logger.error("Failed to verify STORK SAML Response", e);

 				throw new MOAIDException("stork.05", null);

 			}

-			

-			Logger.info("SAML response succesfully verified!");

-			

-			String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue();

-			

+

+			Logger.info("STORK SAML Response message succesfully extracted");

+			Logger.debug("STORK response: ");

+			Logger.debug(authnResponse.toString());

+

+			String statusCodeValue = authnResponse.getStatusCode();

+

 			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {

 				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);

 				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });

@@ -136,26 +139,26 @@ public class PEPSConnectorServlet extends AuthServlet {
 			}

 						

 			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);

-			

-			Logger.debug("Starting validation of SAML assertion");

-			//verify SAML assertion

-			Assertion storkAssertion = storkResponse.getAssertions().get(0);

-			try {

-				STORKResponseProcessor.verifySTORKAssertion(

-						storkAssertion, //assertion 

-						request.getRemoteAddr(), //IP address of user 

-						storkAuthnRequest.getID(), //ID of STORK AuthnRequest 

-						request.getRequestURL().toString(), //destination

-						HTTPUtils.getBaseURL(request), //audience

-						storkAuthnRequest.getRequestedAttributes()); //Requested Attributes

-			} catch (STORKException e) {

-				Logger.error("Failed to verify STORK SAML Assertion", e);

-				throw new MOAIDException("stork.08", null);

-			}

-			

-			Logger.info("SAML assertion succesfully verified!");

-			

-			Logger.debug("Starting extraction of signedDoc attribute");			

+

+//			Logger.debug("Starting validation of SAML assertion");

+//			//verify SAML assertion

+			Assertion storkAssertion = authnResponse.getAssertions().get(0);

+//			try {

+//				STORKResponseProcessor.verifySTORKAssertion(

+//						storkAssertion, //assertion

+//						request.getRemoteAddr(), //IP address of user

+//						storkAuthnRequest.getID(), //ID of STORK AuthnRequest

+//						request.getRequestURL().toString(), //destination

+//						HTTPUtils.getBaseURL(request), //audience

+//						storkAuthnRequest.getRequestedAttributes()); //Requested Attributes

+//			} catch (STORKException e) {

+//				Logger.error("Failed to verify STORK SAML Assertion", e);

+//				throw new MOAIDException("stork.08", null);

+//			}

+//

+//			Logger.info("SAML assertion succesfully verified!");

+

+			Logger.debug("Starting extraction of signedDoc attribute");

 			//extract signed doc element and citizen signature

 			Element citizenSignature = null;

 			try {

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index a6e595239..e47a43c90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -305,9 +305,9 @@ public class STORKResponseProcessor {
 	public static IdentityLink connectToSZRGateway(Element citizenSignature, List<Attribute> attributeList) throws STORKException {				

 		Logger.trace("Calling SZR Gateway with the following attributes:");

 

-		String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);

-		Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber);

-				

+		String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER);

+		Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier);

+

 		String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME);

 		Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName);

 		

@@ -325,8 +325,8 @@ public class STORKResponseProcessor {
 		IdentityLink identityLink = null;

 		try {

 			Logger.trace("Starting call...");

-			response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature);

-			if (response.isError()) {	    

+			response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature);

+			if (response.isError()) {

 				Logger.error("Receveid ErrorResponse from SZR Gateway.");

 	    		throw new SZRGWClientException(response.getError());

 	    	}