diff options
Diffstat (limited to 'id/server')
8 files changed, 307 insertions, 59 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 01a2e5485..22c08b3e0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,9 +1,74 @@ package at.gv.egovernment.moa.id.auth; -import at.gv.egovernment.moa.id.auth.builder.*; -import at.gv.egovernment.moa.id.auth.data.*; -import at.gv.egovernment.moa.id.auth.exception.*; +import iaik.asn1.ObjectID; +import iaik.util.logging.Log; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.math.BigInteger; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.cert.CertificateException; +import java.util.ArrayList; +//import java.security.cert.CertificateFactory; +import java.util.Calendar; +import java.util.Date; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Vector; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.apache.xpath.XPathAPI; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.xml.util.Base64; +import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BKUException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.exception.ServiceException; +import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -16,9 +81,13 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -40,7 +109,13 @@ import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.*; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.mis.MandateIdentifiers; import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; @@ -48,8 +123,12 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; -import eu.stork.oasisdss.api.*; +import eu.stork.oasisdss.api.AdditionalProfiles; +import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.exceptions.ApiUtilsException; +import eu.stork.oasisdss.api.Profiles; +import eu.stork.oasisdss.api.QualityLevels; +import eu.stork.oasisdss.api.SignatureTypes; import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; import eu.stork.oasisdss.profile.SignRequest; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 41be2c7e3..f98e5c97b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -30,6 +30,7 @@ import java.net.URL; import java.util.ArrayList;
import java.util.List;
+import javax.activation.DataSource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -66,6 +67,8 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.xmldsig.SignatureType;
import at.gv.util.xsd.xmldsig.X509DataType;
import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
import eu.stork.oasisdss.profile.DocumentWithSignature;
import eu.stork.oasisdss.profile.SignResponse;
import eu.stork.peps.auth.commons.PEPSUtil;
@@ -202,17 +205,15 @@ public class PEPSConnectorServlet extends AuthServlet { String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
- List<DocumentWithSignature> doclocations = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), DocumentWithSignature.class.getSimpleName(), DocumentWithSignature.class);
- // TODO handle multiple docs?
- Logger.debug("trying first doclocation");
- String docUrl = doclocations.get(0).getDocument().getDocumentURL();
- Logger.debug("trying first doclocation successful");
-
// fetch signed doc
- URL url = new URL(docUrl);
- InputStream incomming = url.openStream();
- citizenSignature = IOUtils.toString(incomming);
- incomming.close();
+ DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+ if(ds == null){
+ throw new ApiUtilsException("No datasource found in response");
+ }
+
+ InputStream incoming = ds.getInputStream();
+ citizenSignature = IOUtils.toString(incoming);
+ incoming.close();
JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 953758dc3..538e59401 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -10,38 +10,43 @@ import java.util.List; */ public class AttributeProviderFactory { - /** - * Gets the available plugins. - * - * @return the available plugins - */ - public static List<String> getAvailablePlugins() { - List<String> result = new ArrayList<String>(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider"); + /** + * Gets the available plugins. + * + * @return the available plugins + */ + public static List<String> getAvailablePlugins() { + List<String> result = new ArrayList<String>(); + result.add("StorkAttributeRequestProvider"); + result.add("EHvdAttributeProvider"); + result.add("SignedDocAttributeRequestProvider"); result.add("MISAttributeProvider"); + return result; } - /** - * Creates an AttributeProvider object for the given shortname. Returns - * {@code null} if there is no such provider available. - * - * @param shortname the simpleName for the providers class - * @return the attribute provider - */ - public static AttributeProvider create(String shortname, String url) { - if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url); - } else if (shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); - } else if (shortname.equals("MISAttributeProvider")) { - return new MISAttributeProvider(url); - } else { - return null; - } - } + /** + * Creates an AttributeProvider object for the given shortname. Returns + * {@code null} if there is no such provider available. + * + * @param shortname + * the simpleName for the providers class + * @return the attribute provider + */ + public static AttributeProvider create(String shortname, String url) { + if (shortname.equals("StorkAttributeRequestProvider")) { + return new StorkAttributeRequestProvider(url); + } else if(shortname.equals("EHvdAttributeProvider")) { + return new EHvdAttributeProviderPlugin(url); + } else if(shortname.equals("SignedDocAttributeRequestProvider")) { + return new SignedDocAttributeRequestProvider(url); + } else if (shortname.equals("MISAttributeProvider")) { + return new MISAttributeProvider(url); + } else { + return null; + } + } /** * Gets fresh instances of the configured plugins. