diff options
Diffstat (limited to 'id')
27 files changed, 1046 insertions, 763 deletions
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index 6e8785869..b116cf610 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -1,18 +1,18 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project-modules id="moduleCoreId" project-version="1.5.0"> -<wb-module deploy-name="moa-id-auth"> -<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/> - <wb-resource deploy-path="/" source-path="/src/main/webapp"/> - <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib"> - <dependency-type>uses</dependency-type> - </dependent-module> - <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common"> - <dependency-type>uses</dependency-type> - </dependent-module> - <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib"> - <dependency-type>uses</dependency-type> - </dependent-module> -<property name="java-output-path" value="target/classes"/> - <property name="context-root" value="moa-id-auth"/> -</wb-module> -</project-modules> +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-auth">
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+ <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+<property name="java-output-path" value="target/classes"/>
+ <property name="context-root" value="moa-id-auth"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer Binary files differindex c3b67e05d..ff90e35f5 100644 --- a/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer +++ b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml index d30dbb42f..1f8085aa3 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml @@ -5,7 +5,7 @@ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
- <title>Signatur der Anmeldedaten</title>
+ <title>Signing the authentication data</title>
<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }
.h4style{ font-family: Verdana; }
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoÔÇÄ03e694(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoÔÇÄ03e694(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoÔÇÄ03e694(SecureSignatureKeypair).cer diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath index f0e483a4a..1c79cc393 100644 --- a/id/server/idserverlib/.classpath +++ b/id/server/idserverlib/.classpath @@ -1,13 +1,9 @@ -<?xml version="1.0" encoding="UTF-8"?> -<classpath> - <classpathentry kind="src" output="target/classes" path="src/main/java"/> - <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/> - <classpathentry kind="src" output="target/test-classes" path="src/test/java"/> - <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/> - <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"> - <attributes> - <attribute name="org.eclipse.jst.component.nondependency" value=""/> - </attributes> - </classpathentry> - <classpathentry kind="output" path="target/classes"/> -</classpath> +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" output="target/classes" path="src/main/java"/>
+ <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+ <classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index fcaa4f053..01c6a512f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -21,6 +21,7 @@ import iaik.x509.X509Certificate; import java.io.File; import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.Principal; import java.util.Calendar; import java.util.Date; import java.util.HashMap; @@ -540,15 +541,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Returns a CreateXMLSignatureRequest for the foreign ID.<br> + * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br> + * <ul> + * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li> + * </ul> * * @param sessionID ID of associated authentication session data - * @param infoboxReadResponseParameters The parameters from the response returned from - * the BKU - * @param cert The certificate of the foreign ID + * @param cert The certificate from the user * @return String representation of the <code><CreateXMLSignatureRequest></code> */ - public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert) + public String createXMLSignatureRequestForeignID(String sessionID, X509Certificate cert) throws AuthenticationException, BuildException, @@ -558,57 +560,33 @@ public class AuthenticationServer implements MOAIDAuthConstants { ServiceException { if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam); + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); } - public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) - throws - ConfigurationException, - BuildException, - ValidateException { + public String getCreateXMLSignatureRequestForeigID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, X509Certificate cert) throws ConfigurationException + { + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - //BZ.., calculate bPK for signing to be already present in AuthBlock -// IdentityLink identityLink = session.getIdentityLink(); -// if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { -// // only compute bPK if online application is a public service and we have the Stammzahl -// String bpkBase64 = new BPKBuilder().buildBPK( -// identityLink.getIdentificationValue(), -// session.getTarget()); -// identityLink.setIdentificationValue(bpkBase64); -// } - //..BZ + Principal subject = cert.getSubjectDN(); - - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); -// session.setAuthBlock(authBlock); - // builds the <CreateXMLSignatureRequest> - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } String createXMLSignatureRequest = - new CreateXMLSignatureRequestBuilder().build(authBlock, - oaParam.getKeyBoxIdentifier(), - transformsInfos, - oaParam.getSlVersion12()); + new CreateXMLSignatureRequestBuilder().buildForeignID(subject.toString(), oaParam, session); return createXMLSignatureRequest; } @@ -642,7 +620,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE); - System.out.println(xmlCreateXMLSignatureResponse); if (isEmpty(xmlCreateXMLSignatureResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); @@ -757,6 +734,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return authBlock; } + /** * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index d684c16c9..bab387b4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -226,5 +226,137 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion return assertion; } + + /** + * Builds the authentication block <code><saml:Assertion></code> + * + * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code> + * @param issueInstant current timestamp + * @param authURL URL of MOA-ID authentication component + * @param target "Geschäftsbereich"; maybe <code>null</code> if the application + * is a business application + * @param identityLinkValue the content of the <code><pr:Value></code> + * child element of the <code><pr:Identification></code> + * element derived from the Identitylink; this is the + * value of the <code>wbPK</code>; + * maybe <code>null</code> if the application is a public service + * @param identityLinkType the content of the <code><pr:Type></code> + * child element of the <code><pr:Identification></code> + * element