Signatur der Anmeldedaten

From fa30b5b2a26a6df4e56a81283761c35ef81770e3 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 13 Jul 2010 06:25:09 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1166 d688527b-c9ab-4aba-bd8d-4036d912da1d --- common/.classpath | 24 +- .../at/gv/egovernment/moa/util/DateTimeUtils.java | 31 ++ .../java/at/gv/egovernment/moa/util/SSLUtils.java | 3 +- .../.settings/org.eclipse.wst.common.component | 36 +- .../moa-id/certs/ca-certs/A-Trust-nQual-03.cer | Bin 0 -> 979 bytes .../conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer | Bin 0 -> 1147 bytes .../ca-certs/gateway.stammzahlenregister.gv.at.cer | Bin 1922 -> 1356 bytes .../transforms/TransformsInfoAuthBlockTable_EN.xml | 2 +- ...\207\303\20403e694(SecureSignatureKeypair).cer" | Bin 0 -> 975 bytes id/server/idserverlib/.classpath | 22 +- .../moa/id/auth/AuthenticationServer.java | 58 +-- .../AuthenticationBlockAssertionBuilder.java | 132 +++++ .../builder/CreateXMLSignatureRequestBuilder.java | 138 ++++++ .../moa/id/auth/servlet/GetForeignIDServlet.java | 260 +++++----- .../auth/servlet/StartAuthenticationServlet.java | 4 +- .../servlet/VerifyAuthenticationBlockServlet.java | 1 - .../id/auth/servlet/VerifyCertificateServlet.java | 47 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 8 +- .../client/szrgw/CreateIdentityLinkResponse.java | 14 + .../parep/client/szrgw/CreateMandateRequest.java | 25 +- .../parep/client/szrgw/CreateMandateResponse.java | 16 +- .../parep/client/szrgw/SOAPConstants.java | 19 +- .../validator/parep/client/szrgw/SZRGWClient.java | 537 +++++++++++++-------- .../parep/client/szrgw/SZRGWClientException.java | 70 +-- .../parep/client/szrgw/SZRGWConstants.java | 103 ++-- .../client/szrgw/SZRGWSecureSocketFactory.java | 244 +++++----- .../moa/id/config/ConnectionParameter.java | 9 - .../at/gv/egovernment/moa/id/util/SSLUtils.java | 14 +- .../.settings/org.eclipse.wst.common.component | 34 +- .../.settings/org.eclipse.wst.common.component | 16 +- .../.settings/org.eclipse.wst.common.component | 16 +- spss/server/serverlib/.classpath | 22 +- .../.settings/org.eclipse.wst.common.component | 28 +- 33 files changed, 1119 insertions(+), 814 deletions(-) create mode 100644 id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer create mode 100644 id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer create mode 100644 "id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" diff --git a/common/.classpath b/common/.classpath index 2ea0c3c6d..acbdc4f5b 100644 --- a/common/.classpath +++ b/common/.classpath @@ -1,14 +1,10 @@ - - - - - - - - - - - - - - + + + + + + + + + + diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java index 5f31809dd..88133832a 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java @@ -73,6 +73,37 @@ public class DateTimeUtils { return out.toString(); } + /** + * Builds a dateTime value from a Calendar value. + * @param cal the Calendar value + * @return the dateTime value + */ + public static String buildDate(Calendar cal) { + StringWriter out = new StringWriter(); + out.write("" + cal.get(Calendar.YEAR)); + out.write("-"); + out.write(to2DigitString(cal.get(Calendar.MONTH) + 1)); + out.write("-"); + out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH))); + return out.toString(); + } + + /** + * Builds a dateTime value from a Calendar value. + * @param cal the Calendar value + * @return the dateTime value + */ + public static String buildTime(Calendar cal) { + StringWriter out = new StringWriter(); + out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY))); + out.write(":"); + out.write(to2DigitString(cal.get(Calendar.MINUTE))); + out.write(":"); + out.write(to2DigitString(cal.get(Calendar.SECOND))); + + return out.toString(); + } + /** * Converts month, day, hour, minute, or second value * to a 2 digit String. diff --git a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java index 6d6aedb22..a7937b1bd 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java @@ -110,8 +110,7 @@ public class SSLUtils { String clientKeyStorePassword) throws IOException, GeneralSecurityException { - //System.setProperty("javax.net.debug", "all"); - TrustManager[] tms = getTrustManagers(trustStore); + TrustManager[] tms = getTrustManagers(trustStore); KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(kms, tms, null); diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index 6e8785869..b116cf610 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -1,18 +1,18 @@ - - - - - - - uses - - - uses - - - uses - - - - - + + + + + + + uses + + + uses + + + uses + + + + + diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer differ diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer new file mode 100644 index 000000000..a699436ca Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer differ diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer index c3b67e05d..ff90e35f5 100644 Binary files a/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer and b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer differ diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml index d30dbb42f..1f8085aa3 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml @@ -5,7 +5,7 @@ - Signatur der Anmeldedaten + Signing the authentication data "; + request += ""; + request += ""; + request += "

