From a7d5d5035bae5a8de9691b6ec6fe860726efe003 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 11 Dec 2013 12:24:23 +0100 Subject: login template respects OA configuration --- .../gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java | 3 ++- .../moa/id/auth/builder/SendAssertionFormBuilder.java | 3 ++- .../at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java | 9 +++++++++ .../java/at/gv/egovernment/moa/id/util/FormBuildUtils.java | 11 ++++++++++- 4 files changed, 23 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index a00ae4ccf..cad8857a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -114,7 +114,8 @@ public class LoginFormBuilder { value = FormBuildUtils.customiceLayoutBKUSelection(value, oaParam.isShowMandateCheckBox(), oaParam.isOnlyMandateAllowed(), - oaParam.getFormCustomizaten()); + oaParam.getFormCustomizaten(), + oaParam.isShowStorkLogin()); } return value; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index b763afd65..49bdf3bbd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -101,7 +101,8 @@ public class SendAssertionFormBuilder { value = FormBuildUtils.customiceLayoutBKUSelection(value, oaParam.isShowMandateCheckBox(), oaParam.isOnlyMandateAllowed(), - oaParam.getFormCustomizaten()); + oaParam.getFormCustomizaten(), + oaParam.isShowStorkLogin()); } return value; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 3c4234114..3edb3cad9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -263,6 +263,15 @@ public boolean isOnlyMandateAllowed() { return false; } + /** + * Shall we show the stork login in the bku selection frontend? + * + * @return true, if is we should show stork login + */ + public boolean isShowStorkLogin() { + return oa_auth.getOASTORK().isStorkLogonEnabled(); + } + public Map getFormCustomizaten() { TemplatesType templates = oa_auth.getTemplates(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java index e8af82872..9de1e8d88 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java @@ -24,6 +24,9 @@ public class FormBuildUtils { private static String MANDATEVISIBLE = "#MANDATEVISIBLE#"; private static String MANDATECHECKED = "#MANDATECHECKED#"; + + private static String STORKVISIBLE = "#STORKVISIBLE#"; + private static final String TEMPLATEVISIBLE = " display: none"; private static final String TEMPLATEDISABLED = "disabled=\"true\""; private static final String TEMPLATECHECKED = "checked=\"true\""; @@ -52,7 +55,8 @@ public class FormBuildUtils { public static String customiceLayoutBKUSelection(String value, boolean isShowMandateCheckbox, - boolean isOnlyMandateAllowed, Map map) { + boolean isOnlyMandateAllowed, + Map map, boolean showStorkLogin) { if (isShowMandateCheckbox) value = value.replace(MANDATEVISIBLE, ""); @@ -67,6 +71,11 @@ public class FormBuildUtils { } else value = value.replace(MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); + if (showStorkLogin) + value = value.replace(STORKVISIBLE, ""); + else + value = value.replace(STORKVISIBLE, TEMPLATEVISIBLE); + String fonttype = map.get(FONTFAMILY); if (MiscUtil.isNotEmpty(fonttype)) { String[] fonttypeList = fonttype.split(","); -- cgit v1.2.3 From 4ef34e63ce36e20529d6350e81283617a8d69b96 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 14 Jan 2014 14:02:32 +0100 Subject: outgoing auth request works --- .../moa/id/auth/AuthenticationServer.java | 208 +++++++++++---------- .../moa/id/auth/data/AuthenticationSession.java | 1 - .../id/config/auth/AuthConfigurationProvider.java | 3 +- .../moa/id/config/auth/OAAuthParameter.java | 31 +-- .../moa/id/config/stork/STORKConfig.java | 1 - 5 files changed, 114 insertions(+), 130 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 278f93f14..b30720501 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -29,8 +29,12 @@ import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; +import java.io.CharArrayWriter; import java.io.IOException; import java.io.InputStream; +import java.io.StringWriter; +import java.net.HttpURLConnection; +import java.net.URL; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; @@ -50,8 +54,18 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import org.apache.xpath.XPathAPI; -import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.Configuration; +import org.opensaml.common.SAMLObjectBuilder; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.Endpoint; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.springframework.util.xml.DomUtils; @@ -91,6 +105,7 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -103,6 +118,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -131,13 +147,21 @@ import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.engine.SAMLEngine; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.auth.engine.core.QAAAttribute; +import eu.stork.peps.auth.engine.core.RequestedAttribute; +import eu.stork.peps.auth.engine.core.RequestedAttributes; +import eu.stork.peps.auth.engine.core.impl.QAAAttributeBuilder; +import eu.stork.peps.auth.engine.core.impl.RequestedAttributeBuilder; +import eu.stork.peps.auth.engine.core.impl.RequestedAttributesBuilder; +import eu.stork.peps.exceptions.SAMLEngineException; +import eu.stork.peps.exceptions.STORKSAMLEngineException; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.exception.SAMLException; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; /** @@ -1813,58 +1837,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { String providerName= oaParam.getFriendlyName(); String issuerValue = HTTPUtils.getBaseURL(req); Logger.debug("Issuer value: " + issuerValue); - - - QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); - //Logger.debug("QAALevel: " + qaaLevel.getValue()); - - RequestedAttributes requestedAttributes = null; - - requestedAttributes = oaParam.getRequestedAttributes(); - requestedAttributes.detach(); - List reqAttributeList = new ArrayList(); - List oaReqAttributeList = null; - oaReqAttributeList = new ArrayList(oaParam.getRequestedAttributes().getRequestedAttributes()); - - //check if country specific attributes must be additionally requested - if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { - //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); - Logger.debug("The following attributes are requested for this specific country:"); - List countrySpecificReqAttributeList = new ArrayList(cpeps.getCountrySpecificRequestedAttributes()); - for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { - csReqAttr.detach(); - if (!STORKConstants.DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET.contains(csReqAttr.getName())) { - //this country specific attribute does not override default attribute - if (SAMLUtil.containsAttribute(oaReqAttributeList, csReqAttr.getName())) { - //the same attribute is requested for OA, applying hierachy - //remove oa attribute - oaReqAttributeList.remove(SAMLUtil.getAttribute(oaReqAttributeList, csReqAttr.getName())); - //add country specific attribute instead - Logger.debug("Requested Attribute (" + csReqAttr.getName() + ") is also requested by OA but we use Country Specific value instead"); - } - oaReqAttributeList.add(csReqAttr); - Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired()); - } else { - Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired() + " tries to overwrite default requested and required attributes, hence we skip it."); - } - - } - reqAttributeList.addAll(oaReqAttributeList); - } else { - //no country specific requested attributes - reqAttributeList.addAll(oaReqAttributeList); + + + + // prepare collection of required attributes + // - attributes for online application + List attributesFromConfig = oaParam.getRequestedAttributes(); + + // - prepare attribute list + PersonalAttributeList attributeList = new PersonalAttributeList(); + + // - fill container + for(OAStorkAttribute current : attributesFromConfig) { + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName(current.getName()); + newAttribute.setIsRequired(current.isMandatory()); + attributeList.add(newAttribute); } - - reqAttributeList = (List) SAMLUtil.releaseDOM(reqAttributeList); - requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); - + if (Logger.isDebugEnabled()) { Logger.debug("The following attributes are requested for this OA:"); - for (RequestedAttribute logReqAttr : reqAttributeList) { - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isRequired()); - - } + for (OAStorkAttribute logReqAttr : attributesFromConfig) + Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); } @@ -1876,38 +1870,42 @@ public class AuthenticationServer implements MOAIDAuthConstants { String textToBeSigned = CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); - - //generate AuthnRquest - STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( - destination, - acsURL, - providerName, - issuerValue, - qaaLevel, - requestedAttributes, - spSector, - spInstitution, - spApplication, - spCountry, - textToBeSigned, - "application/xhtml+xml"); - + + //generate AuthnRquest + STORKAuthnRequest authnRequest = new STORKAuthnRequest(); + authnRequest.setDestination(destination); + authnRequest.setAssertionConsumerServiceURL(acsURL); + authnRequest.setProviderName(providerName); + authnRequest.setIssuer(issuerValue); + authnRequest.setQaa(oaParam.getQaaLevel()); + authnRequest.setSpInstitution(spInstitution); + authnRequest.setCountry(spCountry); + authnRequest.setSpApplication(spApplication); + authnRequest.setSpSector(spSector); + authnRequest.setPersonalAttributeList(attributeList); + +// STORKAuthnRequestProcessor.generateSTORKAuthnRequest( +// destination, +// acsURL, +// providerName, +// issuerValue, +// qaaLevel, +// spInstitution, +// spApplication, +// spCountry, +// spSector, +// requestedAttributes, + +// textToBeSigned, +// "application/xhtml+xml"); + Logger.debug("STORK AuthnRequest succesfully assembled."); - - //sign AuthnRequest - String keyStorePath = storkConfig.getSignatureCreationParameter().getKeyStorePath(); - String keyStorePassword = storkConfig.getSignatureCreationParameter().getKeyStorePassword(); - String keyName = storkConfig.getSignatureCreationParameter().getKeyName(); - String keyPassword = storkConfig.getSignatureCreationParameter().getKeyPassword(); - - Logger.debug("Starting signing process of STORK AuthnRequest."); - Logger.trace("Using the following Keystore and Key for that:"); - Logger.trace("KeyStore: " + keyStorePath); - Logger.trace("KeyName: " + keyName); - + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("CONF0"); try { - storkAuthnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(storkAuthnRequest, keyStorePath, keyStorePassword, keyName, keyPassword); - } catch (SAMLException e) { + authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); +// authnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(authnRequest, keyStorePath, keyStorePassword, keyName, keyPassword); + } catch (STORKSAMLEngineException e) { Logger.error("Could not sign STORK SAML AuthnRequest.", e); throw new MOAIDException("stork.00", null); } @@ -1916,8 +1914,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { //validate AuthnRequest try { - STORKAuthnRequestProcessor.validateSTORKAuthnRequest(storkAuthnRequest); - } catch (SAMLValidationException e) { + samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); + } catch (STORKSAMLEngineException e) { Logger.error("STORK SAML AuthnRequest not valid.", e); throw new MOAIDException("stork.01", null); } @@ -1925,26 +1923,36 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moasession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(authnRequest); HttpSession httpSession = req.getSession(); httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); - - Logger.debug("Preparing to send STORK AuthnRequest."); - + + + Logger.info("Preparing to send STORK AuthnRequest."); + Logger.info("prepared STORKAuthnRequest: "); + Logger.info(new String(authnRequest.getTokenSaml())); +// SAMLRequest = PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()); + try { - STORKAuthnRequestProcessor.sendSTORKAuthnRequest(req, resp, storkAuthnRequest); + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); } catch (Exception e) { Logger.error("Error sending STORK SAML AuthnRequest.", e); httpSession.invalidate(); throw new MOAIDException("stork.02", new Object[] { destination }); } - - Logger.info("STORK AuthnRequest successfully sent to: " + storkAuthnRequest.getDestination()); - Logger.debug("STORKAuthnRequest sent (pretty print): "); - Logger.debug(XMLHelper.prettyPrintXML(storkAuthnRequest.getDOM())); - Logger.trace("STORKAuthnRequest sent (original): "); - Logger.trace(XMLUtil.printXML(storkAuthnRequest.getDOM())); - + + Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 9aecefd43..43ba83f91 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -33,7 +33,6 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -import eu.stork.mw.messages.saml.STORKAuthnRequest; /** * Session data to be stored between AuthenticationServer API calls. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 29f567324..f44f21db9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -88,11 +88,10 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import eu.stork.vidp.messages.common.STORKBootstrap; /** * A class providing access to the Auth Part of the MOA-ID configuration data. - * + * *

Configuration data is read from an XML file, whose location is given by * the moa.id.configuration system property.