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java new file mode 100644 index 000000000..6a8e306a1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -0,0 +1,134 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.codec.binary.Base64; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; + +/** + * Forwards a signedDoc attribute request to the oasis-dss service instance + */ +public class SignedDocAttributeRequestProvider implements AttributeProvider { + + private PersonalAttribute requestedAttribute; + + /** + * The URL of the service listening for the oasis dss webform post request + */ + private String oasisDssWebFormURL; + + /** + * Instantiates a new signed doc attribute request provider. + * + * @param oasisDssWebFormURL + * the AP location + */ + public SignedDocAttributeRequestProvider(String oasisDssWebFormURL) { + this.oasisDssWebFormURL = oasisDssWebFormURL; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java + * .lang.String) + */ + public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException { + if(!attribute.getName().equals("signedDoc")){ + throw new UnsupportedAttributeException(); + } + + requestedAttribute = attribute; + + throw new ExternalAttributeRequestRequiredException(this); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax + * .servlet.http.HttpServletRequest) + */ + public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { + Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); + + + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); + try { + String signResponse = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8"); + List<String> values = new ArrayList<String>(); + values.add(signResponse); + + Logger.debug("Assembling signedDoc attribute"); + PersonalAttribute signedDocAttribute = new PersonalAttribute(requestedAttribute.getName(), requestedAttribute.isRequired(), values, + "Available"); + + // pack and return the result + PersonalAttributeList result = new PersonalAttributeList(); + result.add(signedDocAttribute); + return result; + } catch (UnsupportedEncodingException e) { + Logger.error("Failed to assemble signedDoc attribute"); + throw new MOAIDException("stork.05", null); + } + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect + * (java.lang.String) + */ + public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) + throws MOAIDException { + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); + VelocityContext context = new VelocityContext(); + context.put("signrequest", Base64.encodeBase64String(requestedAttribute.getValue().get(0).getBytes("UTF8"))); + context.put("clienturl", url); + context.put("action", oasisDssWebFormURL); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } + } + +} diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm new file mode 100644 index 000000000..7fcc1bb36 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm @@ -0,0 +1,36 @@ +## +## Velocity Template for OASIS WEBFORM BINDING +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## signresponse - String - the Base64 encoded SAML Request +## verifyresponse - String - the Base64 encoded SAML Response +## clienturl - String - URL where the USer gets redirected after the signature process + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + + <body onload="document.forms[0].submit()"> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support JavaScript, + you must press the Continue button once to proceed. + </p> + </noscript> + + <form action="${action}" method="post"> + <div> + #if($signrequest)<input type="hidden" name="signrequest" value="${signrequest}"/>#end + + #if($verifyrequest)<input type="hidden" name="verifyrequest" value="${verifyrequest}"/>#end + #if($clienturl)<input type="hidden" name="clienturl" value="${clienturl}"/>#end + + </div> + <noscript> + <div> + <input type="submit" value="Continue"/> + </div> + </noscript> + </form> + + </body> +</html>
\ No newline at end of file diff --git a/id/server/mw-messages-api/.classpath b/id/server/mw-messages-api/.classpath index 8b5a9fa96..c15838fd0 100644 --- a/id/server/mw-messages-api/.classpath +++ b/id/server/mw-messages-api/.classpath @@ -6,11 +6,6 @@ <attribute name="maven.pomderived" value="true"/> </attributes> </classpathentry> - <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"> - <attributes> - <attribute name="maven.pomderived" value="true"/> - </attributes> - </classpathentry> <classpathentry kind="src" output="target/test-classes" path="src/test/java"> <attributes> <attribute name="optional" value="true"/> diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java index e485827c8..da6a8ab27 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java @@ -50,13 +50,11 @@ public class CustomAttributeQueryImpl extends SubjectQueryImpl implements Custom return Collections.unmodifiableList(children);
}
- @Override
public String getAssertionConsumerServiceURL() {
// TODO Auto-generated method stub
return this.serviceURL;
}
- @Override
public void setAssertionConsumerServiceURL(String newServiceUrl) {
// TODO Auto-generated method stub
this.serviceURL = newServiceUrl;
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java index 4554a9586..6652560bd 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java @@ -426,16 +426,16 @@ public class SignSW implements SAMLEngineSignI { final BasicX509Credential entityX509Cred = new BasicX509Credential();
entityX509Cred.setEntityCertificate(cert);
- try {
- cert.checkValidity();
- }
- catch (CertificateExpiredException exp) {
- throw new SAMLEngineException("Certificate expired.");
- }
- catch (CertificateNotYetValidException exp) {
- throw new SAMLEngineException("Certificate not yet valid.");
- }
-
+// try {
+// cert.checkValidity();
+// }
+// catch (CertificateExpiredException exp) {
+// throw new SAMLEngineException("Certificate expired.");
+// }
+// catch (CertificateNotYetValidException exp) {
+// throw new SAMLEngineException("Certificate not yet valid.");
+// }
+//
boolean trusted = false;
for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();)
|