From 328e6d233a4854ee0a9d1b5677915c0531f0aa88 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 29 Jan 2015 14:39:05 +0100 Subject: changes to get SI working, DocumentService: SI returns 500 instead of html page for GET requests => Nullpointerexception when LightweightSourceResolver tries to load the document SZRG: fiscalNumber was missing --- .../moa/id/auth/AuthenticationServer.java | 2 + .../moa/id/auth/servlet/PEPSConnectorServlet.java | 69 ++++++++++++++++------ 2 files changed, 52 insertions(+), 19 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5e4aee81b..43384c58a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1652,6 +1652,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { data.setFamilyname(PEPSFamilyname); data.setFirstname(PEPSFirstname); data.setIdentifier(PEPSIdentifier); + + data.setFiscalNumber(PEPSFiscalNumber); data.setRepresentative(representative); data.setRepresented(represented); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4cd192070..1be31ded9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -285,28 +285,41 @@ public class PEPSConnectorServlet extends AuthServlet { SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); // fetch signed doc - DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse); + DataSource ds = null; + try{ + ds = LightweightSourceResolver.getDataSource(dssSignResponse); + }catch(Exception e) + { + e.printStackTrace(); + } if(ds == null){ - throw new ApiUtilsException("No datasource found in response"); - } - - InputStream incoming = ds.getInputStream(); - citizenSignature = IOUtils.toString(incoming); - incoming.close(); - - Logger.debug("citizenSignature:"+citizenSignature); - if(isDocumentServiceUsed(citizenSignature)==true) + //Normal DocumentServices return a http-page, but the SI DocumentService returns HTTP error 500 + //which results in an exception and ds==null + + //try to load document from documentservice + citizenSignature = loadDocumentFromDocumentService(dssSignResponse); + //throw new ApiUtilsException("No datasource found in response"); + } + else { - Logger.debug("Loading document from DocumentService."); - String url = getDtlUrlFromResponse(dssSignResponse); - //get Transferrequest - String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url); - //Load document from DocujmentService - byte[] data = getDocumentFromDtl(transferRequest, url); - citizenSignature = new String(data, "UTF-8"); - Logger.debug("Overridung citizenSignature with:"+citizenSignature); + InputStream incoming = ds.getInputStream(); + citizenSignature = IOUtils.toString(incoming); + incoming.close(); + + Logger.debug("citizenSignature:"+citizenSignature); + if(isDocumentServiceUsed(citizenSignature)==true) + { + citizenSignature = loadDocumentFromDocumentService(dssSignResponse); + // Logger.debug("Loading document from DocumentService."); + // String url = getDtlUrlFromResponse(dssSignResponse); + // //get Transferrequest + // String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url); + // //Load document from DocumentService + // byte[] data = getDocumentFromDtl(transferRequest, url); + // citizenSignature = new String(data, "UTF-8"); + // Logger.debug("Overridung citizenSignature with:"+citizenSignature); + } } - JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); SignatureType root = ((JAXBElement) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue(); @@ -473,11 +486,28 @@ public class PEPSConnectorServlet extends AuthServlet { } + private String loadDocumentFromDocumentService(SignResponse dssSignResponse) throws Exception + { + Logger.debug("Loading document from DocumentService."); + String url = getDtlUrlFromResponse(dssSignResponse); + Logger.debug("Loading document from DocumentService, url:"+url); + //get Transferrequest + String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url); + //Load document from DocumentService + byte[] data = getDocumentFromDtl(transferRequest, url); + String citizenSignature = new String(data, "UTF-8"); + Logger.debug("Overridung citizenSignature with:"+citizenSignature); + return citizenSignature; + } private boolean isDocumentServiceUsed(String citizenSignature) //TODo add better check { if(citizenSignature.contains("
Service Name:{http://stork.eu}DocumentService
Port Name:{http://stork.eu}DocumentServicePort
")) + { + Logger.trace("isDocumentServiceUsed => true"); return true; + } + Logger.trace("isDocumentServiceUsed => false"); return false; } @@ -514,6 +544,7 @@ public class PEPSConnectorServlet extends AuthServlet { URL url = null; try { + Logger.debug("getDocumentFromDtl, dtlUrl:'"+dtlUrl+"' eDtlUrl:'"+eDtlUrl+"'"); url = new URL(dtlUrl); QName qname = new QName("http://stork.eu", "DocumentService"); -- cgit v1.2.3 From a34e3cc5ca505149d8de588de8d8a19b9a962845 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 29 Jan 2015 15:18:44 +0100 Subject: added qaa check --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 81 +++++++++++++++++----- 1 file changed, 65 insertions(+), 16 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 1be31ded9..4c587a5f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -244,7 +244,56 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); throw new MOAIDException("stork.07", null); } - + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); + //================== Check QAA level start ==================== + int reqQaa = -1; + int authQaa = -1; + String authQaaStr = null; + try { + reqQaa = storkAuthnRequest.getQaa(); + + //TODO: found better solution, but QAA Level in response could be not supported yet + try { + + authQaaStr = authnResponse.getAssertions().get(0). + getAuthnStatements().get(0).getAuthnContext(). + getAuthnContextClassRef().getAuthnContextClassRef(); + moaSession.setQAALevel(authQaaStr); + + } catch (Throwable e) { + Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); + moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); + authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel(); + } + if(authQaaStr != null)//Check value only if set + { + authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length())); +// authQaa = Integer.valueOf(authQaaStr); + if (reqQaa > authQaa) { + Logger.warn("Requested QAA level does not match to authenticated QAA level"); + throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); + + } + } + } catch (MOAIDException e) { + throw e; + + } catch (Exception e) { + if (Logger.isDebugEnabled()) + Logger.warn("STORK QAA Level evaluation error", e); + + else + Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" + + e.getMessage() + ")"); + + throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); + + } + //================== Check QAA level end ==================== + Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); ////////////// incorporate gender from parameters if not in stork response @@ -356,9 +405,9 @@ public class PEPSConnectorServlet extends AuthServlet { // Logger.error("could not retrieve moa session"); // throw new AuthenticationException("auth.01", null); // } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); // retrieve target //TODO: check in case of SSO!!! @@ -437,18 +486,18 @@ public class PEPSConnectorServlet extends AuthServlet { // stork did the authentication step moaSession.setAuthenticated(true); - //TODO: found better solution, but QAA Level in response could be not supported yet - try { - - moaSession.setQAALevel(authnResponse.getAssertions().get(0). - getAuthnStatements().get(0).getAuthnContext(). - getAuthnContextClassRef().getAuthnContextClassRef()); - - } catch (Throwable e) { - Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); - - } +// //TODO: found better solution, but QAA Level in response could be not supported yet +// try { +// +// moaSession.setQAALevel(authnResponse.getAssertions().get(0). +// getAuthnStatements().get(0).getAuthnContext(). +// getAuthnContextClassRef().getAuthnContextClassRef()); +// +// } catch (Throwable e) { +// Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); +// moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); +// +// } //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); -- cgit v1.2.3