derived from the Identitylink; this includes the + * URN prefix and the identification number of the business + * application used as input for wbPK computation; + * maybe <code>null</code> if the application is a public service + * @param oaURL public URL of online application requested + * @param gebDat The date of birth from the identity link. + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock. + * + * @return String representation of authentication block + * <code><saml:Assertion></code> built + * + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + public String buildAuthBlockForeignID( + String issuer, + String issueInstant, + String authURL, + String target, + String identityLinkValue, + String identityLinkType, + String oaURL, + String gebDat, + List extendedSAMLAttributes, + AuthenticationSession session) + throws BuildException + { + session.setSAMLAttributeGebeORwbpk(true); + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + + //BZ.., reading OA parameters + OAAuthParameter oaParam; + try { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } catch (ConfigurationException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + //..BZ + + + if (target == null) { + // OA is a business application + if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { + // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator + gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + + //BZ.., adding type of wbPK domain identifier + ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); + //..BZ + + } else { + // We do not have a wbPK, therefore no SAML-Attribute is provided + session.setSAMLAttributeGebeORwbpk(false); + } + } else { + // OA is a govermental application + //BZ.. + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); + //..BZ + + //BZ.., no business service, adding bPK + + Element bpkSamlValueElement; + try { + bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement(); + } catch (Exception e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + ExtendedSAMLAttribute bpkAttribute = + new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(bpkAttribute); + //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + //..BZ + } + + //BZ.., adding friendly name of OA + String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + + ExtendedSAMLAttribute oaFriendlyNameAttribute = + new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(oaFriendlyNameAttribute); + //..BZ + + String assertion; + try { + assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { + wbpkNSDeclaration, + issuer, + issueInstant, + authURL, + gebeORwbpk, + oaURL, + gebDat, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + + return assertion; + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index fe73ce16b..4ef8dc359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -16,8 +16,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; +import java.util.Calendar; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; /** @@ -105,4 +110,137 @@ public class CreateXMLSignatureRequestBuilder implements Constants { return request; } + + /** + * Builds the <code><CreateXMLSignatureRequest></code> for a foreign ID. + * + * @param subject the subject of the foreign certificate + * @param oaParam parameter for the OA + * @param session current session + * @return String representation of <code><CreateXMLSignatureRequest></code> + */ + public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + + String target = session.getTarget(); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + + Calendar cal = Calendar.getInstance(); + String date = DateTimeUtils.buildDate(cal); + String time = DateTimeUtils.buildTime(cal); + + String request = ""; + request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">"; + request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>"; + request += "<sl:DataObjectInfo Structure=\"enveloping\">"; + request += "<sl:DataObject>"; + request += "<sl:XMLContent>"; + + request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">"; + request += "<head>"; + request += "<title>Signatur der Anmeldedaten</title>"; + request += "<style type=\"text/css\" media=\"screen\">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}"; + request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana; font-size: x-small; }"; + request += ".ernpstyle { font-size: x-small; }"; + request += ".h4style{ font-family: Verdana; }"; + request += "table.parameters { font-size: x-small; }"; + request += "</style>"; + request += "</head>"; + request += "<body>"; + request += "<h4 class=\"h4style\">Authentication Data:</h4>"; + request += "<p class=\"titlestyle\">Personal Data</p>"; + request += "<table class=\"parameters\">"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Name:</td>"; + request += "<td>"; + request += subject; + request += "</td>"; + request += "</tr>"; + request += "</table>"; + request += "<p class=\"titlestyle\">Application Data</p>"; + request += "<table class=\"parameters\">"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Name:</td>"; + request += "<td>"; + // friendlyname from OA + request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + request += "</td>"; + request += "</tr>"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Country:</td>"; + request += "<td>Austria</td>"; + request += "</tr>"; + request += "</table>"; + request += "<p class=\"titlestyle\">Technical Parameters</p>"; + request += "<table class=\"parameters\">"; + request += "<tr>"; + request += "<td class=\"italicstyle\">URL:</td>"; + request += "<td>"; + //public URL prefix from OA + request += oaParam.getPublicURLPrefix(); + request += "</td>"; + request += "</tr>"; + boolean business = oaParam.getBusinessService(); + if (business) { + // OA is businessservice + String identifierType = oaParam.getIdentityLinkDomainIdentifierType(); + String identifier = oaParam.getIdentityLinkDomainIdentifier(); + request += "<tr>"; + request += "<td class=\"italicstyle\">"; + request += identifierType + ":"; + request += "</td>"; + request += "<td>"; + request += identifier; + request += "</td>"; + request += "</tr>"; + } + else { + // OA is publicservice + request += "<tr>"; + request += "<td class=\"italicstyle\">"; + request += "Sector:</td>"; + request += "<td>"; + request += target + " (" + sectorName + ")"; + request += "</td>"; + request += "</tr>"; + + } + + request += "<tr>"; + request += "<td class=\"italicstyle\">Date:</td>"; + request += "<td>"; + request += date; + request += "</td>"; + request += "</tr>"; + request += "<tr>"; + request += "<td class=\"italicstyle\">Time:</td>"; + request += "<td>"; + request += time; + request += "</td>"; + request += "</tr>"; + request += "</table>"; + + request += "<p class=\"ernpstyle\">I hereby request to access this e-government application by using my " + + "domestic electronic identity. <br/>" + + "I further affirm that I am not yet registered with the Austrian Central " + + "Residents Registry and that I am not obliged to register with the Austrian " + + "Central Residents Registry according to Austrian law.<br/>" + + "In the event I am not yet registered with the Supplementary Register, I " + + "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + + "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>"; + + request += "</body>"; + request += "</html>"; + + request += "</sl:XMLContent>"; + request += "</sl:DataObject>"; + request += "<sl:TransformsInfo>"; + request += "<sl:FinalDataMetaInfo>"; + request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>"; + request += "</sl:FinalDataMetaInfo>"; + request += "</sl:TransformsInfo>"; + request += "</sl:DataObjectInfo>"; + request += "</sl:CreateXMLSignatureRequest>"; + + return request; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 0599c79bd..c2de2e3e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -1,38 +1,31 @@ package at.gv.egovernment.moa.id.auth.servlet;