Authentication Data:

"; + request += "

Personal Data

"; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "

Name:

"; + request += subject; + request += "

"; + request += "

Application Data

"; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "

Name:	"; + // friendlyname from OA + request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + request += "
Country:	Austria

"; + request += "

Technical Parameters

"; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + boolean business = oaParam.getBusinessService(); + if (business) { + // OA is businessservice + String identifierType = oaParam.getIdentityLinkDomainIdentifierType(); + String identifier = oaParam.getIdentityLinkDomainIdentifier(); + request += ""; + request += ""; + request += ""; + request += ""; + } + else { + // OA is publicservice + request += ""; + request += ""; + request += ""; + request += ""; + + } + + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "

URL:	"; + //public URL prefix from OA + request += oaParam.getPublicURLPrefix(); + request += "
"; + request += identifierType + ":"; + request += "	"; + request += identifier; + request += "
"; + request += "Sector:	"; + request += target + " (" + sectorName + ")"; + request += "
Date:	"; + request += date; + request += "
Time:	"; + request += time; + request += "

"; + + request += "

I hereby request to access this e-government application by using my " + + "domestic electronic identity.
" + + "I further affirm that I am not yet registered with the Austrian Central " + + "Residents Registry and that I am not obliged to register with the Austrian " + + "Central Residents Registry according to Austrian law.
" + + "In the event I am not yet registered with the Supplementary Register, I " + + "explicitly grant to do so according to �6 (5) E-Government Act (EGovG, idF: " + + "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).

