aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/doc/handbook/protocol/protocol.html4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java202
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java)40
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties9
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties2
13 files changed, 243 insertions, 137 deletions
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index e7658875c..1c6e51661 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -632,6 +632,10 @@ Redirect Binding</td>
<td>1204</td>
<td>Ein STORK Attribut wei&szlig;t ein fehlerhaftes Format auf.</td>
</tr>
+ <tr>
+ <td>1205</td>
+ <td>Der geforderte QAA Level ist h&ouml;her als der QAA Level der gew&auml;hlten Authentifizierungsmethode</td>
+ </tr>
</table>
<h3><a name="statuscodes_4xxxx" id="allgemeines_zugangspunkte8"></a>1.3.2 Statuscodes 4xxxx</h3>
<p>Alles Statuscodes beginnend mit der Zahl vier beschreiben Fehler die w&auml;hrend der Kommunikation mit externen Services aufgetreten sind.</p>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5c0e497a3..52488c3cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
@@ -526,10 +527,40 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
- if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
- authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
- extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+ try {
+ String qaaLevel = extractor.getQAALevel();
+ if (MiscUtil.isNotEmpty(qaaLevel) &&
+ qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+ authData.setQAALevel(qaaLevel);
+
+ } else {
+ Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel);
+ if (MiscUtil.isNotEmpty(mappedQAA))
+ authData.setQAALevel(mappedQAA);
+
+ else
+ throw new AssertionAttributeExtractorExeption("PVP SecClass not mappable");
+
+ }
+
+ } catch (AssertionAttributeExtractorExeption e) {
+ Logger.warn("No QAA level found in <RequestedAuthnContext> element of interfederated assertion. " +
+ "(ErrorHeader=" + e.getMessage() + ")");
+ if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) {
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
+ extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+
+ } else {
+ Logger.info("No QAA level found. Set to default level " +
+ PVPConstants.STORK_QAA_PREFIX + "1");
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+
+ }
+
+ }
+
if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) {
try {
byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 3be5df917..4ba93f8fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -170,6 +170,7 @@ public class SAMLVerificationEngine {
}
+ List<org.opensaml.saml2.core.Assertion> validatedassertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
Conditions conditions = saml2assertion.getConditions();
@@ -177,19 +178,21 @@ public class SAMLVerificationEngine {
DateTime notafter = conditions.getNotOnOrAfter();
if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
Logger.warn("PVP2 Assertion is out of Date");
- saml2assertions.remove(saml2assertion);
+
+ } else {
+ validatedassertions.add(saml2assertion);
- }
+ }
}
- if (saml2assertions.isEmpty()) {
+ if (validatedassertions.isEmpty()) {
Logger.info("No valid PVP 2.1 assertion received.");
throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null);
}
samlResp.getAssertions().clear();
samlResp.getEncryptedAssertions().clear();
- samlResp.getAssertions().addAll(saml2assertions);
+ samlResp.getAssertions().addAll(validatedassertions);
} else {
Logger.info("PVP 2.1 assertion includes an error. Receive errorcode "
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index aa018d5a3..859f4900b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -110,8 +111,38 @@ public class AuthenticationRequest implements IAction {
// Get personal attributtes from MOA/IdentityLink
//build STORK attributes from local authentication information
- if (authData != null)
+ if (authData != null) {
+ int reqQaa = -1;
+ int authQaa = -1;
+ try {
+ reqQaa = moaStorkRequest.getStorkAuthnRequest().getQaa();
+ authQaa = Integer.valueOf(
+ authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()));
+
+ if (reqQaa > authQaa) {
+ Logger.warn("Requested QAA level does not match to authenticated QAA level");
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+
+ } catch (MOAIDException e) {
+ throw e;
+
+ } catch (Exception e) {
+ if (Logger.isDebugEnabled())
+ Logger.warn("STORK QAA Level evaluation error", e);
+
+ else
+ Logger.warn("STORK QAA Level evaluation error (ErrorMessage="
+ + e.getMessage() + ")");
+
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+
moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam));
+
+ }
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -370,15 +401,15 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
context.put("action", request.getAssertionConsumerServiceURL());
- Logger.debug("Starting template merge");
+ Logger.trace("Starting template merge");
StringWriter writer = new StringWriter();
- Logger.debug("Doing template merge");
+ Logger.trace("Doing template merge");
template.merge(context, writer);
- Logger.debug("Template merge done");
+ Logger.trace("Template merge done");