import iaik.pki.PKIException;
-import iaik.x509.X509Certificate;
import java.io.IOException;
import java.security.GeneralSecurityException;
-import java.security.cert.CertificateEncodingException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import org.apache.axis.encoding.Base64;
import org.apache.commons.fileupload.FileUploadException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Text;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet { }
String sessionID = req.getParameter(PARAM_SESSIONID);
String redirectURL = null;
- X509Certificate cert = null;
AuthenticationSession session = null;
try {
// check parameter
@@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID);
- cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters);
-
-// Element signature = AuthenticationServer.getInstance().getDsigElement
-// (sessionID, parameters);
+ String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+ Logger.debug(xmlCreateXMLSignatureResponse);
+
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
-// if (signature == null) {
- if (cert == null) {
- handleError("Error retrieving signature from foreign eID card.", null, req, resp);
+ Element signature = csresp.getDsigSignature();
+
+ // make SZR request to the identity link
+ CreateIdentityLinkResponse response = getIdentityLink(signature);
+
+ if (response.isError()) {
+ throw new SZRGWClientException(response.getError());
}
else {
-
- // make SZR request
- //Element samlAssertion = getIdentityLink(signature);
- Element samlAssertion = getIdentityLink(cert);
-
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
- IdentityLink identitylink = ilParser.parseIdentityLink();
- session.setIdentityLink(identitylink);
-
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
-
- }
- catch (ParseException ex) {
- handleError(null, ex, req, resp);
+ Element samlAssertion = response.getAssertion();
+
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ IdentityLink identitylink = ilParser.parseIdentityLink();
+ session.setIdentityLink(identitylink);
+
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
@@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet { /**
* Does the request to the SZR-GW
- * @param givenname
- * @param familyname
- * @param dateofbirth
+ * @param signature XMLDSIG signature
* @return Identity link assertion
* @throws SZRGWClientException
*/
- /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
- private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+ private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException {
- SZRGWClient client = new SZRGWClient();
-
- try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
- Logger.debug("Connection Parameters: " + connectionParameters);
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (GeneralSecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (PKIException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
-
-
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ SZRGWClient client = new SZRGWClient();
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- }
- // create request
- Document doc = buildGetIdentityLinkRequest(cert);
- Element request = doc.getDocumentElement();
- CreateIdentityLinkResponse response = null;
-
- //try {
- response = client.createIdentityLinkResponse(request);
- //} catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- // client = new SZRGWClient(url);
- // response = client.createIdentityLinkResponse(request);
- // }
-
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ } catch (IOException e) {
+ throw new SZRGWClientException(e);
+ } catch (GeneralSecurityException e) {
+ throw new SZRGWClientException(e);
+ } catch (PKIException e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ }
+
+ // create request
+ CreateIdentityLinkResponse response = null;
+ Element request = null;
+ try {
+ Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature);
+ request = doc.getDocumentElement();
+
+ // send request
+ response = client.createIdentityLinkResponse(request);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ try {
+ response = client.createIdentityLinkResponse(request);
+ }
+ catch (SZRGWClientException e1) {
+ throw new SZRGWClientException(e1);
+ }
+ }
- return response.getAssertion();
+
+ return response;
}
@@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet { * @param birthday
* @return
*/
- private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
-
- try {
- byte[] certbyte = cert.getEncoded();
- String certstring = Base64.encode(certbyte);
-
- DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.newDocument();
-
- Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
- getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
- doc.appendChild(getIdentityLink);
-
- Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
- getIdentityLink.appendChild(x509certificate);
- Text certbase64 = doc.createTextNode(certstring);
- x509certificate.appendChild(certbase64);
-
- return doc;
- } catch (ParserConfigurationException e) {
- e.printStackTrace();
- } catch (CertificateEncodingException e) {
- e.printStackTrace();
- }
- return null;
-
- }
-
- /**
- * Checks a parameter.
- * @param param parameter
- * @return true if the parameter is null or empty
- */
- private boolean isEmpty(String param) {
- return param == null || param.length() == 0;
- }
+// private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+//
+// try {
+// byte[] certbyte = cert.getEncoded();
+// String certstring = Base64.encode(certbyte);
+//
+// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+// factory.setNamespaceAware(true);
+// DocumentBuilder builder = factory.newDocumentBuilder();
+// Document doc = builder.newDocument();
+//
+// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+// doc.appendChild(getIdentityLink);
+//
+// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+// getIdentityLink.appendChild(x509certificate);
+// Text certbase64 = doc.createTextNode(certstring);
+// x509certificate.appendChild(certbase64);
+//
+// return doc;
+// } catch (ParserConfigurationException e) {
+// e.printStackTrace();
+// } catch (CertificateEncodingException e) {
+// e.printStackTrace();
+// }
+// return null;
+//
+// }
+//
+// /**
+// * Checks a parameter.