*

This class implements the Singleton pattern. The reload() diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 3edb3cad9..60803bb8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; @@ -46,10 +47,6 @@ import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; /** * Configuration parameters belonging to an online application, @@ -78,21 +75,6 @@ public class OAAuthParameter extends OAParameter { this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); } - - /** - * STORK QAA Level, Default = 4 - */ - private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); - - /** - * STORK RequestedAttributes for Online Application - * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth - */ - private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); private String keyBoxIdentifier; @@ -317,18 +299,15 @@ public Map getFormCustomizaten() { return map; } -/** - * @return the qaaLevel - */ -public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; +public Integer getQaaLevel() { + return oa_auth.getOASTORK().getQaa(); } /** * @return the requestedAttributes */ -public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; +public List getRequestedAttributes() { + return oa_auth.getOASTORK().getOAAttributes(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 6a3f4cc9e..25f12af62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -22,7 +22,6 @@ import org.xml.sax.SAXException; import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; -import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType; import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; -- cgit v1.2.3 From 5624eaf5d2f0305f92eb376cf5e4362da0f07e3a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 14 Jan 2014 14:11:10 +0100 Subject: cleanup --- .../moa/id/auth/AuthenticationServer.java | 20 +-- .../moa/id/auth/data/AuthenticationSession.java | 2 + .../id/auth/stork/STORKAuthnRequestProcessor.java | 165 --------------------- .../id/config/auth/AuthConfigurationProvider.java | 6 +- 4 files changed, 6 insertions(+), 187 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index b30720501..3857cd15c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -29,17 +29,13 @@ import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; -import java.io.CharArrayWriter; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; -import java.net.HttpURLConnection; -import java.net.URL; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; //import java.security.cert.CertificateFactory; -import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.Iterator; @@ -58,14 +54,6 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.xpath.XPathAPI; -import org.opensaml.Configuration; -import org.opensaml.common.SAMLObjectBuilder; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.Endpoint; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.springframework.util.xml.DomUtils; @@ -104,7 +92,6 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; -import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; @@ -1860,16 +1847,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { for (OAStorkAttribute logReqAttr : attributesFromConfig) Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); } - - + //TODO: check Target in case of SSO!! String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; - - String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest authnRequest = new STORKAuthnRequest(); @@ -1931,7 +1914,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Preparing to send STORK AuthnRequest."); Logger.info("prepared STORKAuthnRequest: "); Logger.info(new String(authnRequest.getTokenSaml())); -// SAMLRequest = PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()); try { Logger.trace("Initialize VelocityEngine..."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 43ba83f91..4a7676ec8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -26,6 +26,8 @@ import java.util.Vector; import org.w3c.dom.Element; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java deleted file mode 100644 index e5c55d038..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java +++ /dev/null @@ -1,165 +0,0 @@ -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.Endpoint; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.security.credential.Credential; - -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.exception.SAMLException; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; - -/** - * Class handling all necessary functionality for STORK AuthnRequest processing - * - * @author bzwattendorfer - * - */ -public class STORKAuthnRequestProcessor { - - /** - * Creates a STORK AuthnRequest - * @param destination Destination URL - * @param acsURL Assertion Consumer Service URL - * @param providerName SP Provider Name - * @param issuerValue Issuer Name - * @param qaaLevel STORK QAALevel to be requested - * @param requestedAttributes Requested Attributes to be requested - * @param spSector Sp Sector - * @param spInstitution SP Institution - * @param spApplication SP Application - * @param spCountry SP Country - * @param textToBeSigned text to be included in signedDoc element - * @param mimeType mimeType for the text to be signed in signedDoc - * @return STORK AuthnRequest - */ - public static STORKAuthnRequest generateSTORKAuthnRequest( - String destination, - String acsURL, - String providerName, - String issuerValue, - QualityAuthenticationAssuranceLevel qaaLevel, - RequestedAttributes requestedAttributes, - String spSector, - String spInstitution, - String spApplication, - String spCountry, - String textToBeSigned, - String mimeType) { - - - STORKAuthnRequest storkAuthnRequest = - STORKMessagesBuilder.buildSTORKAuthnRequest( - destination, - acsURL, - providerName, - issuerValue, - qaaLevel, - requestedAttributes, - spSector, - spInstitution, - spApplication, - spCountry); - - STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true); - - Logger.debug("Added signedDoc attribute to STORK AuthnRequest"); - - return storkAuthnRequest; - - } - - /** - * Signs a STORK AuthnRequest - * @param storkAuthnRequest STORK AuthRequest to sign - * @param keyStorePath KeyStorePath to the signing key - * @param keyStorePassword KeyStore Password - * @param keyName Signing key name - * @param keyPassword Signing key password - * @return Signed STORK AuthnRequest - * @throws SAMLException - */ - public static STORKAuthnRequest signSTORKAuthnRequest( - STORKAuthnRequest storkAuthnRequest, - String keyStorePath, - String keyStorePassword, - String keyName, - String keyPassword) throws SAMLException { - - Logger.trace("Building Credential Provider for signing process"); - - CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword); - - Credential credential = credentialProvider.getCredential(); - - Logger.trace("Credentials found"); - - SAMLUtil.signSAMLObject(storkAuthnRequest, credential); - - return storkAuthnRequest; - } - - /** - * Validates a STORK AuthnRequest - * @param storkAuthnRequest STORK AuthnRequest to validate - * @throws SAMLValidationException - */ - public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException { - - SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator"); - - } - - /** - * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest) - * @param request HttpServletRequest - * @param response HttpServletResponse - * @param storkAuthnRequest STORK AuthnRequest to send - * @throws Exception - */ - public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception { - - Logger.trace("Create endpoint..."); - Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME); - endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - endpoint.setLocation(storkAuthnRequest.getDestination()); - - - Logger.trace("Prepare SAMLMessageContext..."); - HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure()); - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - samlMessageContext.setOutboundMessageTransport(outTransport); - samlMessageContext.setPeerEntityEndpoint(endpoint); - - Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext..."); - samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest); - - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - -// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm"); - HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm"); - - Logger.trace("HTTP-Post encode SAMLMessageContext..."); - encoder.encode(samlMessageContext); - } - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index f44f21db9..aa97c548a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -338,9 +338,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //Initialize OpenSAML for STORK - Logger.info("Starting initialization of OpenSAML..."); - STORKBootstrap.bootstrap(); - Logger.debug("OpenSAML successfully initialized"); +// Logger.info("Starting initialization of OpenSAML..."); +// STORKBootstrap.bootstrap(); +// Logger.debug("OpenSAML successfully initialized"); String legacyconfig = props.getProperty("configuration.xml.legacy"); -- cgit v1.2.3 From 8276884b9c45315df5fa951ce53b3d35f4983b22 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 15 Jan 2014 17:04:02 +0100 Subject: fix load stork config from database --- .../moa/id/config/auth/AuthConfigurationProvider.java | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index aa97c548a..8de47f5f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -430,12 +430,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { ForeignIdentities foreign = auth.getForeignIdentities(); if (foreign == null ) { Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); - - } - //TODO: commented because npe was thrown - //else - //storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); - + } else + storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); //load Chaining modes ChainingModes cm = moaidconfig.getChainingModes(); @@ -1007,4 +1003,4 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return moasp; } -} \ No newline at end of file +} -- cgit v1.2.3 From 8cdac4252e1ea43aada04b71ee95d2509c4a75f3 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 21 Jan 2014 16:02:14 +0100 Subject: respect global mandatory state of attributes --- .../moa/id/auth/AuthenticationServer.java | 354 ++++++++++----------- .../moa/id/config/stork/STORKConfig.java | 126 ++++---- 2 files changed, 239 insertions(+), 241 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3857cd15c..0fbcc97b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -106,6 +106,7 @@ import at.gv.egovernment.moa.id.client.SZRGWClient; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -118,7 +119,6 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -138,23 +138,14 @@ import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.engine.SAMLEngine; import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.auth.engine.core.QAAAttribute; -import eu.stork.peps.auth.engine.core.RequestedAttribute; -import eu.stork.peps.auth.engine.core.RequestedAttributes; -import eu.stork.peps.auth.engine.core.impl.QAAAttributeBuilder; -import eu.stork.peps.auth.engine.core.impl.RequestedAttributeBuilder; -import eu.stork.peps.auth.engine.core.impl.RequestedAttributesBuilder; -import eu.stork.peps.exceptions.SAMLEngineException; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.util.XMLUtil; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is * stored in a session store and retrieved by giving the session ID. - * + * * @author Paul Ivancsics * @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher * $ @@ -177,7 +168,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Returns the single instance of AuthenticationServer. - * + * * @return the single instance of AuthenticationServer */ public static AuthenticationServer getInstance() { @@ -208,7 +199,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * response to * * - * + * * @param authURL * URL of the servlet to be used as data URL * @param target @@ -243,13 +234,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (session == null) { throw new AuthenticationException("auth.18", new Object[] { }); } - + //load OnlineApplication configuration OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); - + //load Template String template = null; if (session.getTemplateURL() != null) { @@ -262,7 +253,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String infoboxReadRequest = ""; - + if (session.isSsoRequested()) { //load identityLink with SSO Target boolean isbuisness = false; @@ -272,50 +263,50 @@ public class AuthenticationServer implements MOAIDAuthConstants { isbuisness = true; domainIdentifier = ssobusiness.getValue(); } - + //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( isbuisness, domainIdentifier); - + } else { //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); } - + String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - + //removed in MOAID 2.0 String pushInfobox = ""; - + // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); // if (verifyInfoboxParameters != null) { // pushInfobox = verifyInfoboxParameters.getPushInfobox(); // session.setPushInfobox(pushInfobox); // } - + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); - + //get Applet Parameters String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); appletheigth = StringEscapeUtils.escapeHtml(appletheigth); appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - + String htmlForm = new GetIdentityLinkFormBuilder().build(template, session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth); - + return htmlForm; } @@ -335,7 +326,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation * - * + * * @param sessionID * ID of associated authentication session data * @param infoboxReadResponseParameters @@ -343,7 +334,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * including the <InfoboxReadResponse> * @return String representation of the * <CreateXMLSignatureRequest> - * @throws BKUException + * @throws BKUException */ public String verifyIdentityLink(AuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, @@ -360,7 +351,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(xmlInfoboxReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -420,7 +411,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - + //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); @@ -443,7 +434,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation * - * + * * @param sessionID * ID of associated authentication session data * @param infoboxReadResponseParameters @@ -468,14 +459,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (certificate.getExtension(OWid) != null) { session.setOW(true); } - + } - + } catch (X509ExtensionInitException e) { Logger.warn("Certificate extension is not readable."); session.setOW(false); } - + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -484,10 +475,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); - + return returnvalue; } - + /** * Processes an Mandate sent by the MIS.
*

    @@ -498,7 +489,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation *
- * + * * @param sessionID * ID of associated authentication session data * @param infoboxReadResponseParameters @@ -522,10 +513,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam .getBusinessService()); - + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); - - + + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -539,11 +530,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } - + } /** - * + * * @param session * @param authConf * @param oaParam @@ -588,7 +579,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
    *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • *
- * + * * @param sessionID * ID of associated authentication session data * @param cert @@ -610,7 +601,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); } @@ -648,13 +639,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Verifies signature by calling the MOA SP component
    • *
  • Returns the signer certificate
    • * - * + * * @param sessionID * ID of associated authentication session data * @param createXMLSignatureResponseParameters * The parameters from the response returned from the BKU * including the <CreateXMLSignatureResponse> - * @throws BKUException + * @throws BKUException */ public X509Certificate verifyXMLSignature(String sessionID, Map createXMLSignatureResponseParameters) @@ -708,13 +699,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Verifies signature by calling the MOA SP component
    • *
  • Returns the signer certificate
    • * - * + * * @param sessionID * ID of associated authentication session data * @param readInfoboxResponseParameters * The parameters from the response returned from the BKU * including the <ReadInfoboxResponse> - * @throws BKUException + * @throws BKUException */ public X509Certificate getCertificate(String sessionID, Map readInfoboxResponseParameters) throws AuthenticationException, @@ -744,80 +735,80 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Builds an authentication block <saml:Assertion> from * given session data. - * + * * @param session * authentication session - * + * * @return <saml:Assertion> as a String - * + * * @throws BuildException * If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { - + IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); String identificationValue = null; String identificationType = null; - + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { identificationType = ""; identificationValue = ""; - + } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { if (oaParam.getBusinessService()) { - + String bpkBase64 = new BPKBuilder().buildWBPK(identityLink .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); identificationValue = bpkBase64; - + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" )) identificationType = oaParam.getIdentityLinkDomainIdentifier(); else identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - + } else { String bpkBase64 = new BPKBuilder().buildBPK(identityLink .getIdentificationValue(), session.getTarget()); identificationValue = bpkBase64; identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); } - + } else { identificationValue = identityLink.getIdentificationValue(); identificationType = identityLink.getIdentificationType(); - + } - + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar .getInstance()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); String targetFriendlyName = session.getTargetFriendlyName(); - + // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) // String oaURL = session.getPublicOAURLPrefix(); - + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - - + + if (session.isSsoRequested()) { String oaURL =new String(); try { oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl(); - + if (MiscUtil.isNotEmpty(oaURL)) oaURL = oaURL.replaceAll("&", "&"); - + } catch (ConfigurationException e) { } String authBlock = new AuthenticationBlockAssertionBuilder() @@ -826,7 +817,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); return authBlock; - + } else { String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() @@ -835,20 +826,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); return authBlock; - } + } } - + /** * Verifies the infoboxes (except of the identity link infobox) returned by * the BKU by calling appropriate validator classes. - * + * * @param session * The actual authentication session. * @param mandate * The Mandate from the MIS - * + * * @throws AuthenticationException * @throws ConfigurationException * @throws TransformerException @@ -871,19 +862,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { verifySAMLAttribute(samlAttribute, i, "MISService", "MISService"); - + } } /** * Verifies the infoboxes (except of the identity link infobox) returned by * the BKU by calling appropriate validator classes. - * + * * @param session * The actual authentication session. * @param mandate * The Mandate from the MIS - * + * * @throws AuthenticationException * @throws ConfigurationException * @throws TransformerException @@ -908,7 +899,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Adds given SAML Attributes to the current session. They will be appended * to the final SAML Assertion or the AUTH block. If the attributes are * already in the list, they will be replaced. - * + * * @param session * The current session * @param extendedSAMLAttributes @@ -979,7 +970,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Adds the AUTH block related SAML attributes to the validation result. * This is needed always before the AUTH block is to be signed, because the * name of the mandator has to be set - * + * * @throws ParserConfigurationException * @throws IOException * @throws SAXException @@ -1046,7 +1037,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Adds the AUTH block related SAML attributes to the validation result. * This is needed always before the AUTH block is to be signed, because the * name of the mandator has to be set - * + * * @throws ParserConfigurationException * @throws IOException * @throws SAXException @@ -1091,7 +1082,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * + * * @param mandate * @return * @throws ParserConfigurationException @@ -1143,7 +1134,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Deletes authentication session