- Logger.debug("Sending html content: " + writer.getBuffer().toString());
- Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+ Logger.trace("Sending html content: " + writer.getBuffer().toString());
+ Logger.trace("Sending html content2 : " + new String(writer.getBuffer()));
httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
@@ -452,7 +483,7 @@ public class AuthenticationRequest implements IAction {
IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
-
+
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest);
@@ -470,7 +501,7 @@ public class AuthenticationRequest implements IAction {
Logger.error("Exception, attributes: " + e.getMessage());
}
- Logger.debug("AUTHBLOCK " + authData.getAuthBlock());
+ Logger.trace("AUTHBLOCK " + authData.getAuthBlock());
Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier());
return attributeList;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 3159574fe..de7d5d6dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -199,15 +199,15 @@ public class ConsentEvaluator implements IAction {
Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
context.put("action", request.getAssertionConsumerServiceURL());
- Logger.debug("Starting template merge");
+ Logger.trace("Starting template merge");
StringWriter writer = new StringWriter();
- Logger.debug("Doing template merge");
+ Logger.trace("Doing template merge");
template.merge(context, writer);
- Logger.debug("Template merge done");
+ Logger.trace("Template merge done");
- Logger.debug("Sending html content: " + writer.getBuffer().toString());
- Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+ Logger.trace("Sending html content: " + writer.getBuffer().toString());
+ Logger.trace("Sending html content2 : " + new String(writer.getBuffer()));
httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index aaded0ce6..993514ec7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -23,11 +23,10 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKRoleMapper;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -44,11 +43,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.joda.time.format.DateTimeFormat;
-import org.joda.time.format.DateTimeFormatter;
-
-import javassist.expr.Instanceof;
-
/**
* @author bsuzic
* Date: 2/19/14, Time: 4:42 PM
@@ -125,7 +119,7 @@ public class MOAAttributeProvider {
&& authData.getAuthenticationRoles().size() > 0) {
storkRoles = new ArrayList<String>();
- PVPtoSTORKRoleMapper mapper = PVPtoSTORKRoleMapper.getInstance();
+ PVPtoSTORKMapper mapper = PVPtoSTORKMapper.getInstance();
for (AuthenticationRole el : authData.getAuthenticationRoles()) {
String storkRole = mapper.map(el);
if (MiscUtil.isNotEmpty(storkRole))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
index 88c59ccf9..96aa55bcf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
@@ -134,11 +134,9 @@ public class PVPAuthenticationProvider extends AttributeProvider {
authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList());
authRequest.setCitizenCountryCode("AT");
- authRequest.setQaa(oaParam.getQaaLevel());
+ //authRequest.setQaa(oaParam.getQaaLevel());
+ authRequest.setQaa(moastorkRequest.getStorkAuthnRequest().getQaa());
- if (authRequest.getQaa() == 0 ) {
- authRequest.setQaa(4); // workaround
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java
index 06cb99da0..124b91e8b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java
@@ -64,6 +64,7 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.oasisdss.api.ApiUtils;
import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.ResultMajor;
import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
import eu.stork.oasisdss.api.exceptions.UtilsException;
import eu.stork.oasisdss.profile.AnyType;
@@ -166,114 +167,127 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider {
//create SignResponse object
Source response = new StreamSource(new java.io.StringReader(signResponseString));
SignResponse signResponse = ApiUtils.unmarshal(response, SignResponse.class);
- //extract doc from signresponse
- DataSource dataSource = LightweightSourceResolver.getDataSource(signResponse);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- IOUtils.copy(dataSource.getInputStream(), baos);
- byte[] data = baos.toByteArray();
+ //Check if Signing was successfully or not
- //update doc in DTL
- String docId, dssId = "";
- docId = signResponse.getDocUI();
- //For reference dssId equals docId
- dssId = docId;
- if (dssId != null && data!=null)
+ if(!signResponse.getResult().getResultMajor().equals(ResultMajor.RESULT_MAJOR_SUCCESS))
{
- boolean success = false;
- try{
- success = updateDocumentInDtl(data, docId, signResponseString);
- }catch(Exception e){//No document service used?
- Logger.info("No document service used?");
- e.printStackTrace();
- success = false;
- }
- if(success)
- {
- // set the url in the SignResponse
- DocumentWithSignature documentWithSignature = new DocumentWithSignature();
- DocumentType value = new DocumentType();
- value.setDocumentURL(dtlUrl);
- documentWithSignature.setDocument(value);
- if(signResponse.getOptionalOutputs()!=null)
- {
- //signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
- for(Object o :signResponse.getOptionalOutputs().getAny())
+ //Pass unmodifed or unmarshal & marshal??
