From 5f01c76acc4bcb0539f3de39b3e38e0bd25e336f Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 8 Jul 2014 14:58:58 +0200 Subject: szrg connector now extracts signature form Signresponse --- .../PEPSConnectorWithLocalSigningServlet.java | 8 +-- .../moa/id/auth/stork/STORKResponseProcessor.java | 78 ++++++++++++++++------ 2 files changed, 61 insertions(+), 25 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java index 129494cbe..bf2df9d7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java @@ -205,15 +205,15 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { moaSession.setXMLVerifySignatureResponse(tmp); try{ IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList(); - //Add signResponse + //Add SignResponse TODO Add signature (extracted from signResponse)? List values = new ArrayList(); - //values.add(signResponseString); - values.add(citizenSignature); + values.add(signResponseString); +// values.add(citizenSignature); Logger.debug("Assembling signedDoc attribute"); PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available"); personalAttributeList.add(signedDocAttribute); - + String authnContextClassRef = moaSession.getAuthnContextClassRef(); SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef); } catch (STORKException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 46fd06741..5d7eefe0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -26,28 +26,19 @@ package at.gv.egovernment.moa.id.auth.stork; import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; import java.util.List; import java.util.Vector; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.namespace.QName; +import javax.activation.DataSource; +import javax.xml.transform.Source; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.stream.StreamSource; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.ws.transport.http.HTTPInTransport; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletRequestAdapter; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.schema.XSAny; -import org.opensaml.xml.schema.XSString; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; +import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -57,12 +48,16 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.api.exceptions.ApiUtilsException; +import eu.stork.oasisdss.api.exceptions.UtilsException; +import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -142,7 +137,13 @@ public class STORKResponseProcessor { Logger.trace("Starting call..."); // if there is no signedDoc attribute, we cannot go on - String citizenSignature = getAttributeValue("signedDoc", attributeList); + String signResponseString = getAttributeValue("signedDoc", attributeList); + + //Extract signature from SIgnResponse + Source response1 = new StreamSource(new java.io.StringReader(signResponseString)); + SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class); + String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); + String fiscalNumber = getAttributeValue("fiscalNumber", attributeList, false); // if we have a signedDoc we test for a representation case @@ -235,7 +236,27 @@ public class STORKResponseProcessor { } catch (ParseException e) { Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); throw new MOAIDException("auth.25", null, e); - + } catch (ApiUtilsException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (IllegalArgumentException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (TransformerConfigurationException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (UtilsException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (TransformerException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (TransformerFactoryConfigurationError e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); + } catch (IOException e) { + Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); + throw new MOAIDException("auth.25", null, e); } return identityLink; @@ -272,5 +293,20 @@ public class STORKResponseProcessor { return moaExtendedSAMLAttributeList; } + + private static String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException + { + // fetch signed doc + DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse); + if(ds == null){ + throw new ApiUtilsException("No datasource found in response"); + } + + InputStream incoming = ds.getInputStream(); + String citizenSignature = IOUtils.toString(incoming); + incoming.close(); + + return citizenSignature; + } } -- cgit v1.2.3 From 2c08cd2206340912411e092a99c6874be179d211 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 8 Jul 2014 15:00:05 +0200 Subject: attribute provider fix If one attribute failed all followings were skipped --- .../gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index c64c5b488..3bd827667 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -455,8 +455,12 @@ public class AuthenticationRequest implements IAction { try { for (PersonalAttribute personalAttribute : attrLst) { + try { Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); moaAttributeProvider.populateAttribute(attributeList, personalAttribute); + } catch (Exception e) { + Logger.error("Exception, attributes: " + e.getMessage()); + } } } catch (Exception e) { Logger.error("Exception, attributes: " + e.getMessage()); -- cgit v1.2.3 From 8594d17a97f1e53a81719141ce70f55d6269553e Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Tue, 8 Jul 2014 15:35:03 +0200 Subject: pass signature to szrg connector and only try to parse it there from SignedDoc if it is missing --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- .../servlet/PEPSConnectorWithLocalSigningServlet.java | 8 ++++---- .../moa/id/auth/stork/STORKResponseProcessor.java | 18 +++++++++++------- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 5a2fda67f..ee1d1728a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -318,7 +318,7 @@ public class PEPSConnectorServlet extends AuthServlet { identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(), oaParam.getFriendlyName(), targetType, null, - oaParam.getMandateProfiles()); + oaParam.getMandateProfiles(), citizenSignature); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from // stork. If we do not, we cannot register the person in the ERnP - we have to have the diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java index bf2df9d7a..e2f6e50b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java @@ -215,7 +215,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { personalAttributeList.add(signedDocAttribute); String authnContextClassRef = moaSession.getAuthnContextClassRef(); - SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef); + SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from // stork. If we do not, we cannot register the person in the ERnP - we have to have the @@ -487,7 +487,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { } try{ - SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef()); + SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(),citizenSignature); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from // stork. If we do not, we cannot register the person in the ERnP - we have to have the @@ -633,7 +633,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { return null; } - private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef) throws STORKException, MOAIDException + private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException { Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); @@ -666,7 +666,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, oaParam.getFriendlyName(), targetType, null, - oaParam.getMandateProfiles()); + oaParam.getMandateProfiles(),citizenSignature); Logger.debug("SZR communication was successfull"); if (identityLink == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 5d7eefe0a..7113dcf70 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -124,11 +124,12 @@ public class STORKResponseProcessor { * @param targetType the target type * @param targetValue the target value * @param filters the filters + * @param citizenSignature2 * @return Identity Link * @throws STORKException the sTORK exception * @throws MOAIDException */ - public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List filters) throws STORKException, MOAIDException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List filters, String citizenSignature) throws STORKException, MOAIDException { Logger.trace("Calling SZR Gateway with the following attributes:"); CreateIdentityLinkResponse identityLinkResponse = null; @@ -137,12 +138,15 @@ public class STORKResponseProcessor { Logger.trace("Starting call..."); // if there is no signedDoc attribute, we cannot go on - String signResponseString = getAttributeValue("signedDoc", attributeList); - - //Extract signature from SIgnResponse - Source response1 = new StreamSource(new java.io.StringReader(signResponseString)); - SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class); - String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); + if(citizenSignature==null || citizenSignature.length()==0) + { + String signResponseString = getAttributeValue("signedDoc", attributeList); + + //Extract signature from SIgnResponse + Source response1 = new StreamSource(new java.io.StringReader(signResponseString)); + SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class); + citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); + } String fiscalNumber = getAttributeValue("fiscalNumber", attributeList, false); -- cgit v1.2.3