    • *
  • Returns the SAML artifact, encoded BASE64
    • * - * + * * @param sessionID * session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse @@ -1151,20 +1142,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <CreateXMLSignatureResponse> * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 - * @throws BKUException + * @throws BKUException */ public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException { - + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses @@ -1187,7 +1178,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); else new CreateXMLSignatureResponseValidator().validate(csresp, session); - + // builds a for a MOA-SPSS call List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); @@ -1226,7 +1217,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // Compare AuthBlock Data with information stored in session, especially // date and time CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); - + // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( vsresp, session.getIdentityLink()); @@ -1269,29 +1260,29 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } } - + session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); vsresp.setX509certificate(null); session.setForeigner(false); - + if (session.getUseMandate()) { // mandate mode return null; - + } else { - + session.setAuthenticatedUsed(false); session.setAuthenticated(true); - + String oldsessionID = session.getSessionID(); - + //Session is implicte stored in changeSessionID!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - + return newMOASessionID; } } @@ -1313,7 +1304,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Deletes authentication session
    • *
  • Returns the SAML artifact, encoded BASE64
    • * - * + * * @param sessionID * session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse @@ -1374,7 +1365,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Deletes authentication session
    • *
  • Returns the SAML artifact, encoded BASE64
    • * - * + * * @param sessionID * session ID of the running authentication session * @return SAML artifact needed for retrieving authentication data, encoded @@ -1383,11 +1374,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String getForeignAuthenticationData(AuthenticationSession session) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - + // post processing of the infoboxes Iterator iter = session.getInfoboxValidatorIterator(); boolean formpending = false; @@ -1430,10 +1421,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - + session.setAuthenticatedUsed(false); session.setAuthenticated(true); - + session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); @@ -1447,7 +1438,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Builds the AuthenticationData object together with the corresponding * <saml:Assertion> - * + * * @param session * authentication session * @param verifyXMLSigResp @@ -1467,23 +1458,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - + boolean businessService = oaParam.getBusinessService(); - + authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); - + authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar .getInstance())); - + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); - + authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); @@ -1493,25 +1484,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setPublicAuthorityCode(verifyXMLSigResp .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); - + try { - + if (session.getUseMandate() && session.isOW()) { MISMandate mandate = session.getMISMandate(); authData.setBPK(mandate.getOWbPK()); authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); authData.setIdentityLink(identityLink); - + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - + } else { - + if (businessService) { //since we have foreigner, wbPK is not calculated in BKU if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { // If domainIdentifier starts with prefix // "urn:publicid:gv.at:wbpk+"; remove this prefix @@ -1519,47 +1510,47 @@ public class AuthenticationServer implements MOAIDAuthConstants { .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + registerAndOrdNr); - } - + } + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); authData.setBPK(wbpkBase64); authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - + } else { authData.setBPK(identityLink.getIdentificationValue()); authData.setBPKType(identityLink.getIdentificationType()); - + } - + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - + Element idlassertion = session.getIdentityLink().getSamlAssertion(); //set bpk/wpbk; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type + //set bkp/wpbk type Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); IdentityLink idl = idlparser.parseIdentityLink(); authData.setIdentityLink(idl); - + } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); authData.setBPK(bpkBase64); authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); } - + Logger.trace("Authenticate user with bPK " + authData.getBPK()); - + authData.setIdentityLink(identityLink); } } - + return authData; } catch (Throwable ex) { @@ -1570,7 +1561,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Retrieves a session from the session store. - * + * * @param id * session ID * @return AuthenticationSession stored with given session ID, @@ -1578,7 +1569,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public static AuthenticationSession getSession(String id) throws AuthenticationException { - + AuthenticationSession session; try { session = AuthenticationSessionStoreage.getSession(id); @@ -1586,10 +1577,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (session == null) throw new AuthenticationException("auth.02", new Object[] { id }); return session; - + } catch (MOADatabaseException e) { throw new AuthenticationException("parser.04", new Object[] { id }); - } + } } /** @@ -1597,38 +1588,38 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - - //clean AuthenticationSessionStore - + + //clean AuthenticationSessionStore + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); - + //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); assertionstore.clean(now, authDataTimeOut); - - //clean ExeptionStore + + //clean ExeptionStore DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); exstore.clean(now, authDataTimeOut); - + } /** * Sets the sessionTimeOut. - * + * * @param seconds * Time out of the session in seconds */ public void setSecondsSessionTimeOutCreated(long seconds) { sessionTimeOutCreated = seconds * 1000; } - + public void setSecondsSessionTimeOutUpdated(long seconds) { sessionTimeOutUpdated = seconds * 1000; } /** * Sets the authDataTimeOut. - * + * * @param seconds * Time out for signing AuthData in seconds */ @@ -1638,7 +1629,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Checks a parameter. - * + * * @param param * parameter * @return true if the parameter is null or empty @@ -1649,7 +1640,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Checks the correctness of SAML attributes and returns its value. - * + * * @param param * samlAttribute * @param i @@ -1698,7 +1689,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return value; } - + /** * Does the request to the SZR-GW * @param signature XMLDSIG signature @@ -1779,13 +1770,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { return null; } - + /** * Starts a MOA-ID authentication process using STORK * @param req HttpServletRequest * @param resp HttpServletResponse * @param ccc Citizen country code - * @param oaURL URL of the online application + * @param oaURL URL of the online application * @param target Target parameter * @param targetFriendlyName Friendly Name of Target * @param authURL Authentication URL @@ -1797,36 +1788,34 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public static void startSTORKAuthentication( HttpServletRequest req, - HttpServletResponse resp, + HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - + if (moasession == null) { throw new AuthenticationException("auth.18", new Object[] { }); } - + //read configuration paramters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); - - //Start of STORK Processing + + //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); + + Logger.debug("Preparing to assemble STORK AuthnRequest witt the following values:"); + String destination = cpeps.getPepsURL().toExternalForm(); Logger.debug("C-PEPS URL: " + destination); - + String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - + String providerName= oaParam.getFriendlyName(); String issuerValue = HTTPUtils.getBaseURL(req); Logger.debug("Issuer value: " + issuerValue); - - // prepare collection of required attributes // - attributes for online application List attributesFromConfig = oaParam.getRequestedAttributes(); @@ -1838,7 +1827,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { for(OAStorkAttribute current : attributesFromConfig) { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName(current.getName()); - newAttribute.setIsRequired(current.isMandatory()); + + boolean globallyMandatory = false; + for(StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) + if(current.getName().equals(currentGlobalAttribute.getName())) { + globallyMandatory = currentGlobalAttribute.isMandatory(); + break; + } + + newAttribute.setIsRequired(current.isMandatory() || globallyMandatory); attributeList.add(newAttribute); } @@ -1867,32 +1864,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { authnRequest.setSpSector(spSector); authnRequest.setPersonalAttributeList(attributeList); -// STORKAuthnRequestProcessor.generateSTORKAuthnRequest( -// destination, -// acsURL, -// providerName, -// issuerValue, -// qaaLevel, -// spInstitution, -// spApplication, -// spCountry, -// spSector, -// requestedAttributes, - -// textToBeSigned, -// "application/xhtml+xml"); + authnRequest.setEIDCrossBorderShare(true); + authnRequest.setEIDCrossSectorShare(true); + authnRequest.setEIDSectorShare(true); + + authnRequest.setCitizenCountryCode("LOCAL"); + Logger.debug("STORK AuthnRequest succesfully assembled."); STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("CONF0"); try { authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); -// authnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(authnRequest, keyStorePath, keyStorePassword, keyName, keyPassword); } catch (STORKSAMLEngineException e) { Logger.error("Could not sign STORK SAML AuthnRequest.", e); throw new MOAIDException("stork.00", null); } - + Logger.info("STORK AuthnRequest successfully signed!"); //validate AuthnRequest @@ -1936,7 +1924,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); } - + /** * Extracts an X509 Certificate out of an XML signagture element * @param signedXML XML signature element @@ -1944,27 +1932,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws CertificateException */ public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException { - + NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate"); - + String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(base64CertString)) { + + if (StringUtils.isEmpty(base64CertString)) { String msg = "XML does not contain a X509Certificate element."; Logger.error(msg); throw new CertificateException(msg); } - + InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - + X509Certificate cert; try { cert = new X509Certificate(is); return cert; - + } catch (Throwable e) { throw new CertificateException(e); } } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 25f12af62..e388b39e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -1,5 +1,5 @@ /** - * + * */ package at.gv.egovernment.moa.id.config.stork; @@ -25,119 +25,129 @@ import eu.stork.vidp.messages.util.XMLUtil; import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; +import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; /** * Encapsulates several STORK configuration parameters according MOA configuration - * + * * @author bzwattendorfer * */ public class STORKConfig { - + /** STORK SAML signature creation parameters */ private Properties props = null; private Map cpepsMap = null; private String basedirectory = null; private SignatureVerificationParameter sigverifyparam = null; - - + private List attr = null; + + public STORKConfig(STORK stork, Properties props, String basedirectory) { this.basedirectory = basedirectory; this.props = props; - + //create CPEPS map List cpeps = stork.getCPEPS(); cpepsMap = new HashMap(); - + for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) { - + try { CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL())); - - List attr = cpep.getAttributeValue(); - - ArrayList requestedAttributes = new ArrayList(); - - for (String e1 : attr) { - Element element = XMLUtil.stringToDOM(e1); - RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element); - requestedAttributes.add(requestedAttribute); - } - moacpep.setCountrySpecificRequestedAttributes(requestedAttributes); - + + + +// List attr = cpep.getAttributeValue(); +// +// ArrayList requestedAttributes = new ArrayList(); +// +// for (String e1 : attr) { +// Element element = XMLUtil.stringToDOM(e1); +// RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element); +// requestedAttributes.add(requestedAttribute); +// } +// moacpep.setCountrySpecificRequestedAttributes(requestedAttributes); + cpepsMap.put(cpep.getCountryCode(), moacpep); - + } catch (MalformedURLException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); - } catch (ParserConfigurationException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } catch (SAXException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } catch (IOException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); - } catch (MessageEncodingException e) { - Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " - + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); +// } catch (ParserConfigurationException e) { +// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " +// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); +// } catch (SAXException e) { +// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " +// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); +// } catch (IOException e) { +// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " +// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); +// } catch (MessageEncodingException e) { +// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " +// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); } - } - - SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); - if (samlsign == null) { - Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); - } else { - SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter(); - - if (sigverify == null) { - Logger.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found."); - - } else { - sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID()); - } +// SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured +// +// if (samlsign == null) { +// Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); +// +// } else { +// SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter(); +// +// if (sigverify == null) { +// Logger.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found."); +// +// } else { +// sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID()); +// } +// } + attr = new ArrayList(); + for(StorkAttribute current : stork.getAttributes()) { + attr.add(current); } - + } public SignatureCreationParameter getSignatureCreationParameter() { - + return new SignatureCreationParameter(props, basedirectory); } public SignatureVerificationParameter getSignatureVerificationParameter() { - - return sigverifyparam; + + return sigverifyparam; } public Map getCpepsMap() { return cpepsMap; } - + public boolean isSTORKAuthentication(String ccc) { - + if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty()) return false; - + if (this.cpepsMap.containsKey(ccc.toUpperCase())) return true; else return false; - + } - + public CPEPS getCPEPS(String ccc) { if (isSTORKAuthentication(ccc)) return this.cpepsMap.get(ccc); else return null; } - + public List getStorkAttributes() { + return attr; + } } -- cgit v1.2.3 From bb986a1225a594cf72572af8cbf0edb14039b5c1 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 23 Jan 2014 13:46:37 +0100 Subject: added signrequest to authrequest --- .../moa/id/auth/AuthenticationServer.java | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 0fbcc97b2..49e2cbdd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -33,8 +33,10 @@ import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; import java.security.GeneralSecurityException; +import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; +import java.util.ArrayList; //import java.security.cert.CertificateFactory; import java.util.Calendar; import java.util.Date; @@ -54,6 +56,8 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.xpath.XPathAPI; +import org.opensaml.common.IdentifierGenerator; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.springframework.util.xml.DomUtils; @@ -1839,6 +1843,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { attributeList.add(newAttribute); } + // add sign request + PersonalAttribute newAttribute = new PersonalAttribute(); + newAttribute.setName("signedDoc"); + List value = new ArrayList(); + value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml")); + newAttribute.setValue(value); + attributeList.add(newAttribute); + + if (Logger.isDebugEnabled()) { Logger.debug("The following attributes are requested for this OA:"); for (OAStorkAttribute logReqAttr : attributesFromConfig) @@ -1925,6 +1938,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); } + private static String generateDssSignRequest(String text, String mimeType) { + IdentifierGenerator idGenerator; + try { + idGenerator = new SecureRandomIdentifierGenerator(); + + return "" + + "" + + "" + + "" + text + "" + + "" + + "" + + ""; + } catch (NoSuchAlgorithmException e) { + Logger.error("Cannot generate id", e); + throw new RuntimeException(e); + } + } + /** * Extracts an X509 Certificate out of an XML signagture element * @param signedXML XML signature element -- cgit v1.2.3 From f5a9a02b839f036eb0ebaa6c58526a2483a3d4b7 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 23 Jan 2014 14:44:14 +0100 Subject: natural person should work --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 93 +++++++++++----------- .../moa/id/auth/stork/STORKResponseProcessor.java | 10 +-- 2 files changed, 53 insertions(+), 50 