+ InputStream istr = ApiUtils.marshalToInputStream(signResponse);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(istr, writer, "UTF-8");
+ signResponseString = writer.toString();
+ Logger.info("SignResponse with error (unmodified):"+signResponseString);
+ }
+ else
+ {
+ //extract doc from signresponse
+ DataSource dataSource = LightweightSourceResolver.getDataSource(signResponse);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ IOUtils.copy(dataSource.getInputStream(), baos);
+ byte[] data = baos.toByteArray();
+
+ //update doc in DTL
+ String docId, dssId = "";
+ docId = signResponse.getDocUI();
+ //For reference dssId equals docId
+ dssId = docId;
+ if (dssId != null && data!=null)
+ {
+ boolean success = false;
+ try{
+ success = updateDocumentInDtl(data, docId, signResponseString);
+ }catch(Exception e){//No document service used?
+ Logger.info("No document service used?");
+ e.printStackTrace();
+ success = false;
+ }
+ if(success)
+ {
+ // set the url in the SignResponse
+ DocumentWithSignature documentWithSignature = new DocumentWithSignature();
+ DocumentType value = new DocumentType();
+ value.setDocumentURL(dtlUrl);
+ documentWithSignature.setDocument(value);
+ if(signResponse.getOptionalOutputs()!=null)
{
- if(o instanceof DocumentWithSignature)
+ //signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
+ for(Object o :signResponse.getOptionalOutputs().getAny())
{
- signResponse.getOptionalOutputs().getAny().remove(o);
- signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
- break;
+ if(o instanceof DocumentWithSignature)
+ {
+ signResponse.getOptionalOutputs().getAny().remove(o);
+ signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
+ break;
+ }
}
}
+ else
+ {
+ AnyType anytype = new AnyType();
+ anytype.getAny().add(documentWithSignature);
+ signResponse.setOptionalOutputs(anytype );
+ }
+
+ // System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl);
+ InputStream istr = ApiUtils.marshalToInputStream(signResponse);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(istr, writer, "UTF-8");
+ signResponseString = writer.toString();
+ Logger.info("SignResponse overwritten:"+signResponseString);
}
else
{
- AnyType anytype = new AnyType();
- anytype.getAny().add(documentWithSignature);
- signResponse.setOptionalOutputs(anytype );
- }
-
-// System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl);
- InputStream istr = ApiUtils.marshalToInputStream(signResponse);
- StringWriter writer = new StringWriter();
- IOUtils.copy(istr, writer, "UTF-8");
- signResponseString = writer.toString();
- Logger.info("SignResponse overwritten:"+signResponseString);
- }
- else
- {
- //No document service used?
- // do nothing....
- //TODO temporary fix because document is deleted after fetching => SP can't download Doc
- //Add doc to Signresponse
-
- DocumentWithSignature documentWithSignature = new DocumentWithSignature();
- DocumentType value = new DocumentType();
- if(signResponse.getProfile().toLowerCase().contains("xades"))
- {
- value.setBase64XML(data);
- }
- else
- {
- Base64Data base64data = new Base64Data();
- base64data.setValue(data);
- base64data.setMimeType(dataSource.getContentType());
- value.setBase64Data(base64data);
- }
- documentWithSignature.setDocument(value);
- if(signResponse.getOptionalOutputs()!=null)
- {
- //signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
- for(Object o :signResponse.getOptionalOutputs().getAny())
+ //No document service used?
+ // do nothing....
