From 7848a953758fe645da5abc16eb8abff1fdc11da8 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 27 Jul 2010 20:15:31 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1177
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 .../moa/id/auth/AuthenticationServer.java          | 34 ++++++++++++++++++++--
 .../moa/id/auth/MOAIDAuthConstants.java            |  5 +++-
 .../builder/VerifyXMLSignatureRequestBuilder.java  |  1 +
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  2 ++
 .../id/auth/validator/IdentityLinkValidator.java   |  3 ++
 .../VerifyXMLSignatureResponseValidator.java       |  1 +
 6 files changed, 43 insertions(+), 3 deletions(-)

(limited to 'id/server/idserverlib/src/main/java')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 01c6a512f..103274c29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -15,10 +15,14 @@
 */
 package at.gv.egovernment.moa.id.auth;
 
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
 import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.Principal;
@@ -32,10 +36,13 @@ import java.util.Map;
 import java.util.Set;
 import java.util.Vector;
 
+import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
 
+import HTTPClient.Util;
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.ParseException;
@@ -431,6 +438,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
        
     String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE);
+   
     if (isEmpty(xmlInfoboxReadResponse))
       throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
     
@@ -455,8 +463,30 @@ public class AuthenticationServer implements MOAIDAuthConstants {
        Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID.");
       return null;
     }
-        
-    // parses the <InfoboxReadResponse>
+       
+    // for testing new identity link certificate
+//    xmlInfoboxReadResponse = null;
+//    try {
+//    File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml");
+//    FileInputStream fis;
+//	
+//		fis = new FileInputStream(file);
+//		byte[] array = Utils.readFromInputStream(fis);
+//    
+//    xmlInfoboxReadResponse = new String(array);
+//    System.out.println(xmlInfoboxReadResponse);
+//    
+//    } catch (FileNotFoundException e) {
+//		// TODO Auto-generated catch block
+//		e.printStackTrace();
+//	} catch (UtilsException e) {
+//		// TODO Auto-generated catch block
+//		e.printStackTrace();
+//	}
+    
+	
+    
+ // parses the <InfoboxReadResponse>
     IdentityLink identityLink =
       new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
     // validates the identity link
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 88859dc3f..84f8f6985 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -86,7 +86,10 @@ public interface MOAIDAuthConstants {
    */ 
   public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = 
     new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
-                  "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};  
+                  "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission",
+    			  "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"};
+                  //"E=dsk@dsk.gv.at,SERIALNUMBER=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"};
+  				   
   /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */
   public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
   /** 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index a14d0325f..2c97f01ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -131,6 +131,7 @@ public class VerifyXMLSignatureRequestBuilder {
       Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
       signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
       Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+      
       for (int i = 0; i < dsigTransforms.length; i++) {        
         Element verifyTransformsInfoProfileElem = 
           requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 1fc5013f3..ba3e2141b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -106,6 +106,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
        
     	AuthenticationSession session = AuthenticationServer.getSession(sessionID);  
     	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+
+    	Logger.debug(createXMLSignatureRequestOrRedirect);
     	
     	if (createXMLSignatureRequestOrRedirect == null) {
     	   // no identity link found
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index 1c9b66124..baaa21db2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -155,6 +155,9 @@ public class IdentityLinkValidator implements Constants {
            if (attributeValue==null) 
              attributeValue = 
                (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
+           if (attributeValue==null) 
+               attributeValue = 
+                 (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue");
            if (attributeValue == null)
             throw new ValidateException("validator.02", null);
                       
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index bc7db72f4..affa95c2b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -124,6 +124,7 @@ public class VerifyXMLSignatureResponseValidator {
       catch (RFC2253NameParserException e) {
         throw new ValidateException("validator.17", null);
       }
+      System.out.println("subjectDN: " + subjectDN);
       // check the authorisation to sign the identity link
       if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
         // subject DN check failed, try OID check:
-- 
cgit v1.2.3