+// * @param param parameter
+// * @return true if the parameter is null or empty
+// */
+// private boolean isEmpty(String param) {
+// return param == null || param.length() == 0;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 8165f90f8..2430095b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -63,7 +63,7 @@ public class StartAuthenticationServlet extends AuthServlet { } authURL = authURL.concat(req.getContextPath() + "/"); - String target = req.getParameter(PARAM_TARGET); + String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -91,7 +91,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); - + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 824df9ca8..8ae951dda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -96,7 +96,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); String redirectURL = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index c9c1e794d..1b96ce8a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -93,7 +93,6 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
AuthenticationSession session = null;
try {
@@ -104,55 +103,19 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID);
X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
-
- System.out.println(cert);
-
- String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert);
-
- System.out.println(createXMLSignatureRequest);
-
+
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
// build dataurl (to the GetForeignIDSerlvet)
- String dataurl =
+ String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_GET_FOREIGN_ID,
session.getSessionID());
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
-// Logger.debug("Send CreateXMLSignatureRequest to BKU");
-// String keyboxIdentifier = "SecureSignatureKeypair";
-// //String keyboxIdentifier = "CertifiedKeypair";
-// String xmlContent = "<html xmlns=\"http://www.w3.org/1999/xhtml\"> " +
-// "<head><title>CreateXMLSignatureRequest</title>" +
-// "<style type=\"text/css\"/></head>" +
-// "<body>" +
-// "<p>I hereby request to access this e-government application by using my " +
-// "domestic electronic identity. </p>" +
-// "<p>I further affirm that I am not yet registered with the Austrian Central " +
-// "Residents Registry and that I am not obliged to register with the Austrian " +
-// "Central Residents Registry according to Austrian law.</p>" +
-// "<p>In the event I am not yet registered with the Supplementary Register, I " +
-// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
-// "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>" +
-// "</body></html>";
-//
-// // create the CreateXMLSignatureRequest
-// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilderForeign().build(
-// keyboxIdentifier,
-// xmlContent);
-//
-// // build dataurl (to the GetForeignIDSerlvet)
-// String dataurl =
-// new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// REQ_GET_FOREIGN_ID,
-// session.getSessionID());
-//
-// ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-//
+ Logger.debug("Send CreateXMLSignatureRequest to BKU");
}
catch (MOAIDException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 4f98e85e2..1fc5013f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -94,7 +94,6 @@ public class VerifyIdentityLinkServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); @@ -109,9 +108,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); if (createXMLSignatureRequestOrRedirect == null) { - - System.out.println("Send InfoboxReadRequest to BKU to get signer certificate."); - // no identity link found + // no identity link found + try { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); @@ -127,7 +125,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate", dataurl); + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } catch(Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java index 6448f9392..aa6ed32d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java @@ -14,14 +14,28 @@ import org.w3c.dom.NodeList; public class CreateIdentityLinkResponse {
private Element assertion;
+ private String error;
+ private boolean isError;
public Element getAssertion() {
return assertion;
}
+ public String getError() {
+ return error;
+ }
public void setAssertion(Element assertion) {
+ isError = false;
this.assertion = assertion;
}
+ public void setError(String error) {
+ isError = true;
+ this.error = error;
+ }
+
+ public boolean isError() {
+ return isError;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index 25c3d7199..b856ee988 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -15,20 +15,17 @@ */ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.util.Constants;
+import java.util.ArrayList; +import java.util.List; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.util.Constants; /**
* This class implements a detailed CreateMandateRequest that
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index f19c21513..dcc3161e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -1,20 +1,6 @@ -/* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java index eaf07da13..026632589 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -1,20 +1,6 @@ -/* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
/**
* SOAP Envelope Constants.
*
@@ -40,4 +26,7 @@ public interface SOAPConstants { public static final String XPATH_SOAP_FAULTCODE = XPATH_SOAP_FAULT + "/faultcode/text()";
public static final String XPATH_SOAP_FAULTSTRING = XPATH_SOAP_FAULT + "/faultstring/text()";
+
+
}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index 0c84a9b18..2080118d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -20,121 +20,128 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import javax.net.ssl.SSLSocketFactory; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.protocol.Protocol; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import org.w3c.dom.Text; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.logging.Logger; -
-
-/**
- * This class implements a client for communication with the SZR-gateway
- * <p>
- * Two types of requests are supported
- * <ol>
- * <li>Basic Request</li>
- * <li>Detailed Request</li>
- * </ol>
- *
- */
-public class SZRGWClient {
- /**
- * The URL of the SZR-gateway webservice.
- */
- private String address;
-
- /**
- * The SSL socket factory when using a secure connection.
- */
- private SSLSocketFactory sSLSocketFactory;
-
- /**
- * Constructor
- */
- public SZRGWClient() {
- }
-
- /**
- * Constructor
- *
- * @param address the URL of the SZR-gateway webservice.
- */
- public SZRGWClient(String address) {
- this.address = address;
- }
- /**
- * Sets the SSL socket factory.
- *
- * @param factory the SSL socket factory.
- */
- public void setSSLSocketFactory(SSLSocketFactory factory) {
- this.sSLSocketFactory = factory;
- }
-
- /**
- * Sets the SZR webservice URL
- *
- * @param address the URL of the SZR-gateway webservice.
- */
- public void setAddress(String address) {
- this.address = address;
- }
-
- /**
- * Creates a mandate.
- *
- * @param reqElem the request.
- * @return a SZR-gateway response containing the result
- * @throws SZRGWException when an error occurs creating the mandate.