"; + + request += ""; + request += ""; + + request += ""; + request += ""; + request += ""; + request += ""; + request += "application/xhtml+xml"; + request += ""; + request += ""; + request += ""; + request += ""; + + return request; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 0599c79bd..c2de2e3e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -1,38 +1,31 @@ package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; -import iaik.x509.X509Certificate; import java.io.IOException; import java.security.GeneralSecurityException; -import java.security.cert.CertificateEncodingException; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Text; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String redirectURL = null; - X509Certificate cert = null; AuthenticationSession session = null; try { // check parameter @@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); - cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters); - -// Element signature = AuthenticationServer.getInstance().getDsigElement -// (sessionID, parameters); + String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + Logger.debug(xmlCreateXMLSignatureResponse); + + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig(); -// if (signature == null) { - if (cert == null) { - handleError("Error retrieving signature from foreign eID card.", null, req, resp); + Element signature = csresp.getDsigSignature(); + + // make SZR request to the identity link + CreateIdentityLinkResponse response = getIdentityLink(signature); + + if (response.isError()) { + throw new SZRGWClientException(response.getError()); } else { - - // make SZR request - //Element samlAssertion = getIdentityLink(signature); - Element samlAssertion = getIdentityLink(cert); - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); - IdentityLink identitylink = ilParser.parseIdentityLink(); - session.setIdentityLink(identitylink); - - String samlArtifactBase64 = - AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - } - catch (ParseException ex) { - handleError(null, ex, req, resp); + Element samlAssertion = response.getAssertion(); + + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLink identitylink = ilParser.parseIdentityLink(); + session.setIdentityLink(identitylink); + + String samlArtifactBase64 = + AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + } catch (MOAIDException ex) { handleError(null, ex, req, resp); @@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet { /** * Does the request to the SZR-GW - * @param givenname - * @param familyname - * @param dateofbirth + * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException */ - /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ - private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { + private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException { - SZRGWClient client = new SZRGWClient(); - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; - Logger.debug("Connection Parameters: " + connectionParameters); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (PKIException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - } - // create request - Document doc = buildGetIdentityLinkRequest(cert); - Element request = doc.getDocumentElement(); - CreateIdentityLinkResponse response = null; - - //try { - response = client.createIdentityLinkResponse(request); - //} catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - // client = new SZRGWClient(url); - // response = client.createIdentityLinkResponse(request); - // } - + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + throw new SZRGWClientException(e); + } catch (GeneralSecurityException e) { + throw new SZRGWClientException(e); + } catch (PKIException e) { + throw new SZRGWClientException(e); + } + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + } + + // create request + CreateIdentityLinkResponse response = null; + Element request = null; + try { + Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature); + request = doc.getDocumentElement(); + + // send request + response = client.createIdentityLinkResponse(request); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + try { + response = client.createIdentityLinkResponse(request); + } + catch (SZRGWClientException e1) { + throw new SZRGWClientException(e1); + } + } - return response.getAssertion(); + + return response; } @@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet { * @param birthday * @return */ - private static Document buildGetIdentityLinkRequest(X509Certificate cert) { - - try { - byte[] certbyte = cert.getEncoded(); - String certstring = Base64.encode(certbyte); - - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); - doc.appendChild(getIdentityLink); - - Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); - getIdentityLink.appendChild(x509certificate); - Text certbase64 = doc.createTextNode(certstring); - x509certificate.appendChild(certbase64); - - return doc; - } catch (ParserConfigurationException e) { - e.printStackTrace(); - } catch (CertificateEncodingException e) { - e.printStackTrace(); - } - return null; - - } - - /** - * Checks a parameter. - * @param param parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } +// private static Document buildGetIdentityLinkRequest(X509Certificate cert) { +// +// try { +// byte[] certbyte = cert.getEncoded(); +// String certstring = Base64.encode(certbyte); +// +// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); +// factory.setNamespaceAware(true); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// Document doc = builder.newDocument(); +// +// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); +// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); +// doc.appendChild(getIdentityLink); +// +// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); +// getIdentityLink.appendChild(x509certificate); +// Text certbase64 = doc.createTextNode(certstring); +// x509certificate.appendChild(certbase64); +// +// return doc; +// } catch (ParserConfigurationException e) { +// e.printStackTrace(); +// } catch (CertificateEncodingException e) { +// e.printStackTrace(); +// } +// return null; +// +// } +// +// /** +// * Checks a parameter. +// * @param param parameter +// * @return true if the parameter is null or empty +// */ +// private boolean isEmpty(String param) { +// return param == null || param.length() == 0; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 8165f90f8..2430095b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -63,7 +63,7 @@ public class StartAuthenticationServlet extends AuthServlet { } authURL = authURL.concat(req.getContextPath() + "/"); - String target = req.getParameter(PARAM_TARGET); + String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -91,7 +91,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); - + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 824df9ca8..8ae951dda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -96,7 +96,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); String redirectURL = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index c9c1e794d..1b96ce8a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -93,7 +93,6 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); AuthenticationSession session = null; try { @@ -104,55 +103,19 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - - System.out.println(cert); - - String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert); - - System.out.println(createXMLSignatureRequest); - + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); // build dataurl (to the GetForeignIDSerlvet) - String dataurl = + String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_GET_FOREIGN_ID, session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); -// Logger.debug("Send CreateXMLSignatureRequest to BKU"); -// String keyboxIdentifier = "SecureSignatureKeypair"; -// //String keyboxIdentifier = "CertifiedKeypair"; -// String xmlContent = " " + -// "CreateXMLSignatureRequest" + -// "