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index df93f4d85..653f40670 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -11,7 +11,6 @@ import javax.servlet.http.HttpSession; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.StatusCode; -import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -30,19 +29,21 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.mw.messages.saml.STORKResponse; -import eu.stork.vidp.messages.util.XMLUtil; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * Endpoint for receiving STORK response messages */ public class PEPSConnectorServlet extends AuthServlet { private static final long serialVersionUID = 1L; - + public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector"; - + /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ @@ -89,33 +90,35 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request - STORKResponse storkResponse = null; + //Decodes SAML Response + byte[] decSamlToken; try { - storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response); - } catch (STORKException e) { + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); + } catch(NullPointerException e) { Logger.error("Unable to retrieve STORK Response", e); throw new MOAIDException("stork.04", null); } - - Logger.info("STORK SAML Response message succesfully extracted"); - Logger.debug("STORK response (pretty print): "); - Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM())); - Logger.trace("STORK response (original): "); - Logger.trace(XMLUtil.printXML(storkResponse.getDOM())); - - Logger.debug("Starting validation of SAML response"); - //verify SAML response + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0"); + + STORKAuthnResponse authnResponse = null; try { - STORKResponseProcessor.verifySTORKResponse(storkResponse); - } catch (STORKException e) { + //validate SAML Token + Logger.debug("Starting validation of SAML response"); + authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost()); + Logger.info("SAML response succesfully verified!"); + }catch(STORKSAMLEngineException e){ Logger.error("Failed to verify STORK SAML Response", e); throw new MOAIDException("stork.05", null); } - - Logger.info("SAML response succesfully verified!"); - - String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue(); - + + Logger.info("STORK SAML Response message succesfully extracted"); + Logger.debug("STORK response: "); + Logger.debug(authnResponse.toString()); + + String statusCodeValue = authnResponse.getStatusCode(); + if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) { Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue); throw new MOAIDException("stork.06", new Object[] { statusCodeValue }); @@ -136,26 +139,26 @@ public class PEPSConnectorServlet extends AuthServlet { } Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - - Logger.debug("Starting validation of SAML assertion"); - //verify SAML assertion - Assertion storkAssertion = storkResponse.getAssertions().get(0); - try { - STORKResponseProcessor.verifySTORKAssertion( - storkAssertion, //assertion - request.getRemoteAddr(), //IP address of user - storkAuthnRequest.getID(), //ID of STORK AuthnRequest - request.getRequestURL().toString(), //destination - HTTPUtils.getBaseURL(request), //audience - storkAuthnRequest.getRequestedAttributes()); //Requested Attributes - } catch (STORKException e) { - Logger.error("Failed to verify STORK SAML Assertion", e); - throw new MOAIDException("stork.08", null); - } - - Logger.info("SAML assertion succesfully verified!"); - - Logger.debug("Starting extraction of signedDoc attribute"); + +// Logger.debug("Starting validation of SAML assertion"); +// //verify SAML assertion + Assertion storkAssertion = authnResponse.getAssertions().get(0); +// try { +// STORKResponseProcessor.verifySTORKAssertion( +// storkAssertion, //assertion +// request.getRemoteAddr(), //IP address of user +// storkAuthnRequest.getID(), //ID of STORK AuthnRequest +// request.getRequestURL().toString(), //destination +// HTTPUtils.getBaseURL(request), //audience +// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes +// } catch (STORKException e) { +// Logger.error("Failed to verify STORK SAML Assertion", e); +// throw new MOAIDException("stork.08", null); +// } +// +// Logger.info("SAML assertion succesfully verified!"); + + Logger.debug("Starting extraction of signedDoc attribute"); //extract signed doc element and citizen signature Element citizenSignature = null; try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index a6e595239..e47a43c90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -305,9 +305,9 @@ public class STORKResponseProcessor { public static IdentityLink connectToSZRGateway(Element citizenSignature, List attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber); - + String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER); + Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier); + String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME); Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName); @@ -325,8 +325,8 @@ public class STORKResponseProcessor { IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature); - if (response.isError()) { + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + if (response.isError()) { Logger.error("Receveid ErrorResponse from SZR Gateway."); throw new SZRGWClientException(response.getError()); } -- cgit v1.2.3 From 885490d16795b5d8f45d2785aaead8b074fa2cc1 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 16:11:31 +0100 Subject: interface adaptions for szrgw #1 --- .../moa/id/auth/AuthenticationServer.java | 48 +++++++---- .../moa/id/auth/servlet/GetForeignIDServlet.java | 2 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- .../moa/id/auth/stork/STORKResponseProcessor.java | 61 ++++++++++---- .../validator/parep/client/szrgw/SZRGWClient.java | 95 ++++++++-------------- 5 files changed, 112 insertions(+), 96 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 49e2cbdd5..fe23b545f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; -import iaik.pki.PKIException; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -32,7 +31,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; -import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; @@ -60,7 +58,6 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; -import org.springframework.util.xml.DomUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -123,8 +120,8 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; @@ -137,7 +134,6 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKAuthnRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1700,8 +1696,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return Identity link assertion * @throws SZRGWClientException */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse - getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { SZRGWClient client = null; @@ -1713,8 +1709,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(DOMUtils.serializeNode(signature).getBytes()); + request.setSignature(citizenSignature.getBytes()); + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1735,17 +1732,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // throw new SZRGWClientException("Could not initialize SSL Factory"); // } // } - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } catch (TransformerException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } // // create request @@ -1775,6 +1765,34 @@ public class AuthenticationServer implements MOAIDAuthConstants { } + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); + } + /** * Starts a MOA-ID authentication process using STORK * @param req HttpServletRequest diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 222faec37..be307ae14 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -162,7 +162,7 @@ public class GetForeignIDServlet extends AuthServlet { } // make SZR request to the identity link - CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature); + CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature); if (response.isError()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 653f40670..f1ee4c181 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -178,7 +178,7 @@ public class PEPSConnectorServlet extends AuthServlet { //contact SZR Gateway IdentityLink identityLink = null; try { - identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes()); + identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList()); } catch (STORKException e) { Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e47a43c90..e2112a4d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; import eu.stork.mw.messages.saml.STORKResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; @@ -294,29 +295,41 @@ public class STORKResponseProcessor { } - + + /** + * helper for reading attributes. Handles logging and error handling. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return the attribute value + * @throws STORKException the sTORK exception + */ + private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException { + try { + String result = attributeList.get(attributeName).getValue().get(0); + Logger.trace(attributeName + " : " + result); + return result; + } catch(NullPointerException e) { + Logger.error(attributeName + " not found in response"); + throw new STORKException(attributeName + " not found in response"); + } + } + /** * Handels connection to SZR-GW and returns Identity Link on success - * @param citizenSignature Citizen signature - * @param attributeList Received attribute List in assertion + * @param iPersonalAttributeList Received attribute List in assertion * @return Identity Link * @throws STORKException */ - public static IdentityLink connectToSZRGateway(Element citizenSignature, List attributeList) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier); - - String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName); - - String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName); - - String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth); - + // fetch mandatory attributes + String citizenSignature = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, attributeList); + String eIdentifier = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, attributeList); + String givenName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, attributeList); + String lastName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SURNAME, attributeList); + String dateOfBirth = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, attributeList); if (!StringUtils.isEmpty(dateOfBirth)) { dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); } @@ -325,7 +338,21 @@ public class STORKResponseProcessor { IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + + // do we have a case of representation? + try { + String representative = getAttributeValue("representative", attributeList); + String represented = getAttributeValue("represented", attributeList); + String mandate = getAttributeValue("mandateContent", attributeList); + + // if we get here we have a representation case + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + + } catch(STORKException e) { + // we do not have a representation case + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + } + if (response.isError()) { Logger.error("Receveid ErrorResponse from SZR Gateway."); throw new SZRGWClientException(response.getError()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index e3457f4de..325bf25a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -39,7 +39,6 @@ import org.apache.commons.httpclient.protocol.Protocol; import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.Text; @@ -254,8 +253,8 @@ public class SZRGWClient { } } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String representative, String represented, String mandateContent) throws SZRGWClientException { String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; try { @@ -299,73 +298,25 @@ public class SZRGWClient { Text text= doc.createTextNode(PEPSDateOfBirth); elem.appendChild(text); } - } - - if (signature == null) - throw new SZRGWClientException("Signature element must not be null!"); - else { - Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); - Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent"); - sig.appendChild(xmlcontent); - Node n = doc.importNode(signature, true); - getIdentityLink.appendChild(sig); - xmlcontent.appendChild(n); - } - - - return doc; - } catch (ParserConfigurationException e) { - throw new SZRGWClientException(e); - } /*catch (CertificateEncodingException e) { - throw new SZRGWClientException(e); - }*/ - - } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - - String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; - - try { - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); - doc.appendChild(getIdentityLink); - - if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { - - Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); - getIdentityLink.appendChild(pepsDataElem); - - if (PEPSIdentifier != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); - pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSIdentifier); - elem.appendChild(text); - } - if (PEPSFirstname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + if (representative != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Representative"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFirstname); + Text text= doc.createTextNode(representative); elem.appendChild(text); - } + } - if (PEPSFamilyname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + if (represented != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Represented"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFamilyname); + Text text= doc.createTextNode(represented); elem.appendChild(text); } - if (PEPSDateOfBirth != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + if (mandateContent != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:MandateContent"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSDateOfBirth); + Text text= doc.createTextNode(mandateContent); elem.appendChild(text); } } @@ -380,7 +331,27 @@ public class SZRGWClient { Text text= doc.createTextNode(signature); base64content.appendChild(text); } - + + if(representative != null && represented != null && mandateContent != null) { + Element mis = doc.createElementNS(SZRGW_NS, "szrgw:MIS"); + Element filters = doc.createElementNS(SZRGW_NS, "szrgw:Filters"); + mis.appendChild(filters); + Element target = doc.createElementNS(SZRGW_NS, "szrgw:Target"); + mis.appendChild(target); + Element friendlyName = doc.createElementNS(SZRGW_NS, "szrgw:OAFriendlyName"); + mis.appendChild(friendlyName); + getIdentityLink.appendChild(mis); + +// TODO fetch data from oa params +// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +// moasessionid = StringEscapeUtils.escapeHtml(moasessionid); +// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); +// Text text = doc.createTextNode(oaParam.getFriendlyName()); + } + return doc; } catch (ParserConfigurationException e) { throw new SZRGWClientException(e); -- cgit v1.2.3 From ef85e5437f8d228978c1eaf9311aa97a292da4fa Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 16:54:33 +0100 Subject: moved XMLUtil to more reasonable place --- .../moa/id/auth/AuthenticationServer.java | 3 +- .../auth/stork/PEPSConnectorResponseVerifier.java | 2 +- .../moa/id/auth/stork/STORKResponseProcessor.java | 3 +- .../id/config/legacy/BuildFromLegacyConfig.java | 2 +- .../moa/id/config/stork/STORKConfig.java | 2 - .../pvp2x/verification/SAMLVerifierMOASP.java | 2 +- .../at/gv/egovernment/moa/id/util/XMLUtil.java | 143 +++++++++++++++++++++ 7 files changed, 150 insertions(+), 7 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index fe23b545f..b8a0fe678 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -122,6 +122,8 @@ import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; @@ -140,7 +142,6 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import eu.stork.vidp.messages.util.XMLUtil; /** * API for MOA ID Authentication Service.
    {@link AuthenticationSession} is diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java index f78067b5f..b3a707134 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java @@ -40,11 +40,11 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.vidp.messages.exception.SAMLValidationException; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; /** * Verifies the SMAL response according to the STORK specification diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e2112a4d9..ab62c2718 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -35,6 +35,8 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -43,7 +45,6 @@ import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; /** * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 7ef043abe..407e7da52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -18,7 +18,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.w3c.dom.Element; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -67,6 +66,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index e388b39e7..24c7ad264 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -20,8 +20,6 @@ import org.w3c.dom.Element; import org.xml.sax.SAXException; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; - import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java index c744abdf5..495f5f0db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -15,8 +15,8 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.vidp.messages.util.XMLUtil; public class SAMLVerifierMOASP implements ISAMLVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java new file mode 100644 index 000000000..d87d510fa --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java @@ -0,0 +1,143 @@ +/** + * + */ +package at.gv.egovernment.moa.id.util; + +import java.io.File; +import java.io.IOException; +import java.io.Reader; +import java.io.StringReader; +import java.io.StringWriter; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +/** + * Helper class for XML processing + * @author bzwattendorfer + * + */ +public class XMLUtil { + + /** + * Transforms a string representation to a DOM representation + * @param xmlString XML as string + * @return DOM representation of String + * @throws ParserConfigurationException + * @throws SAXException + * @throws IOException + */ + public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + + DocumentBuilder builder = dbf.newDocumentBuilder(); + + Reader reader = new StringReader(xmlString); + InputSource src = new InputSource(reader); + Document domDoc = builder.parse(src); + return domDoc.getDocumentElement(); + } + + /** + * Creates a new and empty XML document + * @return New XML document + * @throws ParserConfigurationException + */ + public static Document createNewDocument() throws ParserConfigurationException { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + + DocumentBuilder builder = dbf.newDocumentBuilder(); + return builder.newDocument(); + } + + /** + * Transforms an XML to a String + * @param node XML node + * @return String represenation of XML + */ + public static String printXML(Node node) { + TransformerFactory tfactory = TransformerFactory.newInstance(); + Transformer serializer; + try { + serializer = tfactory.newTransformer(); + + serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8"); + + StringWriter output = new StringWriter(); + serializer.transform(new DOMSource(node), new StreamResult(output)); + return output.toString(); + } catch (TransformerException e) { + + throw new RuntimeException(e); + } + } + + /** + * Writes an XML element to a given file + * @param doc XML element + * @param filename Filename of the file where to write XML + */ + public static void writeXmlFile(Element doc, String filename) { + try { + + Source source = new DOMSource(doc); + File file = new File(filename); + Result result = new StreamResult(file); + + Transformer xformer = TransformerFactory.newInstance().newTransformer(); + xformer.transform(source, result); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + /** + * Gets the first text value of a NodeList + * @param nList NodeList + * @return first text value of a NodeList + */ + public static String getFirstTextValueFromNodeList(NodeList nList) { + if (nList != null && nList.getLength() != 0) { + return nList.item(0).getTextContent(); + } + return null; + } + + /** + * Gets the first element of a Node + * @param parent Node + * @return first element of a Node + */ + public static Element getFirstElement(Node parent) { + Node n = parent.getFirstChild(); + while (n != null && n.getNodeType() != Node.ELEMENT_NODE) { + n = n.getNextSibling(); + } + if (n == null) { + return null; + } + return (Element)n; + } + + + +} -- cgit v1.2.3 From 133f63cef5bffb06e57896a1e83383a414d932df Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 17:01:41 +0100 Subject: attribute name handling is more samlengine like --- .../egovernment/moa/id/auth/stork/STORKResponseProcessor.