From cea2f395ec773b386ec628d60120752cf320f6b6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Jan 2014 16:27:02 +0100
Subject: add PVP2 Demo Application change SZRGWClient to JAXWs

---
 .../moa/id/auth/AuthenticationServer.java          | 109 +++++++++++++--------
 .../moa/id/auth/stork/STORKResponseProcessor.java  |   3 +
 .../moa/id/client/LaxHostNameVerifier.java         |  16 +++
 .../gv/egovernment/moa/id/client/SZRGWClient.java  |  81 +++++++++++++++
 .../moa/id/client/SZRGWClientException.java        |  17 ++++
 .../moa/id/protocols/pvp2x/MetadataAction.java     |   8 ++
 6 files changed, 192 insertions(+), 42 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java

(limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index af23d4c78..278f93f14 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -54,6 +54,7 @@ import org.apache.xpath.XPathAPI;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.util.Base64;
 import org.opensaml.xml.util.XMLHelper;
+import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -95,10 +96,12 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.client.SZRGWClient;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -125,6 +128,8 @@ import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
 import eu.stork.mw.messages.saml.STORKAuthnRequest;
 import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
 import eu.stork.vidp.messages.common.STORKConstants;
@@ -1689,58 +1694,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 	   * @return Identity link assertion
 	 * @throws SZRGWClientException 
 	   */
-	     public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+	     public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse 
+	     	getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
 
-		    SZRGWClient client = new SZRGWClient();
+		    SZRGWClient client = null;
 		 
-		    try {
+			try {
 		    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
 		    	ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
 
-		    	client.setAddress(connectionParameters.getUrl());
-		    	if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
-		    		Logger.debug("Initialisiere SSL Verbindung");
-		    		try {
-		    			client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
-		    		} catch (IOException e) {
-		    			Logger.error("Could not initialize SSL Factory", e);
-		    			throw new SZRGWClientException("Could not initialize SSL Factory");
-		    		} catch (GeneralSecurityException e) {
-		    			Logger.error("Could not initialize SSL Factory", e);
-		    			throw new SZRGWClientException("Could not initialize SSL Factory");
-		    		} catch (PKIException e) {
-		    			Logger.error("Could not initialize SSL Factory", e);
-		    			throw new SZRGWClientException("Could not initialize SSL Factory");
-		    		} 
-		    	}
+		    	client = new SZRGWClient(connectionParameters);
+		    	 
+		    	
+		    	CreateIdentityLinkRequest request = new CreateIdentityLinkRequest();
+		    	request.setSignature(DOMUtils.serializeNode(signature).getBytes());
+		    	
+				CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());
+		    	
+				
+				
+//		    	client.setAddress(connectionParameters.getUrl());
+//		    	if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+//		    		Logger.debug("Initialisiere SSL Verbindung");
+//		    		try {
+//		    			client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+//		    		} catch (IOException e) {
+//		    			Logger.error("Could not initialize SSL Factory", e);
+//		    			throw new SZRGWClientException("Could not initialize SSL Factory");
+//		    		} catch (GeneralSecurityException e) {
+//		    			Logger.error("Could not initialize SSL Factory", e);
+//		    			throw new SZRGWClientException("Could not initialize SSL Factory");
+//		    		} catch (PKIException e) {
+//		    			Logger.error("Could not initialize SSL Factory", e);
+//		    			throw new SZRGWClientException("Could not initialize SSL Factory");
+//		    		} 
+//		    	}
 		    	Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
 		    }
 		    catch (ConfigurationException e) {
 		    	Logger.warn(e);
 		    	Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
-		    }
+		    } catch (TransformerException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			} catch (IOException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
 		    
-		    // create request
-		    CreateIdentityLinkResponse response = null;
-		    Element request = null;
-		    try {
-		    	Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
-		    	request = doc.getDocumentElement();
-		    	
-		    	// send request
-		    	response = client.createIdentityLinkResponse(request);
-		    } catch (SZRGWClientException e) {
-		    	// 	give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
-		    	try {
-		    		response = client.createIdentityLinkResponse(request);
-		    	} 
-		    	catch (SZRGWClientException e1) {
-		    		throw new SZRGWClientException(e1);
-		    	}
-		    }
+//		    // create request
+//		    CreateIdentityLinkResponse response = null;
+//		    Element request = null;
+//		    try {
+//		    	Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
+//		    	request = doc.getDocumentElement();
+//		    	
+//		    	// send request
+//		    	response = client.createIdentityLinkResponse(request, connectionParameters.getUrl());
+//		   
+//		    
+//		    
+//		    } catch (SZRGWClientException e) {
+//		    	// 	give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+////		    	try {
+////		    		response = client.createIdentityLinkResponse(request);
+////		    	} 
+////		    	catch (SZRGWClientException e1) {
+////		    		throw new SZRGWClientException(e1);
+////		    	}
+//		    }
 	        