- */
- public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
- Logger.info("Connecting to SZR-gateway.");
- try {
- if (address == null) {
- throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
- }
- HttpClient client = new HttpClient();
- PostMethod method = new PostMethod(address);
- method.setRequestHeader("SOAPAction", "");
-
-
- // ssl settings
- if (sSLSocketFactory != null) {
- SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
- Protocol.registerProtocol("https", new Protocol("https", fac, 443));
- }
-
- // create soap body
- Element soapBody = getSOAPBody();
- Document doc = soapBody.getOwnerDocument();
- soapBody.appendChild(doc.importNode(reqElem, true));
- Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
-
- //ParepUtils.saveElementToFile(requestElement, new File("c:/szrRequest.xml"));
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.serializeElementAsDocument(requestElement, bos);
-
- method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
- client.executeMethod(method);
- CreateMandateResponse response = new CreateMandateResponse();
-
- bos = new ByteArrayOutputStream();
- doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
-
- //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/szrResponse.xml"));
- response.parse(doc.getDocumentElement());
-
-
- return response;
- } catch(Exception e) {
- //e.printStackTrace();
- throw new SZRGWClientException(e);
- }
+import at.gv.egovernment.moa.util.DOMUtils; + + + +/** + * This class implements a client for communication with the SZR-gateway + * <p> + * Two types of requests are supported + * <ol> + * <li>Basic Request</li> + * <li>Detailed Request</li> + * </ol> + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public class SZRGWClient { + /** + * The URL of the SZR-gateway webservice. + */ + private String address; + + /** + * The SSL socket factory when using a secure connection. + */ + private SSLSocketFactory sSLSocketFactory; + + /** + * Constructor + */ + public SZRGWClient() { + } + + /** + * Constructor + * + * @param address the URL of the SZR-gateway webservice. + */ + public SZRGWClient(String address) { + this.address = address; + } + /** + * Sets the SSL socket factory. + * + * @param factory the SSL socket factory. + */ + public void setSSLSocketFactory(SSLSocketFactory factory) { + this.sSLSocketFactory = factory; + } + + /** + * Sets the SZR webservice URL + * + * @param address the URL of the SZR-gateway webservice. + */ + public void setAddress(String address) { + this.address = address; + } + + /** + * Creates a mandate. + * + * @param reqElem the request. + * @return a SZR-gateway response containing the result + * @throws SZRGWException when an error occurs creating the mandate. + */ + public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException { + //Logger.info("Connecting to SZR-gateway."); + try { + if (address == null) { + throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); + } + HttpClient client = new HttpClient(); + PostMethod method = new PostMethod(address); + method.setRequestHeader("SOAPAction", ""); + + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + // create soap body + Element soapBody = getSOAPBody(); + Document doc = soapBody.getOwnerDocument(); + soapBody.appendChild(doc.importNode(reqElem, true)); + Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + + //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml")); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.serializeElementAsDocument(requestElement, bos); + + method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); + client.executeMethod(method); + CreateMandateResponse response = new CreateMandateResponse(); + + bos = new ByteArrayOutputStream(); + doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + + //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml")); + response.parse(doc.getDocumentElement()); + + + return response; + } catch(Exception e) { + //e.printStackTrace(); + throw new SZRGWClientException(e); + } } /** @@ -145,119 +152,221 @@ public class SZRGWClient { * @throws SZRGWException when an error occurs creating the mandate. */ public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException { - - Logger.info("Connecting to SZR-gateway."); - try { - if (address == null) { - throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); - } - HttpClient client = new HttpClient(); - PostMethod method = new PostMethod(address); - method.setRequestHeader("SOAPAction", ""); + + try { + if (address == null) { + throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); + } + HttpClient client = new HttpClient(); + PostMethod method = new PostMethod(address); + method.setRequestHeader("SOAPAction", ""); - - // ssl settings - if (sSLSocketFactory != null) { - SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); - Protocol.registerProtocol("https", new Protocol("https", fac, 443)); - } - - // create soap body - Element soapBody = getSOAPBody(); - Document doc = soapBody.getOwnerDocument(); - soapBody.appendChild(doc.importNode(reqElem, true)); - Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); - - //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml")); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ParepUtils.serializeElementAsDocument(requestElement, bos); - - method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); - client.executeMethod(method); - CreateIdentityLinkResponse response = new CreateIdentityLinkResponse(); - - bos = new ByteArrayOutputStream(); - doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + // create soap body + Element soapBody = getSOAPBody(); + Document doc = soapBody.getOwnerDocument(); + soapBody.appendChild(doc.importNode(reqElem, true)); + Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + + //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml")); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.serializeElementAsDocument(requestElement, bos); + + method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); + client.executeMethod(method); + CreateIdentityLinkResponse response = new CreateIdentityLinkResponse(); + + bos = new ByteArrayOutputStream(); + doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml")); + + NodeList list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse"); + if (list.getLength() > 0) { + // set error response + list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info"); + String error = DOMUtils.getText(list.item(0)); - //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml")); - - //check