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index ab62c2718..b8e823de0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -326,11 +326,11 @@ public class STORKResponseProcessor { Logger.trace("Calling SZR Gateway with the following attributes:"); // fetch mandatory attributes - String citizenSignature = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, attributeList); - String eIdentifier = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, attributeList); - String givenName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, attributeList); - String lastName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SURNAME, attributeList); - String dateOfBirth = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, attributeList); + String citizenSignature = getAttributeValue("signedDoc", attributeList); + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); if (!StringUtils.isEmpty(dateOfBirth)) { dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); } -- cgit v1.2.3 From 1ff6044b66a717edff42bd3a1c19a044e744c3b3 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 17:09:46 +0100 Subject: cleanup --- .../moa/id/config/stork/STORKConfig.java | 51 ---------------------- 1 file changed, 51 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 24c7ad264..3282b8737 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -3,7 +3,6 @@ */ package at.gv.egovernment.moa.id.config.stork; -import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; @@ -12,17 +11,7 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import javax.xml.parsers.ParserConfigurationException; - -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; - -import eu.stork.vidp.messages.util.SAMLUtil; -import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -57,54 +46,14 @@ public class STORKConfig { try { CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL())); - - -// List attr = cpep.getAttributeValue(); -// -// ArrayList requestedAttributes = new ArrayList(); -// -// for (String e1 : attr) { -// Element element = XMLUtil.stringToDOM(e1); -// RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element); -// requestedAttributes.add(requestedAttribute); -// } -// moacpep.setCountrySpecificRequestedAttributes(requestedAttributes); - cpepsMap.put(cpep.getCountryCode(), moacpep); } catch (MalformedURLException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); -// } catch (ParserConfigurationException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); -// } catch (SAXException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); -// } catch (IOException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); -// } catch (MessageEncodingException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); } -// SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured -// -// if (samlsign == null) { -// Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); -// -// } else { -// SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter(); -// -// if (sigverify == null) { -// Logger.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found."); -// -// } else { -// sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID()); -// } -// } attr = new ArrayList(); for(StorkAttribute current : stork.getAttributes()) { attr.add(current); -- cgit v1.2.3 From 8d18054deef38fa8a434f5049664c7219f5c9d7a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 10:27:20 +0100 Subject: cleaned legacy config from stork artifacts --- .../id/config/legacy/BuildFromLegacyConfig.java | 68 -------- .../moa/id/config/legacy/ConfigurationBuilder.java | 176 --------------------- .../moa/id/config/legacy/OAAuthParameter.java | 59 ------- 3 files changed, 303 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 407e7da52..f5fdbd90a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -14,15 +14,11 @@ import java.util.Map; import java.util.Properties; import java.util.Set; -import org.opensaml.saml2.metadata.RequestedAttribute; import org.w3c.dom.Element; -import eu.stork.vidp.messages.util.SAMLUtil; - import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; @@ -32,8 +28,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName; -import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; @@ -47,13 +41,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; @@ -66,7 +56,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; @@ -283,63 +272,6 @@ public class BuildFromLegacyConfig { parseConnectionParameterClientAuth(foreignIDConnectionParameter); auth_foreign.setConnectionParameter(auth_foreign_connection); - //set STORK configuration - STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); - STORK auth_foreign_stork = new STORK(); - auth_foreign.setSTORK(auth_foreign_stork); - - //set CPEPS - Map map = storkConfig.getCpepsMap(); - Set map_keys = map.keySet(); - List auth_foreign_stork_cpeps = new ArrayList(); - for (String key : map_keys) { - CPEPS cpep = new CPEPS(); - cpep.setCountryCode(map.get(key).getCountryCode()); - cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!! - - List cpep_reqs = new ArrayList(); - - List map1 = map.get(key).getCountrySpecificRequestedAttributes(); - for (RequestedAttribute e1 : map1) { - Element element = SAMLUtil.marshallMessage(e1); - cpep_reqs.add(XMLUtil.printXML(element)); - } - cpep.setAttributeValue(cpep_reqs); - auth_foreign_stork_cpeps.add(cpep); - } - auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); - - - //set SAMLSigningParameter - if (storkConfig.getSignatureCreationParameter() != null && - storkConfig.getSignatureVerificationParameter() != null) { - SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); - auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); - - SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); - auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); - KeyStore stork_saml_creat_keystore = new KeyStore(); - stork_saml_creat.setKeyStore(stork_saml_creat_keystore); - stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); - stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); - KeyName stork_saml_creat_keyname = new KeyName(); - stork_saml_creat.setKeyName(stork_saml_creat_keyname); - stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); - stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); - - - - SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); - auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); - stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); - - } - - //TODO: check correctness - //set QualityAuthenticationAssurance - //set RequestedAttbutes - - //set OnlineMandates config ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); if (onlineMandatesConnectionParameter != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 3abc94b02..525c5a24e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -30,8 +30,6 @@ import iaik.utils.RFC2253NameParserException; import java.io.IOException; import java.math.BigInteger; -import java.net.MalformedURLException; -import java.net.URL; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -41,8 +39,6 @@ import java.util.List; import java.util.Map; import java.util.Vector; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.ws.message.encoder.MessageEncodingException; import org.w3c.dom.Attr; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -56,9 +52,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter; import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.legacy.CPEPS; import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter; -import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -66,15 +60,9 @@ import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; /** * A class that builds configuration data from a DOM based representation. @@ -1218,170 +1206,6 @@ public List getTrustedTemplateURLs() { } - /** - * Creates a SignatureVerificationParameter object from the MOA-ID configuration - * This configuration object contains the TrustProfile to be used for signature verification (STORK SAML Signature Verification) - * - * @return TrustProfileID for signature verification (STORK SAML Signature Verification) - */ - public SignatureVerificationParameter buildSTORKSignatureVerificationParameter() { - - Logger.debug("Loading STORK signature verification parameters."); - - Element signatureVerificationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER); - if (signatureVerificationParameterElement == null) { - Logger.debug("No STORK verification parameters found, " +AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER + "is missing."); - return null; - } - - SignatureVerificationParameter signatureVerificationParameter = new SignatureVerificationParameter(); - - String trustProfileID = XPathUtils.getElementValue(signatureVerificationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID, null); - if (StringUtils.isEmpty(trustProfileID)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID + "is missing."); - return null; - } - Logger.trace("Using the following MOA-SP TrustProfile for STORK SAML signature verification: " + trustProfileID); - signatureVerificationParameter.setTrustProfileID(trustProfileID); - - Logger.info("STORK signature verification parameters loaded."); - - return signatureVerificationParameter; - } - - /** - * Builds a C-PEPS object from configuration - * @param cpepsElement DOM Element of C-PEPS from configuration - * @return C-PEPS object - */ - public CPEPS buildSTORKCpeps(Element cpepsElement) { - - String countryCode = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE); - String cpepsURLString = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL); - if (StringUtils.isEmpty(countryCode)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE + "is missing."); - return null; - } - if (StringUtils.isEmpty(cpepsURLString)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL + "is missing."); - return null; - } - - URL cpepsURL; - try { - cpepsURL = new URL(cpepsURLString); - } catch (MalformedURLException e) { - Logger.error("Provided CPEPS-URL (" + cpepsURLString + ") for country " + countryCode + " is not a URL", e); - return null; - } - CPEPS cpeps = new CPEPS(countryCode, cpepsURL); - Logger.debug("Adding C-PEPS for country: " + cpeps.getCountryCode() + ", URL: " + cpeps.getPepsURL()); - - Element reqAttributeElement; - NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(cpepsElement, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES); - - while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { - RequestedAttribute requestedAttribute; - try { - requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); - } catch (MessageEncodingException e) { - Logger.error("Provided RequestedAttributes for CPEPS from country " + countryCode + " is malformed.", e); - return null; - } - //only add if STORK attribute is correct - if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { - cpeps.addCountrySpecificRequestedAttribute(requestedAttribute); - Logger.debug("Adding also country specific requested attribute for C-PEPS (" + countryCode + "): " + requestedAttribute.getName() + ", isRequired: " + requestedAttribute.isRequired()); - } else { - Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); - } - - } - - return cpeps; - } - - /** - * Builds the supported C-PEPS Map from configuration - * @return Map of C-PEPS - */ - public Map buildSTORKcPEPSMap() { - - Logger.debug("Loading STORK C-PEPS information"); - - Map cpepsMap = new HashMap(); - - NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS); - - Element cpepsElement; - CPEPS cpeps; - - while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) { - cpeps = buildSTORKCpeps(cpepsElement); - if (cpeps != null) { - cpepsMap.put(cpeps.getCountryCode(), cpeps); - } - } - - if(!cpepsMap.isEmpty()) { - Logger.info("STORK C-PEPS information loaded"); - } - - return cpepsMap; - - } - - /** - * Builds the required STORK QAALevel for this OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK QAALevel for this OA - */ - public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) { - Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA); - - if (qaaLevelElement == null) return null; - - try { - QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement); - return qaaLevel; - } catch (MessageEncodingException e) { - Logger.error("Could not build STORK QAALevel, using default."); - return null; - } - - } - - /** - * Builds the Requested Attributes specific for an OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK RequestedAttributes for this OA - */ - public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) { - List reqAttributeList = new ArrayList(); - - - Element reqAttributeElement; - NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE); - - while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { - RequestedAttribute requestedAttribute; - try { - requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); - } catch (MessageEncodingException e) { - Logger.error("Provided RequestedAttributes Online Application is malformed.", e); - return null; - } - //only add if STORK attribute is correct - if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { - reqAttributeList.add(requestedAttribute); - } else { - Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); - } - } - - return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); - } - /** * Method warn. * @param messageId to identify a country-specific message diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java index 3948522c0..7174e05dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java @@ -24,15 +24,6 @@ package at.gv.egovernment.moa.id.config.legacy; -import java.util.ArrayList; - -import org.opensaml.saml2.metadata.RequestedAttribute; - -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; - /** * Configuration parameters belonging to an online application, * to use with the MOA ID Auth component. @@ -129,22 +120,6 @@ public class OAAuthParameter extends OAParameter { */ private String identityLinkDomainIdentifierType; - /** - * STORK QAA Level, Default = 4 - */ - private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); - - /** - * STORK RequestedAttributes for Online Application - * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth - */ - private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); - - /** * Returns true if the Security Layer version is version 1.2, * otherwise false. @@ -464,38 +439,4 @@ public class OAAuthParameter extends OAParameter { return this.mandateProfiles; } - /** - * Returns the defined STORK QAALevel - * @return STORK QAALevel - */ - public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; - } - - /** - * Sets the STORK QAALevel - * @param qaaLevel - */ - public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { - this.qaaLevel = qaaLevel; - } - - /** - * Returns the desired STORK Requested Attributes - * @return STORK Requested Attributes - */ - public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; - } - - /** - * Sets the desired STORK Requested Attributes - * @param requestedAttributes - */ - public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - this.requestedAttributes = requestedAttributes; - } - - - } -- cgit v1.2.3 From fdcc7df81a159284d6bcfcd94be28c6f08afc5e4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 14:09:32 +0100 Subject: fixed merge issue missing bracket --- .../src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 3282b8737..95ed628fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -52,6 +52,7 @@ public class STORKConfig { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); } + } attr = new ArrayList(); -- cgit v1.2.3 From 09266016cbcb143d7b6e65d32b49b6b3d2cb53c0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 17:24:46 +0100 Subject: fixed issues after merge --- .../egovernment/moa/id/auth/AuthenticationServer.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index b8a0fe678..9ab96a726 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -135,6 +135,7 @@ import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; +import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -1712,6 +1713,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); request.setSignature(citizenSignature.getBytes()); + PEPSData data = new PEPSData(); + data.setDateOfBirth(PEPSDateOfBirth); + data.setFamilyname(PEPSFamilyname); + data.setFirstname(PEPSFirstname); + data.setIdentifier(PEPSIdentifier); + +// TODO add mandate data +// data.setRepresentative(representative); +// data.setRepresented(represented); +// data.setMandateContent(mandateContent); + request.setPEPSData(data); + + +// request.setMIS(value) + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1790,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException, ConfigurationException { + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } -- cgit v1.2.3 From 98137f26f5b0bd33d178e16ea5ee9397f2cc2c0a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 17:42:26 +0100 Subject: refactored szrgw response type --- .../moa/id/auth/AuthenticationServer.java | 6 ++--- .../moa/id/auth/servlet/GetForeignIDServlet.java | 27 ++++++++-------------- .../moa/id/auth/stork/STORKResponseProcessor.java | 24 +++++++++---------- 3 files changed, 24 insertions(+), 33 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9ab96a726..3dc2639d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1699,7 +1699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { SZRGWClient client = null; @@ -1790,7 +1790,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); } @@ -1806,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index be307ae14..d42cd85dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.servlet; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.CertificateException; import java.util.Map; @@ -47,14 +48,14 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** * Servlet requested for getting the foreign eID @@ -165,20 +166,12 @@ public class GetForeignIDServlet extends AuthServlet { CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature); - if (response.isError()) { - throw new SZRGWClientException(response.getError()); + if (null != response.getErrorResponse()){ + // TODO fix exception parameter + throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null); } else { - - Element samlAssertion = response.getAssertion(); - - try { - System.out.println("PB: " + DOMUtils.serializeNode(samlAssertion)); - } catch (TransformerException e) { - e.printStackTrace(); - } - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink())); IdentityLink identitylink = ilParser.parseIdentityLink(); session.setIdentityLink(identitylink); @@ -225,9 +218,9 @@ public class GetForeignIDServlet extends AuthServlet { } catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); - } - catch (SZRGWClientException