 		    
-		    return response;
+		    return null;
 		
 	  }
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index a87e9a8c0..a6e595239 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -351,6 +351,9 @@ public class STORKResponseProcessor {
 		} catch (ParseException e) {
 			Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
 			throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
+		} catch (at.gv.egovernment.moa.id.client.SZRGWClientException e) {
+			Logger.error("Error connecting SZR-Gateway: ", e);
+			throw new STORKException("Error connecting SZR-Gateway: ", e);
 		}
     		    	
     	return identityLink;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java
new file mode 100644
index 000000000..a4fe4ab7b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.client;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+
+public class LaxHostNameVerifier implements HostnameVerifier {
+
+	/*
+	 * (non-Javadoc)
+	 * @see javax.net.ssl.HostnameVerifier#verify(java.lang.String, javax.net.ssl.SSLSession)
+	 */
+	public boolean verify(String arg0, SSLSession arg1) {
+		return true;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
new file mode 100644
index 000000000..37c2ebae0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
@@ -0,0 +1,81 @@
+package at.gv.egovernment.moa.id.client;
+
+import java.net.URL;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.xml.namespace.QName;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.wsdl.szrgw.SZRGWService;
+import at.gv.util.wsdl.szrgw.SZRGWType;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+
+import com.sun.xml.ws.developer.JAXWSProperties;
+import javax.xml.ws.BindingProvider;
+
+public class SZRGWClient {
+
+	private SSLSocketFactory sslContext = null;
+	
+	public SZRGWClient(ConnectionParameter szrgwconnection) throws SZRGWClientException {
+		initial(szrgwconnection);
+	}
+	
+	public CreateIdentityLinkResponse sentCreateIDLRequest(CreateIdentityLinkRequest request, String serviceUrl) throws SZRGWClientException {
+		MiscUtil.assertNotNull(request, "createIDLRequest");
+		MiscUtil.assertNotNull(serviceUrl, "serviceURL");
+		
+		URL url = SZRGWClient.class.getResource("/resources/wsdl/szrgw/szrgw.wsdl");
+		SZRGWService service = new SZRGWService(url, new QName("http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", "SZRGWService"));
+		SZRGWType port = service.getSZRGWPort();
+		
+		
+		
+		
+		BindingProvider bindingProvider = (BindingProvider) port;
+		Map<String, Object> requestContext = bindingProvider.getRequestContext();
+		requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl);
+		
+		
+		// check for ssl
+		if (serviceUrl.toLowerCase().startsWith("https")) {
+			Logger.trace("Using ssl for SZRGW client request.");
+			if (sslContext == null) {
+				throw new SZRGWClientException("SSL context from configuration is empty. Please configure an SSL context in the configuration first.", null);
+			}
+			
+			requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext);
+			
+			// check for lax hostname
+			if (true) {
+				Logger.trace("LaxHostnameVerifier enabled. This setting is not recommended to use.");
+				requestContext.put(JAXWSProperties.HOSTNAME_VERIFIER, new LaxHostNameVerifier());
+			}
+		}
+		
+		
+		return port.szrgwOperation(request);
+		
+	}
+	
+	
+	private void initial(ConnectionParameter szrgwconnection) throws at.gv.egovernment.moa.id.client.SZRGWClientException{ 
+		try {
+			sslContext = SSLUtils.getSSLSocketFactory(
+					AuthConfigurationProvider.getInstance(),
+					szrgwconnection);
+			
+		} catch (Exception e) {
+			Logger.warn("SZRGW Client initialization FAILED.", e);
+			throw new SZRGWClientException("SZRGW Client initialization FAILED.", null);
+			
+		}
+		
+	}	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
new file mode 100644
index 000000000..4eb268ce9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.client;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+
+public class SZRGWClientException extends MOAIDException{
+
+	private static final long serialVersionUID = 1L;
+
+	public SZRGWClientException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	public SZRGWClientException(SZRGWClientException e1) {
+		super("", null, e1);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 1c7b1c718..c80dbf321 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -27,9 +27,12 @@ import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.signature.impl.KeyInfoBuilder;
 import org.w3c.dom.Document;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -83,6 +86,11 @@ public class MetadataAction implements IAction {
 			Signature signature = CredentialProvider
 					.getIDPSignature(metadataSigningCredential);
 			
+//			KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
+//			KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
+//			//KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
+//			signature.setKeyInfo(metadataKeyInfo );
+			
 			idpEntitiesDescriptor.setSignature(signature);
 
 			IDPSSODescriptor idpSSODescriptor = SAML2Utils
-- 
cgit v1.2.3