if errorresponse - boolean isError = checkErrorResponse(doc.getDocumentElement()); - - if (isError) { - String error = getErrorCodeandMessage(doc.getDocumentElement()); - throw new SZRGWClientException(error); - } - else { - response.setAssertion(doc.getDocumentElement()); - } - - return response; - } catch(Exception e) { - e.printStackTrace(); - throw new SZRGWClientException(e); - } + response.setError(error); + } + else { + // set assertion + response.setAssertion(doc.getDocumentElement()); + } + + return response; + } catch(Exception e) { + throw new SZRGWClientException(e); + } } - /** - * Returns an errorstring containing errorcode and info from SZR-GW error response - * @param element - * @return + + /* + * builds an XML soap envelope */ - private String getErrorCodeandMessage(Element element) { - String error = "Fehler im SZR-Gateway: "; - - String code = ""; - NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorCode"); - for (int i = 0; i < list.getLength(); i++) { - Element elem = (Element)list.item(i); - code += elem.getTextContent() + "/"; - } - - String info = ""; - list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info"); - for (int i = 0; i < list.getLength(); i++) { - Element elem = (Element)list.item(i); - info += elem.getTextContent() + "/"; - } - - error += code + " " + info; - return error; + private Element getSOAPBody() throws SZRGWClientException { + Document doc_; + try { + doc_ = ParepUtils.createEmptyDocument(); + Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE); + doc_.appendChild(root); + + root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS); + //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE); + root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema"); + root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); + + Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY); + root.appendChild(body); + + return body; + } catch (SZRGWClientException e) { + throw new SZRGWClientException(e); + } + } - /** - * Checks if response from SZR-GW is errorresponse or not - * @param element - * @return - */ - private boolean checkErrorResponse(Element element) { - - NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse"); - - if (list.getLength() == 0) - return false; - else - return true; - }
-
- /*
- * builds an XML soap envelope
- */
- private Element getSOAPBody() throws SZRGWClientException {
- Document doc_ = ParepUtils.createEmptyDocument();
- Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
- doc_.appendChild(root);
-
- root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
- //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
- root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
- root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
-
- Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
- root.appendChild(body);
-
- return body;
- }
-
-}
+ public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + try { + DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); + getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); + doc.appendChild(getIdentityLink); + + if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { + + Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); + getIdentityLink.appendChild(pepsDataElem); + + if (PEPSIdentifier != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSIdentifier); + elem.appendChild(text); + } + if (PEPSFirstname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFirstname); + elem.appendChild(text); + } + + if (PEPSFamilyname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFamilyname); + elem.appendChild(text); + } + + if (PEPSDateOfBirth != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSDateOfBirth); + elem.appendChild(text); + } + } + + if (signature == null) + throw new SZRGWClientException("Signature element must not be null!"); + else { + Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); + Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent"); + sig.appendChild(xmlcontent); + Node n = doc.importNode(signature, true); + getIdentityLink.appendChild(sig); + xmlcontent.appendChild(n); + } + + + return doc; + } catch (ParserConfigurationException e) { + throw new SZRGWClientException(e); + } /*catch (CertificateEncodingException e) { + throw new SZRGWClientException(e); + }*/ + + + } + + public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + + String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + + try { + DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); + getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); + doc.appendChild(getIdentityLink); + + if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { + + Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); + getIdentityLink.appendChild(pepsDataElem); + + if (PEPSIdentifier != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSIdentifier); + elem.appendChild(text); + } + if (PEPSFirstname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFirstname); + elem.appendChild(text); + } + + if (PEPSFamilyname != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSFamilyname); + elem.appendChild(text); + } + + if (PEPSDateOfBirth != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + pepsDataElem.appendChild(elem); + Text text= doc.createTextNode(PEPSDateOfBirth); + elem.appendChild(text); + } + } + + if (signature == null) + throw new SZRGWClientException("Signature element must not be null!"); + else { + Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); + Element base64content = doc.createElementNS(SZRGW_NS, "szrgw:Base64Content"); + sig.appendChild(base64content); + getIdentityLink.appendChild(sig); + Text text= doc.createTextNode(signature); + base64content.appendChild(text); + } + + return doc; + } catch (ParserConfigurationException e) { + throw new SZRGWClientException(e); + } /*catch (CertificateEncodingException e) { + throw new SZRGWClientException(e); + }*/ + + + } + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java index 25390dc0b..a70ccef90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -15,38 +15,38 @@ */ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-/**
- * This class implements the basic exception type for the SZR-gateway client
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWClientException extends Exception {
-
- /*
- * see super constructor.
- */
- public SZRGWClientException() {
- super();
- }
-
- /*
- * see super constructor.
- */
- public SZRGWClientException(String arg0) {
- super(arg0);
- }
-
- /*
- * see super construction.