ex) { - handleError(null, ex, req, resp, pendingRequestID); + } catch (Exception e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index b8e823de0..9dede7179 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -3,6 +3,7 @@ */ package at.gv.egovernment.moa.id.auth.stork; +import java.io.ByteArrayInputStream; import java.util.List; import java.util.Vector; @@ -33,14 +34,14 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.vidp.messages.common.STORKConstants; @@ -354,18 +355,15 @@ public class STORKResponseProcessor { response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); } - if (response.isError()) { - Logger.error("Receveid ErrorResponse from SZR Gateway."); - throw new SZRGWClientException(response.getError()); + + if (null != response.getErrorResponse()){ + // TODO fix exception parameter + throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null); } else { - Logger.trace("Receveid Success Response from SZR Gateway."); - Element samlAssertion = response.getAssertion(); - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink())); identityLink = ilParser.parseIdentityLink(); - Logger.debug("Received Identity Link from SZR Gateway"); //TODO: is this ok? // if (StringUtils.isEmpty(identityLink.getDateOfBirth())) { @@ -379,9 +377,9 @@ public class STORKResponseProcessor { } catch (ParseException e) { Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e); - } catch (at.gv.egovernment.moa.id.client.SZRGWClientException e) { - Logger.error("Error connecting SZR-Gateway: ", e); - throw new STORKException("Error connecting SZR-Gateway: ", e); + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); } return identityLink; -- cgit v1.2.3 From 04a2d507dfcf59dac15e542e391797e57a820c82 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 29 Jan 2014 14:02:05 +0100 Subject: complete workflow untested --- .../moa/id/auth/AuthenticationServer.java | 7 ++-- .../auth/builder/StartAuthenticationBuilder.java | 7 ++-- .../moa/id/auth/data/AuthenticationSession.java | 23 ++++++++++++- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 40 +++++----------------- .../moa/id/auth/stork/STORKResponseProcessor.java | 37 +++++++++----------- .../moa/id/protocols/saml1/GetArtifactAction.java | 14 ++++++++ 6 files changed, 68 insertions(+), 60 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3dc2639d5..f19881578 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1723,13 +1723,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { // data.setRepresentative(representative); // data.setRepresented(represented); // data.setMandateContent(mandateContent); - request.setPEPSData(data); - + if(null != PEPSIdentifier) + request.setPEPSData(data); + + // TODO add MIS data // request.setMIS(value) Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); + return response; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java index e4bf37417..3bc152ec8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -36,8 +36,7 @@ public class StartAuthenticationBuilder { Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); // STORK or normal authentication - //TODO: commented because npe was thrown - /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { //STORK authentication Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); Logger.debug("Starting STORK authentication"); @@ -45,13 +44,13 @@ public class StartAuthenticationBuilder { AuthenticationServer.startSTORKAuthentication(req, resp, moasession); return ""; - } else {*/ + } else { //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req); return getIdentityLinkForm; - //} + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4a7676ec8..3ab6701c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -26,6 +26,7 @@ import java.util.Vector; import org.w3c.dom.Element; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -254,7 +255,9 @@ public class AuthenticationSession implements Serializable { private VerifyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; - + + private IPersonalAttributeList storkAttributes; + // private String requestedProtocolURL = null; public String getModul() { @@ -962,6 +965,24 @@ public class AuthenticationSession implements Serializable { public void setAuthBlockTokken(String authBlockTokken) { this.authBlockTokken = authBlockTokken; } + + /** + * Memorizes the stork attribute list. + * + * @param personalAttributeList the new stork attributes + */ + public void setStorkAttributes(IPersonalAttributeList personalAttributeList) { + this.storkAttributes = personalAttributeList; + } + + /** + * Recalls the stork attribute list. + * + * @return the stork attributes + */ + public IPersonalAttributeList getStorkAttributes() { + return this.storkAttributes; + } /** // * @return the oAuth20SessionObject diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index f1ee4c181..f05180932 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -78,9 +78,6 @@ public class PEPSConnectorServlet extends AuthServlet { //No authentication session has been started before Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); - } else { - //We know user and MOA takes over session handling, invalidate HttpSession - httpSession.invalidate(); } pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); @@ -192,49 +189,28 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.info("Received Identity Link from SZR Gateway"); moaSession.setIdentityLink(identityLink); - Logger.debug("Adding addtional STORK attributes to MOA assertion"); - //add other stork attributes to MOA assertion - List moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes()); - moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); + Logger.debug("Adding addtional STORK attributes to MOA session"); + moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList()); //We don't have BKUURL, setting from null to "Not applicable" moaSession.setBkuURL("Not applicable (STORK Authentication)"); - - Logger.debug("Starting to assemble MOA assertion"); - //produce MOA-Assertion and artifact - String samlArtifactBase64 = - AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession); - Logger.info("MOA assertion assembled and SAML Artifact generated."); + + // free for single use + moaSession.setAuthenticatedUsed(false); + + // stork did the authentication step + moaSession.setAuthenticated(true); //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); //redirect String redirectURL = null; - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - /*redirectURL = moaSession.getOAURLRequested(); - if (!moaSession.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = response.encodeRedirectURL(redirectURL);*/ - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); redirectURL = response.encodeRedirectURL(redirectURL); - } else { - - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID); - } - - try { - AuthenticationSessionStoreage.storeSession(moaSession); - } catch (MOADatabaseException e) { - throw new MOAIDException("Session store error", null); - } response.setContentType("text/html"); response.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 9dede7179..664d0cf57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -14,7 +14,6 @@ import javax.xml.namespace.QName; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; @@ -35,7 +34,6 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -44,6 +42,7 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; @@ -389,33 +388,29 @@ public class STORKResponseProcessor { /** * Transforms additional STORK attributes to MOA Extended attributes - * @param storkAttributeList STORK attribute list + * @param iPersonalAttributeList STORK attribute list * @return */ - public static List addAdditionalSTORKAttributes(List storkAttributeList) { + public static List addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { List moaExtendedSAMLAttributeList = new Vector(); + if(null == iPersonalAttributeList) + return moaExtendedSAMLAttributeList; + Logger.trace("Adding the following attributes to MOA assertion: "); int count = 0; - //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc - for (Attribute attribute : storkAttributeList) { - //attribute is not in default returned attribute set - if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) { - - String attributeValue = null; - if (!attribute.getAttributeValues().isEmpty()) { - //we have attribute value - attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0)); - } - ExtendedSAMLAttribute extendedSAMLAttribute = - new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); - moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); - count++; - Logger.trace("Additional attribute: " + attribute.getName()); - } + + for (PersonalAttribute attribute : iPersonalAttributeList) { + Object attributeValue = attribute.getValue(); + if (null == attributeValue) + attributeValue = attribute.getComplexValue(); + ExtendedSAMLAttribute extendedSAMLAttribute = + new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); + moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); + count++; + Logger.trace("Additional attribute: " + attribute.getName()); } - Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion."); return moaExtendedSAMLAttributeList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index fa9dbe990..bf353bce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -1,12 +1,17 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -48,6 +53,15 @@ public class GetArtifactAction implements IAction { oaParam, target); + // add other stork attributes to MOA assertion if available + if(null != session.getStorkAttributes()) { + List moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes()); + session.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); + //produce MOA-Assertion and artifact + AuthenticationServer.getInstance().getForeignAuthenticationData(session); + Logger.info("MOA assertion assembled and SAML Artifact generated."); + } + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { -- cgit v1.2.3 From 85a983b556baaaa45ea79a4da232a1a72d323708 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 29 Jan 2014 15:13:42 +0100 Subject: enhanced samlengine for floating config location --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 ++- .../at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f19881578..204e7f724 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1920,11 +1920,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { authnRequest.setEIDSectorShare(true); authnRequest.setCitizenCountryCode("LOCAL"); +// authnRequest.setCitizenCountryCode(moasession.getCcc()); Logger.debug("STORK AuthnRequest succesfully assembled."); - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("CONF0"); + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); try { authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); } catch (STORKSAMLEngineException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index f05180932..4819b8219 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -97,7 +97,7 @@ public class PEPSConnectorServlet extends AuthServlet { } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); STORKAuthnResponse authnResponse = null; try { -- cgit v1.2.3 From 3e512ed4c85444fcbd3d364ffa48aa3291813b73 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 13:14:34 +0100 Subject: supply organization details on representative case --- .../moa/id/auth/AuthenticationServer.java | 36 +++++++++++++++++----- .../moa/id/auth/stork/STORKResponseProcessor.java | 16 ++++++++-- 2 files changed, 41 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 204e7f724..d77119f4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1699,7 +1699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { SZRGWClient client = null; @@ -1712,20 +1712,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); request.setSignature(citizenSignature.getBytes()); - + PEPSData data = new PEPSData(); data.setDateOfBirth(PEPSDateOfBirth); data.setFamilyname(PEPSFamilyname); data.setFirstname(PEPSFirstname); data.setIdentifier(PEPSIdentifier); -// TODO add mandate data -// data.setRepresentative(representative); -// data.setRepresented(represented); -// data.setMandateContent(mandateContent); + data.setRepresentative(representative); + data.setRepresented(represented); + data.setMandateContent(mandateContent); - if(null != PEPSIdentifier) - request.setPEPSData(data); + data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); + data.setLegalPersonTranslatableType(organizationType); // TODO add MIS data // request.setMIS(value) @@ -1812,6 +1811,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } + + /** + * SZR-GW Client interface. + * + * @param eIdentifier the e identifier + * @param givenName the given name + * @param lastName the last name + * @param dateOfBirth the date of birth + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + */ + public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, + String givenName, String lastName, String dateOfBirth, + String citizenSignature, String representative, String represented, + String mandate) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, null, null); + } /** * Starts a MOA-ID authentication process using STORK diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 664d0cf57..e81adfb52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -345,10 +345,20 @@ public class STORKResponseProcessor { String representative = getAttributeValue("representative", attributeList); String represented = getAttributeValue("represented", attributeList); String mandate = getAttributeValue("mandateContent", attributeList); + + // we definitely know we have a representation case here + // lets try if the represented is an organization + try { + String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); + String organizationType = getAttributeValue("translateableType", attributeList); + + // if we got here, we have a natural person representing a legal person + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType); + } catch(STORKException e1) { - // if we get here we have a representation case - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); - + // if we get here we have natural persons representing each other + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + } } catch(STORKException e) { // we do not have a representation case response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); -- cgit v1.2.3 From 58b19f33806927a753d76ff2d2f79e44353b0e03 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 15:12:04 +0100 Subject: refactored attribute parsing --- .../moa/id/auth/AuthenticationServer.java | 59 +++++------------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 19 +----- .../moa/id/auth/stork/STORKResponseProcessor.java | 76 ++++++++++++++-------- 3 files changed, 67 insertions(+), 87 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d77119f4a..5ae3d8e47 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1733,53 +1733,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); return response; - - -// client.setAddress(connectionParameters.getUrl()); -// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { -// Logger.debug("Initialisiere SSL Verbindung"); -// try { -// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); -// } catch (IOException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (GeneralSecurityException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (PKIException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } -// } } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); } -// // create request -// CreateIdentityLinkResponse response = null; -// Element request = null; -// try { -// Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature); -// request = doc.getDocumentElement(); -// -// // send request -// response = client.createIdentityLinkResponse(request, connectionParameters.getUrl()); -// -// -// -// } catch (SZRGWClientException e) { -// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. -//// try { -//// response = client.createIdentityLinkResponse(request); -//// } -//// catch (SZRGWClientException e1) { -//// throw new SZRGWClientException(e1); -//// } -// } - - return null; } @@ -1811,6 +1770,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + } /** * SZR-GW Client interface. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4819b8219..45e6ab816 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -137,29 +137,12 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); -// Logger.debug("Starting validation of SAML assertion"); -// //verify SAML assertion - Assertion storkAssertion = authnResponse.getAssertions().get(0); -// try { -// STORKResponseProcessor.verifySTORKAssertion( -// storkAssertion, //assertion -// request.getRemoteAddr(), //IP address of user -// storkAuthnRequest.getID(), //ID of STORK AuthnRequest -// request.getRequestURL().toString(), //destination -// HTTPUtils.getBaseURL(request), //audience -// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes -// } catch (STORKException e) { -// Logger.error("Failed to verify STORK SAML Assertion", e); -// throw new MOAIDException("stork.08", null); -// } -// -// Logger.info("SAML assertion succesfully verified!"); - Logger.debug("Starting extraction of signedDoc attribute"); //extract signed doc element and citizen signature Element citizenSignature = null; try { + Assertion storkAssertion = authnResponse.getAssertions().get(0); citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion); moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature)); moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e81adfb52..466d86f87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -296,6 +296,22 @@ public class STORKResponseProcessor { } + + /** + * Checks for attribute. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return true, if successful + */ + private static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) { + try { + getAttributeValue(attributeName, attributeList); + return true; + } catch(STORKException e) { + return false; + } + } /** * helper for reading attributes. Handles logging and error handling. @@ -325,52 +341,56 @@ public class STORKResponseProcessor { public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - // fetch mandatory attributes - String citizenSignature = getAttributeValue("signedDoc", attributeList); - String eIdentifier = getAttributeValue("eIdentifier", attributeList); - String givenName = getAttributeValue("givenName", attributeList); - String lastName = getAttributeValue("surname", attributeList); - String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); - if (!StringUtils.isEmpty(dateOfBirth)) { - dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - } - - CreateIdentityLinkResponse response; + CreateIdentityLinkResponse identityLinkResponse = null; IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - // do we have a case of representation? - try { + + // if there is no signedDoc attribute, we cannot go on + String citizenSignature = getAttributeValue("signedDoc", attributeList); + + // if we have a signedDoc we test for a representation case + if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) { + // we have a representation case String representative = getAttributeValue("representative", attributeList); String represented = getAttributeValue("represented", attributeList); String mandate = getAttributeValue("mandateContent", attributeList); - // we definitely know we have a representation case here - // lets try if the represented is an organization - try { + if(!hasAttribute("dateOfBirth", attributeList)) { + // if we get here, we have a natural person representing a legal person String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); String organizationType = getAttributeValue("translateableType", attributeList); - // if we got here, we have a natural person representing a legal person - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType); - } catch(STORKException e1) { + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType); + } else { + // if we get here, we have a natural person representing another natural person + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - // if we get here we have natural persons representing each other - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); } - } catch(STORKException e) { + } else { // we do not have a representation case - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); } - - - if (null != response.getErrorResponse()){ + + if (null != identityLinkResponse.getErrorResponse()){ // TODO fix exception parameter - throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null); + throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null); } else { - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink())); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink())); identityLink = ilParser.parseIdentityLink(); Logger.debug("Received Identity Link from SZR Gateway"); -- cgit v1.2.3 From b04ffb6167dca0a3d1c116953b23aebe1ddf4e32 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 18:05:19 +0100 Subject: gender retrieval if not delivered by stork --- .../moa/id/auth/AuthenticationServer.java | 12 ++--- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 54 ++++++++++++++++++++++ .../moa/id/auth/stork/STORKResponseProcessor.java | 7 ++- 3 files changed, 66 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5ae3d8e47..ec1762cbf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1699,7 +1699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { SZRGWClient client = null; @@ -1752,7 +1752,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + return getIdentityLink(null, null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); } /** @@ -1768,7 +1768,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null); } /** @@ -1786,7 +1786,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, String representative, String represented, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + return getIdentityLink(null, null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); } /** @@ -1804,10 +1804,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception */ public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, - String givenName, String lastName, String dateOfBirth, + String givenName, String lastName, String dateOfBirth, String gender, String citizenSignature, String representative, String represented, String mandate) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, null, null); + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate, null, null); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 45e6ab816..a1d38d488 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; +import java.io.StringWriter; +import java.util.ArrayList; import java.util.List; import javax.servlet.ServletException; @@ -9,6 +11,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.StatusCode; import org.w3c.dom.Element; @@ -22,6 +27,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -30,6 +36,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; @@ -154,12 +161,59 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); + ////////////// incorporate gender from parameters if not in stork response + + PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender"); + if(null == gender) { + String gendervalue = (String) request.getParameter("gender"); + if(null != gendervalue) { + gender = new PersonalAttribute(); + gender.setName("gender"); + ArrayList tmp = new ArrayList(); + tmp.add(gendervalue); + gender.setValue(tmp); + + authnResponse.getPersonalAttributeList().add(gender); + } + } + + ////////////////////////////////////////////////////////////////////////// + + Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway IdentityLink identityLink = null; try { identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList()); } catch (STORKException e) { + // this is really nasty but we work against the system here. We are supposed to get the gender attribute from + // stork. If we do not, we cannot register the person in the ERnP - we have to have the + // gender for the represented person. So here comes the dirty hack. + if(e.getMessage().equals("gender not found in response")) { + // fetch gender + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); + VelocityContext context = new VelocityContext(); + context.put("SAMLResponse", request.getParameter("SAMLResponse")); + context.put("action", request.getRequestURL()); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + +// response.setContentType("text/html"); + response.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e1) { + Logger.error("Error sending gender retrival form.", e1); + httpSession.invalidate(); + throw new MOAIDException("stork.10", null); + } + + return; + } Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 466d86f87..5406dc0e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -369,10 +369,13 @@ public class STORKResponseProcessor { String givenName = getAttributeValue("givenName", attributeList); String lastName = getAttributeValue("surname", attributeList); String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + + // gender attribute is mandatory here because of some legal stuff +// String gender = getAttributeValue("gender", attributeList); if (!StringUtils.isEmpty(dateOfBirth)) dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate); } } else { // we do not have a representation case @@ -406,6 +409,8 @@ public class STORKResponseProcessor { } catch (ParseException e) { Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e); + } catch(STORKException e) { + throw e; } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); -- cgit v1.2.3 From 8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 19:04:02 +0100 Subject: added stork signature client api - untested --- .../moa/id/auth/AuthenticationServer.java | 36 ++++++++++++++------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 39 ++++++++++++---------- 2 files changed, 48 insertions(+), 27 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ec1762cbf..decf166c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -58,6 +58,7 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.DOMException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -137,6 +138,11 @@ import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.profile.DocumentType; +import eu.stork.oasisdss.profile.InputDocuments; +import eu.stork.oasisdss.profile.SignRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1882,7 +1888,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName("signedDoc"); List value = new ArrayList(); - value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml")); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml")); newAttribute.setValue(value); attributeList.add(newAttribute); @@ -1978,18 +1984,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentifierGenerator idGenerator; try { idGenerator = new SecureRandomIdentifierGenerator(); - - return "" + - "" + - "" + - "" + text + "" + - "" + - "" + - ""; + + DocumentType doc = new DocumentType(); + doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + request.setRequestID(idGenerator.generateIdentifier()); + + return ApiUtils.marshalToDocument(request).getTextContent(); } catch (NoSuchAlgorithmException e) { Logger.error("Cannot generate id", e); throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (ParserConfigurationException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index a1d38d488..3129c9e31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -10,6 +10,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.xml.transform.stream.StreamSource; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; @@ -30,11 +31,15 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -144,23 +149,6 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - Logger.debug("Starting extraction of signedDoc attribute"); - //extract signed doc element and citizen signature - Element citizenSignature = null; - try { - - Assertion storkAssertion = authnResponse.getAssertions().get(0); - citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion); - moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature)); - moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature)); - - } catch (Exception e) { - Logger.error("Could not extract citizen signature from C-PEPS", e); - throw new MOAIDException("stork.09", null); - } - Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); - Logger.debug("Citizen signature will be verified by SZR Gateway!"); - ////////////// incorporate gender from parameters if not in stork response PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender"); @@ -179,6 +167,23 @@ public class PEPSConnectorServlet extends AuthServlet { ////////////////////////////////////////////////////////////////////////// + Logger.debug("Starting extraction of signedDoc attribute"); + //extract signed doc element and citizen signature + String citizenSignature = null; + try { + citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + moaSession.setAuthBlock(citizenSignature); + + // FIXME untested + Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature))); + moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp)); + + } catch (Exception e) { + Logger.error("Could not extract citizen signature from C-PEPS", e); + throw new MOAIDException("stork.09", null); + } + Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); + Logger.debug("Citizen signature will be verified by SZR Gateway!"); Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway -- cgit v1.2.3 From 20c7b74026da669ff560281e69b4df37392154fd Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 20:49:58 +0100 Subject: supply MIS information to SZRGW --- .../moa/id/auth/AuthenticationServer.java | 45 ++++++++++++++++------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 21 +++++++++- .../moa/id/auth/stork/STORKResponseProcessor.java | 12 ++++-- 3 files changed, 63 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index decf166c4..60b269059 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -135,9 +135,13 @@ import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.util.xsd.mis.MandateIdentifiers; +import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import at.gv.util.xsd.srzgw.MISType; +import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.ApiUtilsException; import eu.stork.oasisdss.profile.DocumentType; @@ -1700,20 +1704,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Does the request to the SZR-GW - * @param signature XMLDSIG signature + * @param oaFriendlyName + * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { - SZRGWClient client = null; - try { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - client = new SZRGWClient(connectionParameters); + SZRGWClient client = new SZRGWClient(connectionParameters); CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); @@ -1732,8 +1735,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); data.setLegalPersonTranslatableType(organizationType); - // TODO add MIS data -// request.setMIS(value) + if(null != mandateContent) { + MISType mis = new MISType(); + + Target targetObject = new Target(); + targetObject.setValue(target); + mis.setTarget(targetObject); + + mis.setOAFriendlyName(oaFriendlyName); + + Filters filterObject = new Filters(); + MandateIdentifiers mandateIds = new MandateIdentifiers(); + for(String current : filters.split(",")) + mandateIds.getMandateIdentifier().add(current.trim()); + filterObject.setMandateIdentifiers(mandateIds); + mis.setFilters(filterObject); + + request.setMIS(mis); + } Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1791,8 +1810,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, String representative, String represented, String mandateContent, - String organizationAddress, String organizationType) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, null, + citizenSignature, represented, representative, mandateContent, organizationAddress, + organizationType, target, oaFriendlyName, filters); } /** @@ -1812,8 +1833,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, String givenName, String lastName, String dateOfBirth, String gender, String citizenSignature, String representative, String represented, - String mandate) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate, null, null); + String mandate, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, + citizenSignature, representative, represented, mandate, null, + null, target, oaFriendlyName, filters); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 3129c9e31..bd8c6420d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -30,6 +30,8 @@ import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -185,11 +187,28 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); + Logger.debug("fetching OAParameters from database"); + + //read configuration paramters of OA + AuthenticationSession moasession; + try { + moasession = AuthenticationSessionStoreage.getSession(moaSessionID); + } catch (MOADatabaseException e2) { + Logger.error("could not retrieve moa session"); + throw new AuthenticationException("auth.01", null); + } + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); + Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway IdentityLink identityLink = null; try { - identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList()); + identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(), + oaParam.getFriendlyName(), + oaParam.getTarget(), + oaParam.getMandateProfiles()); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from // stork. If we do not, we cannot register the person in the ERnP - we have to have the diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 5406dc0e1..8385c5dbe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -334,11 +334,15 @@ public class STORKResponseProcessor { /** * Handels connection to SZR-GW and returns Identity Link on success + * @param oaFriendlyName + * @param target + * @param filters + * @param filter * @param iPersonalAttributeList Received attribute List in assertion * @return Identity Link * @throws STORKException */ - public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String target, String filters) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); CreateIdentityLinkResponse identityLinkResponse = null; @@ -362,7 +366,7 @@ public class STORKResponseProcessor { String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); String organizationType = getAttributeValue("translateableType", attributeList); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, target, oaFriendlyName, filters); } else { // if we get here, we have a natural person representing another natural person String eIdentifier = getAttributeValue("eIdentifier", attributeList); @@ -375,7 +379,9 @@ public class STORKResponseProcessor { if (!StringUtils.isEmpty(dateOfBirth)) dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, + givenName, lastName, dateOfBirth, gender, citizenSignature, representative, + represented, mandate, target, oaFriendlyName, filters); } } else { // we do not have a representation case -- cgit v1.2.3 From e1e410da00a399a8b059645a14a7848b39d3525c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 20:59:16 +0100 Subject: removed old saml-engine --- .../moa/id/auth/stork/STORKResponseProcessor.java | 189 --------------------- 1 file changed, 189 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 8385c5dbe..6d88a1684 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -40,11 +40,8 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.util.SAMLUtil; /** * @@ -60,192 +57,6 @@ public class STORKResponseProcessor { /** OASIS DSS Success Message */ public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success"; - /** - * Extracts a STORK response from a HTTP message - * @param request HttpServletRequest - * @param response HttpServletResponse - * @return STORK Response - * @throws STORKException - */ - public static STORKResponse receiveSTORKRepsonse(HttpServletRequest request, HttpServletResponse response) throws STORKException { - - HTTPInTransport httpInTransport = new HttpServletRequestAdapter(request); - HTTPOutTransport httpOutTransport = new HttpServletResponseAdapter(response, request.isSecure()); - - httpInTransport.getPeerAddress(); - - String samlResponseString = request.getParameter("SAMLResponse"); - - if (StringUtils.isEmpty(samlResponseString)) { - Logger.error("SAMLResponse not found in request."); - throw new STORKException("SAMLResponse not found in request."); - } - - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - - samlMessageContext.setInboundMessageTransport(httpInTransport); - samlMessageContext.setOutboundMessageTransport(httpOutTransport); - - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - - try { - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding SAMLResponse message", e); - throw new STORKException("Error decoding SAMLResponse message", e); - } - - if (!