From 58b19f33806927a753d76ff2d2f79e44353b0e03 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 15:12:04 +0100 Subject: refactored attribute parsing --- .../moa/id/auth/AuthenticationServer.java | 59 +++++------------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 19 +----- .../moa/id/auth/stork/STORKResponseProcessor.java | 76 ++++++++++++++-------- 3 files changed, 67 insertions(+), 87 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d77119f4a..5ae3d8e47 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1733,53 +1733,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); return response; - - -// client.setAddress(connectionParameters.getUrl()); -// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { -// Logger.debug("Initialisiere SSL Verbindung"); -// try { -// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); -// } catch (IOException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (GeneralSecurityException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (PKIException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } -// } } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); } -// // create request -// CreateIdentityLinkResponse response = null; -// Element request = null; -// try { -// Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature); -// request = doc.getDocumentElement(); -// -// // send request -// response = client.createIdentityLinkResponse(request, connectionParameters.getUrl()); -// -// -// -// } catch (SZRGWClientException e) { -// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. -//// try { -//// response = client.createIdentityLinkResponse(request); -//// } -//// catch (SZRGWClientException e1) { -//// throw new SZRGWClientException(e1); -//// } -// } - - return null; } @@ -1811,6 +1770,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + } /** * SZR-GW Client interface. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4819b8219..45e6ab816 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -137,29 +137,12 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); -// Logger.debug("Starting validation of SAML assertion"); -// //verify SAML assertion - Assertion storkAssertion = authnResponse.getAssertions().get(0); -// try { -// STORKResponseProcessor.verifySTORKAssertion( -// storkAssertion, //assertion -// request.getRemoteAddr(), //IP address of user -// storkAuthnRequest.getID(), //ID of STORK AuthnRequest -// request.getRequestURL().toString(), //destination -// HTTPUtils.getBaseURL(request), //audience -// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes -// } catch (STORKException e) { -// Logger.error("Failed to verify STORK SAML Assertion", e); -// throw new MOAIDException("stork.08", null); -// } -// -// Logger.info("SAML assertion succesfully verified!"); - Logger.debug("Starting extraction of signedDoc attribute"); //extract signed doc element and citizen signature Element citizenSignature = null; try { + Assertion storkAssertion = authnResponse.getAssertions().get(0); citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion); moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature)); moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e81adfb52..466d86f87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -296,6 +296,22 @@ public class STORKResponseProcessor { } + + /** + * Checks for attribute. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return true, if successful + */ + private static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) { + try { + getAttributeValue(attributeName, attributeList); + return true; + } catch(STORKException e) { + return false; + } + } /** * helper for reading attributes. Handles logging and error handling. @@ -325,52 +341,56 @@ public class STORKResponseProcessor { public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - // fetch mandatory attributes - String citizenSignature = getAttributeValue("signedDoc", attributeList); - String eIdentifier = getAttributeValue("eIdentifier", attributeList); - String givenName = getAttributeValue("givenName", attributeList); - String lastName = getAttributeValue("surname", attributeList); - String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); - if (!StringUtils.isEmpty(dateOfBirth)) { - dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - } - - CreateIdentityLinkResponse response; + CreateIdentityLinkResponse identityLinkResponse = null; IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - // do we have a case of representation? - try { + + // if there is no signedDoc attribute, we cannot go on + String citizenSignature = getAttributeValue("signedDoc", attributeList); + + // if we have a signedDoc we test for a representation case + if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) { + // we have a representation case String representative = getAttributeValue("representative", attributeList); String represented = getAttributeValue("represented", attributeList); String mandate = getAttributeValue("mandateContent", attributeList); - // we definitely know we have a representation case here - // lets try if the represented is an organization - try { + if(!hasAttribute("dateOfBirth", attributeList)) { + // if we get here, we have a natural person representing a legal person String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); String organizationType = getAttributeValue("translateableType", attributeList); - // if we got here, we have a natural person representing a legal person - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType); - } catch(STORKException e1) { + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType); + } else { + // if we get here, we have a natural person representing another natural person + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - // if we get here we have natural persons representing each other - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); } - } catch(STORKException e) { + } else { // we do not have a representation case - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); } - - - if (null != response.getErrorResponse()){ + + if (null != identityLinkResponse.getErrorResponse()){ // TODO fix exception parameter - throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null); + throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null); } else { - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink())); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink())); identityLink = ilParser.parseIdentityLink(); Logger.debug("Received Identity Link from SZR Gateway"); -- cgit v1.2.3