- */
- public SZRGWClientException(Throwable arg0) {
- super(arg0);
- }
-
- /*
- * see super constructor
- */
- public SZRGWClientException(String arg0, Throwable arg1) {
- super(arg0, arg1);
- }
-}
+/** + * This class implements the basic exception type for the SZR-gateway client + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public class SZRGWClientException extends Exception { + + /* + * see super constructor. + */ + public SZRGWClientException() { + super(); + } + + /* + * see super constructor. + */ + public SZRGWClientException(String arg0) { + super(arg0); + } + + /* + * see super construction. + */ + public SZRGWClientException(Throwable arg0) { + super(arg0); + } + + /* + * see super constructor + */ + public SZRGWClientException(String arg0, Throwable arg1) { + super(arg0, arg1); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index 476573ec0..4e6f6fa1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -15,54 +15,55 @@ */ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-/**
- * This interface specifies all the constants needed for the communication with the SZR-gateway.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public interface SZRGWConstants {
-
- //PersonData
- public static final String PD_PREFIX = "pr:";
- public static final String PD_POSTFIX = ":pr";
- public static final String SAML_PREFIX = "saml:";
- public static final String SAML_POSTFIX = ":saml";
- public static final String PERSON = "Person";
- public static final String PHYSICALPERSON = "PhysicalPerson";
- public static final String CORPORATEBODY = "CorporateBody";
- public static final String IDENTIFICATION = "Identification";
- public static final String VALUE = "Value";
- public static final String TYPE = "Type";
- public static final String NAME = "Name";
- public static final String GIVENNAME = "GivenName";
- public static final String FAMILYNAME = "FamilyName";
- public static final String DATEOFBIRTH = "DateOfBirth";
- public static final String FULLNAME = "FullName";
- public static final String ORGANIZATION = "Organization";
-
- public static final String POSTALADDRESS = "PostalAddress";
- public static final String DELIVERYADDRESS = "DeliveryAddress";
- public static final String MUNICIPALITY = "Municipality";
- public static final String POSTALCODE = "PostalCode";
- public static final String STREETNAME = "StreetName";
- public static final String BUILDINGNUMBER = "BuildingNumber";
- public static final String UNIT = "Unit";
- //String ADDRESS = "Address";
- //String COUNTRYCODE = "CountryCode";
- //String DOORNUMBER = "DoorNumber";
-
- // SZR-gateway constants
- public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
- public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
- public static final String SZRGW_PREFIX = "sgw:";
- public static final String SZRGW_POSTFIX = ":sgw";
- public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
- public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
- public static final String ERROR_RESPONSE = "ErrorResponse";
- public static final String MANDATOR = "Mandator";
- public static final String REPRESENTATIVE = "Representative";
- public static final String MANDATE = "Mandate";
- public static final String MANDATE_PREFIX = "md:";
- public static final String MANDATE_POSTFIX = ":md";
-
-}
+/** + * This interface specifies all the constants needed for the communication with the SZR-gateway. + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public interface SZRGWConstants { + + //PersonData + public static final String PD_PREFIX = "pr:"; + public static final String PD_POSTFIX = ":pr"; + public static final String PERSON = "Person"; + public static final String PHYSICALPERSON = "PhysicalPerson"; + public static final String CORPORATEBODY = "CorporateBody"; + public static final String IDENTIFICATION = "Identification"; + public static final String VALUE = "Value"; + public static final String TYPE = "Type"; + public static final String NAME = "Name"; + public static final String GIVENNAME = "GivenName"; + public static final String FAMILYNAME = "FamilyName"; + public static final String DATEOFBIRTH = "DateOfBirth"; + public static final String FULLNAME = "FullName"; + public static final String ORGANIZATION = "Organization"; + + public static final String POSTALADDRESS = "PostalAddress"; + public static final String DELIVERYADDRESS = "DeliveryAddress"; + public static final String MUNICIPALITY = "Municipality"; + public static final String POSTALCODE = "PostalCode"; + public static final String STREETNAME = "StreetName"; + public static final String BUILDINGNUMBER = "BuildingNumber"; + public static final String UNIT = "Unit"; + //String ADDRESS = "Address"; + //String COUNTRYCODE = "CountryCode"; + //String DOORNUMBER = "DoorNumber"; + + // SZR-gateway constants + public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + public static final String SZRGW_PREFIX = "sgw:"; + public static final String SZRGW_POSTFIX = ":sgw"; + public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; + public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; + public static final String ERROR_RESPONSE = "ErrorResponse"; + public static final String MANDATOR = "Mandator"; + public static final String REPRESENTATIVE = "Representative"; + public static final String MANDATE = "Mandate"; + public static final String MANDATE_PREFIX = "md:"; + public static final String MANDATE_POSTFIX = ":md"; + + public static final String SAML_PREFIX = "saml:"; + public static final String SAML_POSTFIX = ":saml"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java index af66ca331..bd0595524 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -14,126 +14,126 @@ * limitations under the License. */ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+ +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; + +import javax.net.ssl.SSLSocketFactory; + +import org.apache.commons.httpclient.params.HttpConnectionParams; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; -import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
-
-
-/**
- * This class implements a secure protocol socket factory
- * for the Apache HTTP client.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
-
- /**
- * The SSL socket factory.
- */
- private SSLSocketFactory factory;
-
- /**
- * Creates a new Secure socket factory for the
- * Apache HTTP client.
- *
- * @param factory the SSL socket factory to use.