(samlMessageContext.getInboundSAMLMessage() instanceof STORKResponse)) { - Logger.error("Message received is not a SAMLResponse message"); - throw new STORKException("Message received is not a SAMLResponse message"); - } - - STORKResponse samlResponse = (STORKResponse) samlMessageContext.getInboundSAMLMessage(); - - return samlResponse; - } - - /** - * Verifies a STORK response according STORK specification - * @param storkResponse STORK Response to verify - * @throws STORKException if validation fails - */ - public static void verifySTORKResponse(STORKResponse storkResponse) throws STORKException { - - ResponseVerifier responseVerifier = new PEPSConnectorResponseVerifier(); - try { - responseVerifier.verify(storkResponse); - } catch (SecurityException e) { - Logger.error("Error validating response message from PEPS.", e); - throw new STORKException("Error validating response message from PEPS."); - } - - } - - /** - * Verifies a STORK assertion - * @param assertion STORK assertion - * @param ipAddress Client IP address - * @param authnRequestID ID of the AuthnRequest - * @param recipient recipient for verification - * @param audience audience for verification - * @param reqAttributeList RequestedAttribute list for verification - * @throws STORKException - */ - public static void verifySTORKAssertion( - Assertion assertion, - String ipAddress, - String authnRequestID, - String recipient, - String audience, - List reqAttributeList) throws STORKException { - - //validate Assertion - AssertionVerifier assertionVerifier = new PEPSConnectorAssertionVerifier(); - try { - assertionVerifier.verify(assertion, ipAddress, authnRequestID, recipient, audience, reqAttributeList); - - //verify if all required attributes are present - PEPSConnectorAssertionVerifier.validateRequiredAttributes(reqAttributeList, assertion.getAttributeStatements().get(0).getAttributes()); - - } catch (SecurityException e) { - Logger.error("Error verifying assertion from PEPS", e); - throw new STORKException("Error validating assertion received from PEPS."); - } - - } - - /** - * Extracts the citizen signature from the signedDoc element present in the STORK assertion - * @param storkAssertion STORK assertion - * @return citizen signature as XML - * @throws STORKException - */ - public static Element extractCitizenSignature(Assertion storkAssertion) throws STORKException { - - Logger.debug("Processing DSS signature response from PEPS"); - - Element signatureResponse = getSignedDocAttributeValue(storkAssertion); - - if (signatureResponse == null) { - String msg = "Could not find DSS signature response in SAML assertion"; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.debug("Found DSS signature in SAML assertion"); - - Logger.debug("DSS Signature creation response received from PEPS (pretty print):"); - Logger.debug(XMLHelper.prettyPrintXML(signatureResponse)); - Logger.trace("DSS Signature creation response received from PEPS (original):"); - Logger.trace(XMLUtil.printXML(signatureResponse)); - - Element signature = getSignature(signatureResponse); - - if (signature == null) { - String msg = "Could not find citizen signature in SAML assertion"; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.debug("Found foreign citizen signature in SAML assertion (pretty print):"); - Logger.debug(XMLHelper.prettyPrintXML(signature)); - Logger.trace("Found foreign citizen signature in SAML assertion (original):"); - Logger.trace(XMLUtil.printXML(signature)); - - return signature; - } - - /** - * Extracts the signedDoc attribute from a STORK assertion as XML - * @param storkAssertion STORK assertion - * @return Value of signedDoc attribute - * @throws STORKException - */ - private static Element getSignedDocAttributeValue(Assertion storkAssertion) throws STORKException { - - XMLObject xmlObj = SAMLUtil.getAttributeValue(storkAssertion.getAttributeStatements().get(0).getAttributes(), STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC); - - - if (xmlObj instanceof XSAny) - return getSignedDocAttributeValueFromAny((XSAny) xmlObj); - else if (xmlObj instanceof XSString) - return getSignedDocAttributValueFromString((XSString) xmlObj); - else - return null; - - } - - /** - * Get signedDoc as XML if provided as anyType - * @param any AttributeValue as anyType - * @return signedDoc as XML - */ - private static Element getSignedDocAttributeValueFromAny(XSAny any) { - if (!any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).isEmpty()) { - XMLObject xmlObj = any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).get(0); - return xmlObj.getDOM(); - } else { - return null; - } - } - - /** - * Get signedDoc as XML if provided as String - * @param string AttributeValue as String - * @return signedDoc as XML - * @throws STORKException - */ - private static Element getSignedDocAttributValueFromString(XSString string) throws STORKException { - try { - return XMLUtil.stringToDOM(string.getValue()); - } catch (Exception e) { - Logger.error("Error building DOM", e); - throw new STORKException(e); - - } - } - /** * Extracts the signature value out of a DSS response * @param signatureResponse DSS signature response -- cgit v1.2.3 From 5ee3da37829fa14d70ad827e19364be4800fab37 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 08:55:04 +0100 Subject: fixed target type for MIS info --- .../moa/id/auth/AuthenticationServer.java | 17 +++++++++-------- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 18 +++++++++++++++++- .../moa/id/auth/stork/STORKResponseProcessor.java | 21 +++++++++++---------- 3 files changed, 37 insertions(+), 19 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 60b269059..94cab53d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1710,7 +1710,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { try { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); @@ -1739,7 +1739,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { MISType mis = new MISType(); Target targetObject = new Target(); - targetObject.setValue(target); + targetObject.setType(targetType); + targetObject.setValue(targetValue); mis.setTarget(targetObject); mis.setOAFriendlyName(oaFriendlyName); @@ -1777,7 +1778,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); } /** @@ -1793,7 +1794,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null); + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); } /** @@ -1810,10 +1811,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, String representative, String represented, String mandateContent, - String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { return getIdentityLink(null, null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, - organizationType, target, oaFriendlyName, filters); + organizationType, targetType, targetValue, oaFriendlyName, filters); } /** @@ -1833,10 +1834,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, String givenName, String lastName, String dateOfBirth, String gender, String citizenSignature, String representative, String represented, - String mandate, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate, null, - null, target, oaFriendlyName, filters); + null, targetType, targetValue, oaFriendlyName, filters); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index bd8c6420d..9dfce7838 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -200,6 +200,22 @@ public class PEPSConnectorServlet extends AuthServlet { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); + + // retrieve target + //TODO: check in case of SSO!!! + String targetType = null; + String targetValue = null; + if(oaParam.getBusinessService()) { + String id = oaParam.getIdentityLinkDomainIdentifier(); + if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + targetValue = id.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + else + targetValue = moasession.getDomainIdentifier(); + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_; + } else { + targetType = AuthenticationSession.TARGET_PREFIX_; + targetValue = oaParam.getTarget(); + } Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway @@ -207,7 +223,7 @@ public class PEPSConnectorServlet extends AuthServlet { try { identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(), oaParam.getFriendlyName(), - oaParam.getTarget(), + targetType, targetValue, oaParam.getMandateProfiles()); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 6d88a1684..20ceb2128 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -144,16 +144,17 @@ public class STORKResponseProcessor { } /** - * Handels connection to SZR-GW and returns Identity Link on success - * @param oaFriendlyName - * @param target - * @param filters - * @param filter - * @param iPersonalAttributeList Received attribute List in assertion + * Handels connection to SZR-GW and returns Identity Link on success. + * + * @param attributeList the attribute list + * @param oaFriendlyName the oa friendly name + * @param targetType the target type + * @param targetValue the target value + * @param filters the filters * @return Identity Link - * @throws STORKException + * @throws STORKException the sTORK exception */ - public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String target, String filters) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, String filters) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); CreateIdentityLinkResponse identityLinkResponse = null; @@ -177,7 +178,7 @@ public class STORKResponseProcessor { String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); String organizationType = getAttributeValue("translateableType", attributeList); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, target, oaFriendlyName, filters); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters); } else { // if we get here, we have a natural person representing another natural person String eIdentifier = getAttributeValue("eIdentifier", attributeList); @@ -192,7 +193,7 @@ public class STORKResponseProcessor { identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, - represented, mandate, target, oaFriendlyName, filters); + represented, mandate, targetType, targetValue, oaFriendlyName, filters); } } else { // we do not have a representation case -- cgit v1.2.3 From 2ee0d4beb3b23613b1bdaa3f9c58723d30303b79 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 14:39:04 +0100 Subject: fixed saml post binding template location --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 94cab53d4..209743f45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1986,7 +1986,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.trace("Initialize VelocityEngine..."); VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/saml2-post-binding-moa.vm"); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); VelocityContext context = new VelocityContext(); context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); context.put("action", destination); -- cgit v1.2.3 From 9122bf6862fe34881e5454f54c69692b7f5ed083 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 16:21:13 +0100 Subject: fixed outgoing signrequest - mostly tested --- .../moa/id/auth/AuthenticationServer.java | 40 +++++++++++++---- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 52 +++++++++++++++++----- .../moa/id/auth/stork/STORKResponseProcessor.java | 51 --------------------- 3 files changed, 73 insertions(+), 70 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 209743f45..146137a2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -31,6 +31,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; +import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; @@ -49,6 +50,7 @@ import javax.servlet.http.HttpSession; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringEscapeUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; @@ -123,7 +125,6 @@ import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; @@ -142,10 +143,14 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; +import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.Profiles; +import eu.stork.oasisdss.api.QualityLevels; +import eu.stork.oasisdss.api.SignatureTypes; +import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; -import eu.stork.oasisdss.profile.InputDocuments; import eu.stork.oasisdss.profile.SignRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -1912,7 +1917,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName("signedDoc"); List value = new ArrayList(); - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml")); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), + "application/xhtml+xml", + moasession.getCcc())); newAttribute.setValue(value); attributeList.add(newAttribute); @@ -2004,20 +2011,37 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); } - private static String generateDssSignRequest(String text, String mimeType) { + private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { IdentifierGenerator idGenerator; try { idGenerator = new SecureRandomIdentifierGenerator(); DocumentType doc = new DocumentType(); - doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes()); + doc.setBase64XML(text.getBytes()); + doc.setID(idGenerator.generateIdentifier()); SignRequest request = new SignRequest(); request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - request.setRequestID(idGenerator.generateIdentifier()); + String id = idGenerator.generateIdentifier(); + request.setRequestID(id); + request.setDocUI(id); - return ApiUtils.marshalToDocument(request).getTextContent(); + request.setProfile(Profiles.XADES_BES.toString()); + request.setNumberOfSigners(BigInteger.ONE); + request.setTargetCountry(citizenCountry); + + // no, no todo. PEPS will alter this value anyhow. + request.setReturnURL("http://invalid_return"); + + AnyType required = new AnyType(); + required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); + required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); + required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); + required.getAny().add(ApiUtils.createIncludeObject(doc)); + request.setOptionalInputs(required); + + return IOUtils.toString(ApiUtils.marshalToInputStream(request)); } catch (NoSuchAlgorithmException e) { Logger.error("Cannot generate id", e); throw new RuntimeException(e); @@ -2027,7 +2051,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } catch (DOMException e) { Logger.error("Could not create SignRequest", e); throw new RuntimeException(e); - } catch (ParserConfigurationException e) { + } catch (IOException e) { Logger.error("Could not create SignRequest", e); throw new RuntimeException(e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 9dfce7838..a3c8ebe4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -1,7 +1,10 @@ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.x509.X509Certificate; import java.io.IOException; +import java.io.InputStream; import java.io.StringWriter; +import java.net.URL; import java.util.ArrayList; import java.util.List; @@ -10,19 +13,19 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; import javax.xml.transform.stream.StreamSource; +import org.apache.commons.io.IOUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; -import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.StatusCode; -import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -33,14 +36,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.util.xsd.xmldsig.SignatureType; +import at.gv.util.xsd.xmldsig.X509DataType; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.profile.DocumentWithSignature; import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -173,14 +176,41 @@ public class PEPSConnectorServlet extends AuthServlet { //extract signed doc element and citizen signature String citizenSignature = null; try { - citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); + + List doclocations = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), DocumentWithSignature.class.getSimpleName(), DocumentWithSignature.class); + // TODO handle multiple docs? + Logger.debug("trying first doclocation"); + String docUrl = doclocations.get(0).getDocument().getDocumentURL(); + Logger.debug("trying first doclocation successful"); + + // fetch signed doc + URL url = new URL(docUrl); + InputStream incomming = url.openStream(); + citizenSignature = IOUtils.toString(incomming); + incomming.close(); + + JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); + SignatureType root = ((JAXBElement) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue(); + + // memorize signature into authblock moaSession.setAuthBlock(citizenSignature); + + // extract certificate + for(Object current : root.getKeyInfo().getContent()) + if(((JAXBElement) current).getValue() instanceof X509DataType) { + for(Object currentX509Data : ((JAXBElement) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) { + JAXBElement casted = ((JAXBElement) currentX509Data); + if(casted.getName().getLocalPart().equals("X509Certificate")) { + moaSession.setSignerCertificate(new X509Certificate(((String)casted.getValue()).getBytes())); + break; + } + } + } - // FIXME untested - Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature))); - moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp)); - } catch (Exception e) { + } catch (Throwable e) { Logger.error("Could not extract citizen signature from C-PEPS", e); throw new MOAIDException("stork.09", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 20ceb2128..2534110d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -57,57 +57,6 @@ public class STORKResponseProcessor { /** OASIS DSS Success Message */ public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success"; - /** - * Extracts the signature value out of a DSS response - * @param signatureResponse DSS signature response - * @return signature - * @throws STORKException - */ - private static Element getSignature(Element signatureResponse) throws STORKException { - - NodeList nList = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "ResultMajor"); - - String resultMajor = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(resultMajor)) { - String msg = "DSS response not correct, ResultMajor element missing."; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.trace("ResultMajor of DSS response: " + resultMajor); - - if (!OASIS_DSS_SUCCESS_MSG.equals(resultMajor)) { - String msg = "DSS response not correct, ResultMajor is " + resultMajor; - Logger.error(msg); - throw new STORKException(msg); - } - - NodeList nList2 = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "Base64Signature");; - - String base64SigString = XMLUtil.getFirstTextValueFromNodeList(nList2); - - if (StringUtils.isEmpty(base64SigString)) { - String msg = "DSS response not correct, Base64Signature element missing."; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.trace("Base64Signature element of DSS response: " + base64SigString); - - String sigString = new String(Base64.decode(base64SigString)); - - try { - return XMLUtil.stringToDOM(sigString); - } catch (Exception e) { - String msg = "Unable to extract signature from DSS response"; - Logger.error(msg); - throw new STORKException(msg); - } - - - } - /** * Checks for attribute. * -- cgit v1.2.3 From c2ccb7f48188b369c34cf2116b593a6d7c46b1ac Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 16:29:15 +0100 Subject: refactored gender retrieval --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 52 ++++++++++------------ .../moa/id/auth/stork/STORKResponseProcessor.java | 3 +- 2 files changed, 26 insertions(+), 29 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index a3c8ebe4d..b1829439a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -167,6 +167,30 @@ public class PEPSConnectorServlet extends AuthServlet { gender.setValue(tmp); authnResponse.getPersonalAttributeList().add(gender); + } else { + // this is really nasty but we work against the system here. We are supposed to get the gender attribute from + // stork. If we do not, we cannot register the person in the ERnP - we have to have the + // gender for the represented person. So here comes the dirty hack. + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); + VelocityContext context = new VelocityContext(); + context.put("SAMLResponse", request.getParameter("SAMLResponse")); + context.put("action", request.getRequestURL()); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + response.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e1) { + Logger.error("Error sending gender retrival form.", e1); + httpSession.invalidate(); + throw new MOAIDException("stork.10", null); + } + + return; } } @@ -256,34 +280,6 @@ public class PEPSConnectorServlet extends AuthServlet { targetType, targetValue, oaParam.getMandateProfiles()); } catch (STORKException e) { - // this is really nasty but we work against the system here. We are supposed to get the gender attribute from - // stork. If we do not, we cannot register the person in the ERnP - we have to have the - // gender for the represented person. So here comes the dirty hack. - if(e.getMessage().equals("gender not found in response")) { - // fetch gender - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); - VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", request.getParameter("SAMLResponse")); - context.put("action", request.getRequestURL()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - -// response.setContentType("text/html"); - response.getOutputStream().write(writer.toString().getBytes()); - } catch (Exception e1) { - Logger.error("Error sending gender retrival form.", e1); - httpSession.invalidate(); - throw new MOAIDException("stork.10", null); - } - - return; - } Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 2534110d5..344e842b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -136,7 +136,8 @@ public class STORKResponseProcessor { String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); // gender attribute is mandatory here because of some legal stuff -// String gender = getAttributeValue("gender", attributeList); + String gender = getAttributeValue("gender", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); -- cgit v1.2.3 From 3c1884ee275350e7b2a78256342d9610b1766898 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 16:31:50 +0100 Subject: remove testing Citizen Country Code from auth flow --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 146137a2c..67824bb44 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1953,8 +1953,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authnRequest.setEIDCrossSectorShare(true); authnRequest.setEIDSectorShare(true); - authnRequest.setCitizenCountryCode("LOCAL"); -// authnRequest.setCitizenCountryCode(moasession.getCcc()); + authnRequest.setCitizenCountryCode(moasession.getCcc()); Logger.debug("STORK AuthnRequest succesfully assembled."); -- cgit v1.2.3