+ //TODO temporary fix because document is deleted after fetching => SP can't download Doc
+ //Add doc to Signresponse
+
+ DocumentWithSignature documentWithSignature = new DocumentWithSignature();
+ DocumentType value = new DocumentType();
+ if(signResponse.getProfile().toLowerCase().contains("xades"))
+ {
+ value.setBase64XML(data);
+ }
+ else
{
- if(o instanceof DocumentWithSignature)
+ Base64Data base64data = new Base64Data();
+ base64data.setValue(data);
+ base64data.setMimeType(dataSource.getContentType());
+ value.setBase64Data(base64data);
+ }
+ documentWithSignature.setDocument(value);
+ if(signResponse.getOptionalOutputs()!=null)
+ {
+ //signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
+ for(Object o :signResponse.getOptionalOutputs().getAny())
{
- signResponse.getOptionalOutputs().getAny().remove(o);
- signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
- break;
+ if(o instanceof DocumentWithSignature)
+ {
+ signResponse.getOptionalOutputs().getAny().remove(o);
+ signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
+ break;
+ }
}
}
+ else
+ {
+ AnyType anytype = new AnyType();
+ anytype.getAny().add(documentWithSignature);
+ signResponse.setOptionalOutputs(anytype );
+ }
+
+ // System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl);
+ InputStream istr = ApiUtils.marshalToInputStream(signResponse);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(istr, writer, "UTF-8");
+ signResponseString = writer.toString();
+ Logger.info("SignResponse overwritten:"+signResponseString);
}
- else
- {
- AnyType anytype = new AnyType();
- anytype.getAny().add(documentWithSignature);
- signResponse.setOptionalOutputs(anytype );
- }
-
-// System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl);
- InputStream istr = ApiUtils.marshalToInputStream(signResponse);
- StringWriter writer = new StringWriter();
- IOUtils.copy(istr, writer, "UTF-8");
- signResponseString = writer.toString();
- Logger.info("SignResponse overwritten:"+signResponseString);
- }
+ }
+ else
+ throw new Exception("No DSS id found.");
}
- else
- throw new Exception("No DSS id found.");
-
//alter signresponse
//done
@@ -319,7 +333,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider {
try {
Logger.trace("Initialize VelocityEngine...");
-
+ Logger.info("performRedirect url:"+url);
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
VelocityContext context = new VelocityContext();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index 20f541a1a..0ea03e29d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -33,24 +33,26 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class PVPtoSTORKRoleMapper {
+public class PVPtoSTORKMapper {
+ private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+
private static final String MAPPING_RESOURCE =
- "resources/properties/pvp-stork_role_mapping.properties";
+ "resources/properties/pvp-stork_mapping.properties";
private Properties mapping = null;
- private static PVPtoSTORKRoleMapper instance = null;
+ private static PVPtoSTORKMapper instance = null;
- public static PVPtoSTORKRoleMapper getInstance() {
+ public static PVPtoSTORKMapper getInstance() {
if (instance == null) {
- instance = new PVPtoSTORKRoleMapper();
+ instance = new PVPtoSTORKMapper();
}
return instance;
}
- private PVPtoSTORKRoleMapper() {
+ private PVPtoSTORKMapper() {
try {
mapping = new Properties();
mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -65,9 +67,29 @@ public class PVPtoSTORKRoleMapper {
}
- /**
- * @param el
- * @return
+ /**Map a PVP SecClass to STORK QAA level
+ *
+ * @param PVP SecClass pvpQAALevel
+ * @return STORK-QAA level
+ */
+ public String mapQAALevel(String pvpQAALevel) {
+ if (mapping != null) {
+ String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());
+ String mappedQAA = mapping.getProperty(input);
+ if (MiscUtil.isNotEmpty(mappedQAA)) {
+ Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+ return mappedQAA;
+
+ }
+ }
+ Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+ return null;
+ }
+
+ /**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+ *
+ * @param PVP Role attribute
+ * @return STORK ECAuthenticationRole attribute value
*/
public String map(AuthenticationRole el) {
if (mapping != null) {
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 848866090..8fda4566c 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -228,6 +228,7 @@ stork.17=Fehler beim Einholen der Zustimmung f\uFFFDr Attribut\u00FCbertragung d
stork.18=STORK-SAML Engine konnte nicht initialisiert werden.
stork.19=Das erforderliche Attribut ist f\u00FCr naturliche Personen nicht vorhanden\: {0}
stork.20=Fehler bei der Datenkonversion - eingegebens Datum fehlerhaft
+stork.21=Der angeforderte QAA-level {0} ist h\u00F6her als der QAA-level der Authentifizierung {1}
pvp2.00={0} ist kein gueltiger consumer service index
pvp2.01=Fehler beim kodieren der PVP2 Antwort
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 27f735028..eeacdc627 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -172,6 +172,7 @@ stork.17=1203
stork.18=9004
stork.19=1203
stork.20=1204
+stork.21=1205
pvp2.01=6100
pvp2.06=6100
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
new file mode 100644
index 000000000..63745f826
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -0,0 +1,9 @@
+##PVP role mapping
+viewer=CIRCABC/viewer
+CIRCABC-viewer=CIRCABC/viewer
+
+##PVP SecClass mapping
+secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
+secclass/0-1=http://www.stork.gov.eu/1.0/citizenQAALevel/2
+secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/3
+secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4 \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
deleted file mode 100644
index 295d381cd..000000000
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-viewer=CIRCABC/viewer
-CIRCABC-viewer=CIRCABC/viewer \ No newline at end of file