- */
- public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
- this.factory = factory;
- }
-
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
- */
- public Socket createSocket(
- String host,
- int port,
- InetAddress clientHost,
- int clientPort)
- throws IOException, UnknownHostException {
-
- return this.factory.createSocket(
- host,
- port,
- clientHost,
- clientPort
- );
- }
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
- */
- public Socket createSocket(String host, int port)
- throws IOException, UnknownHostException {
- return this.factory.createSocket(
- host,
- port
- );
- }
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
- */
- public Socket createSocket(
- Socket socket,
- String host,
- int port,
- boolean autoClose)
- throws IOException, UnknownHostException {
- return this.factory.createSocket(
- socket,
- host,
- port,
- autoClose
- );
- }
-
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
- */
- public Socket createSocket(
- String host,
- int port,
- InetAddress clientHost,
- int clientPort,
- HttpConnectionParams params)
- throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
-
- Socket socket = createSocket(host, port, clientHost, clientPort);
- if (socket != null) {
- // socket.setKeepAlive(false);
- if (params.getReceiveBufferSize() >= 0)
- socket.setReceiveBufferSize(params.getReceiveBufferSize());
- if (params.getSendBufferSize() >= 0)
- socket.setSendBufferSize(params.getSendBufferSize());
- socket.setReuseAddress(true);
- if (params.getSoTimeout() >= 0)
- socket.setSoTimeout(params.getSoTimeout());
- }
- return socket;
-
- }
-
- /**
- * @see java.lang.Object#equals(java.lang.Object)
- */
- public boolean equals(Object obj) {
- return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
- }
-
- /**
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- return SZRGWSecureSocketFactory.class.hashCode();
- }
-
-}
+/** + * This class implements a secure protocol socket factory + * for the Apache HTTP client. + * + * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a> + */ +public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { + + /** + * The SSL socket factory. + */ + private SSLSocketFactory factory; + + /** + * Creates a new Secure socket factory for the + * Apache HTTP client. + * + * @param factory the SSL socket factory to use. + */ + public SZRGWSecureSocketFactory(SSLSocketFactory factory) { + this.factory = factory; + } + + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort) + throws IOException, UnknownHostException { + + return this.factory.createSocket( + host, + port, + clientHost, + clientPort + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) + */ + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException { + return this.factory.createSocket( + host, + port + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) + */ + public Socket createSocket( + Socket socket, + String host, + int port, + boolean autoClose) + throws IOException, UnknownHostException { + return this.factory.createSocket( + socket, + host, + port, + autoClose + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort, + HttpConnectionParams params) + throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException { + + Socket socket = createSocket(host, port, clientHost, clientPort); + if (socket != null) { + // socket.setKeepAlive(false); + if (params.getReceiveBufferSize() >= 0) + socket.setReceiveBufferSize(params.getReceiveBufferSize()); + if (params.getSendBufferSize() >= 0) + socket.setSendBufferSize(params.getSendBufferSize()); + socket.setReuseAddress(true); + if (params.getSoTimeout() >= 0) + socket.setSoTimeout(params.getSoTimeout()); + } + return socket; + + } + + /** + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object obj) { + return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class)); + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return SZRGWSecureSocketFactory.class.hashCode(); + } + +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index a61a3de97..9193a591e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -118,13 +118,4 @@ public class ConnectionParameter { this.clientKeyStorePassword = clientKeyStorePassword; } - public String toString() { - String s = "* ConnectionParameter *\n"; - s += "URL: " + url + "\n"; - s += "acceptedServerCertificates: " + acceptedServerCertificates + "\n"; - s += "clientKeyStore: " + clientKeyStore + "\n"; - s += "clientKeyStorePassword: " + clientKeyStorePassword; - - return s; - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 8799082b3..a50a366a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -20,7 +20,6 @@ import iaik.pki.PKIException; import iaik.pki.PKIFactory; import iaik.pki.PKIProfile; import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.BufferedReader; @@ -51,6 +50,7 @@ import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; import at.gv.egovernment.moa.logging.Logger; + /** * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>. * This <code>TrustManager</code> implementation features CRL checking.<br/> @@ -102,25 +102,29 @@ public class SSLUtils { Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); // retrieve SSLSocketFactory if already created SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); - if (ssf != null) + if (ssf != null) return ssf; + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); + if (trustStoreURL == null) throw new ConfigurationException( "config.08", new Object[] {"TrustedCACertificates"}); String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); + TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); + KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - ssf = ctx.getSocketFactory(); + ctx.init(kms, tms, null); ssf = ctx.getSocketFactory(); // store SSLSocketFactory sslSocketFactories.put(connParam.getUrl(), ssf); return ssf; } - + + /** * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, * using configuration data. diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component index a934dee5b..fad3275dd 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.component +++ b/id/server/proxy/.settings/org.eclipse.wst.common.component @@ -1,17 +1,17 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project-modules id="moduleCoreId" project-version="1.5.0"> - <wb-module deploy-name="moa-id-proxy"> - <wb-resource deploy-path="/" source-path="/src/main/webapp"/> - <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib"> - <dependency-type>uses</dependency-type> - </dependent-module> - <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common"> - <dependency-type>uses</dependency-type> - </dependent-module> - <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib"> - <dependency-type>uses</dependency-type> - </dependent-module> - <property name="context-root" value="moa-id-proxy"/> - <property name="java-output-path"/> - </wb-module> -</project-modules> +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+ <wb-module deploy-name="moa-id-proxy">
+ <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <property name="context-root" value="moa-id-proxy"/>
+ <property name="java-output-path"/>
+ </wb-module>
+</project-modules>
diff --git a/id/templates/.settings/org.eclipse.wst.common.component b/id/templates/.settings/org.eclipse.wst.common.component index dfa33a627..1e8a98df8 100644 --- a/id/templates/.settings/org.eclipse.wst.common.component +++ b/id/templates/.settings/org.eclipse.wst.common.component @@ -1,8 +1,8 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project-modules id="moduleCoreId" project-version="1.5.0"> - <wb-module deploy-name="moa-id-templates"> - <wb-resource deploy-path="/" source-path="/src/main/webapp"/> - <property name="context-root" value="moa-id-templates"/> - <property name="java-output-path"/> - </wb-module> -</project-modules> +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+ <wb-module deploy-name="moa-id-templates">
+ <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+ <property name="context-root" value="moa-id-templates"/>
+ <property name="java-output-path"/>
+ </wb-module>
+</project-modules>
|