diff options
Diffstat (limited to 'id')
3 files changed, 73 insertions, 70 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 209743f45..146137a2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -31,6 +31,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; +import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; @@ -49,6 +50,7 @@ import javax.servlet.http.HttpSession; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringEscapeUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; @@ -123,7 +125,6 @@ import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; @@ -142,10 +143,14 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; +import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.Profiles; +import eu.stork.oasisdss.api.QualityLevels; +import eu.stork.oasisdss.api.SignatureTypes; +import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; -import eu.stork.oasisdss.profile.InputDocuments; import eu.stork.oasisdss.profile.SignRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -1912,7 +1917,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName("signedDoc"); List<String> value = new ArrayList<String>(); - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml")); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), + "application/xhtml+xml", + moasession.getCcc())); newAttribute.setValue(value); attributeList.add(newAttribute); @@ -2004,20 +2011,37 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); } - private static String generateDssSignRequest(String text, String mimeType) { + private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { IdentifierGenerator idGenerator; try { idGenerator = new SecureRandomIdentifierGenerator(); DocumentType doc = new DocumentType(); - doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes()); + doc.setBase64XML(text.getBytes()); + doc.setID(idGenerator.generateIdentifier()); SignRequest request = new SignRequest(); request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - request.setRequestID(idGenerator.generateIdentifier()); + String id = idGenerator.generateIdentifier(); + request.setRequestID(id); + request.setDocUI(id); - return ApiUtils.marshalToDocument(request).getTextContent(); + request.setProfile(Profiles.XADES_BES.toString()); + request.setNumberOfSigners(BigInteger.ONE); + request.setTargetCountry(citizenCountry); + + // no, no todo. PEPS will alter this value anyhow. + request.setReturnURL("http://invalid_return"); + + AnyType required = new AnyType(); + required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); + required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); + required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); + required.getAny().add(ApiUtils.createIncludeObject(doc)); + request.setOptionalInputs(required); + + return IOUtils.toString(ApiUtils.marshalToInputStream(request)); } catch (NoSuchAlgorithmException e) { Logger.error("Cannot generate id", e); throw new RuntimeException(e); @@ -2027,7 +2051,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } catch (DOMException e) { Logger.error("Could not create SignRequest", e); throw new RuntimeException(e); - } catch (ParserConfigurationException e) { + } catch (IOException e) { Logger.error("Could not create SignRequest", e); throw new RuntimeException(e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 9dfce7838..a3c8ebe4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -1,7 +1,10 @@ package at.gv.egovernment.moa.id.auth.servlet;
+import iaik.x509.X509Certificate;
import java.io.IOException;
+import java.io.InputStream;
import java.io.StringWriter;
+import java.net.URL;
import java.util.ArrayList;
import java.util.List;
@@ -10,19 +13,19 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
import javax.xml.transform.stream.StreamSource;
+import org.apache.commons.io.IOUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.StatusCode;
-import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -33,14 +36,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.profile.DocumentWithSignature;
import eu.stork.oasisdss.profile.SignResponse;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -173,14 +176,41 @@ public class PEPSConnectorServlet extends AuthServlet { //extract signed doc element and citizen signature
String citizenSignature = null;
try {
- citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
+
+ List<DocumentWithSignature> doclocations = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), DocumentWithSignature.class.getSimpleName(), DocumentWithSignature.class);
+ // TODO handle multiple docs?
+ Logger.debug("trying first doclocation");
+ String docUrl = doclocations.get(0).getDocument().getDocumentURL();
+ Logger.debug("trying first doclocation successful");
+
+ // fetch signed doc
+ URL url = new URL(docUrl);
+ InputStream incomming = url.openStream();
+ citizenSignature = IOUtils.toString(incomming);
+ incomming.close();
+
+ JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+ SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
+
+ // memorize signature into authblock
moaSession.setAuthBlock(citizenSignature);
+
+ // extract certificate
+ for(Object current : root.getKeyInfo().getContent())
+ if(((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+ for(Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+ JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+ if(casted.getName().getLocalPart().equals("X509Certificate")) {
+ moaSession.setSignerCertificate(new X509Certificate(((String)casted.getValue()).getBytes()));
+ break;
+ }
+ }
+ }
- // FIXME untested
- Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature)));
- moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp));
- } catch (Exception e) {
+ } catch (Throwable e) {
Logger.error("Could not extract citizen signature from C-PEPS", e);
throw new MOAIDException("stork.09", null);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 20ceb2128..2534110d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -58,57 +58,6 @@ public class STORKResponseProcessor { public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success";
/**
- * Extracts the signature value out of a DSS response
- * @param signatureResponse DSS signature response
- * @return signature
- * @throws STORKException
- */
- private static Element getSignature(Element signatureResponse) throws STORKException {
-
- NodeList nList = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "ResultMajor");
-
- String resultMajor = XMLUtil.getFirstTextValueFromNodeList(nList);
-
- if (StringUtils.isEmpty(resultMajor)) {
- String msg = "DSS response not correct, ResultMajor element missing.";
- Logger.error(msg);
- throw new STORKException(msg);
- }
-
- Logger.trace("ResultMajor of DSS response: " + resultMajor);
-
- if (!OASIS_DSS_SUCCESS_MSG.equals(resultMajor)) {
- String msg = "DSS response not correct, ResultMajor is " + resultMajor;
- Logger.error(msg);
- throw new STORKException(msg);
- }
-
- NodeList nList2 = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "Base64Signature");;
-
- String base64SigString = XMLUtil.getFirstTextValueFromNodeList(nList2);
-
- if (StringUtils.isEmpty(base64SigString)) {
- String msg = "DSS response not correct, Base64Signature element missing.";
- Logger.error(msg);
- throw new STORKException(msg);
- }
-
- Logger.trace("Base64Signature element of DSS response: " + base64SigString);
-
- String sigString = new String(Base64.decode(base64SigString));
-
- try {
- return XMLUtil.stringToDOM(sigString);
- } catch (Exception e) {
- String msg = "Unable to extract signature from DSS response";
- Logger.error(msg);
- throw new STORKException(msg);
- }
-
-
- }
-
- /**
* Checks for attribute.
*
* @param attributeName the attribute name
|