From 885490d16795b5d8f45d2785aaead8b074fa2cc1 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 16:11:31 +0100 Subject: interface adaptions for szrgw #1 --- .../moa/id/auth/AuthenticationServer.java | 48 +++++++---- .../moa/id/auth/servlet/GetForeignIDServlet.java | 2 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- .../moa/id/auth/stork/STORKResponseProcessor.java | 61 ++++++++++---- .../validator/parep/client/szrgw/SZRGWClient.java | 95 ++++++++-------------- 5 files changed, 112 insertions(+), 96 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 49e2cbdd5..fe23b545f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; -import iaik.pki.PKIException; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -32,7 +31,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; -import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; @@ -60,7 +58,6 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; -import org.springframework.util.xml.DomUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -123,8 +120,8 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; @@ -137,7 +134,6 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKAuthnRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1700,8 +1696,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return Identity link assertion * @throws SZRGWClientException */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse - getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { SZRGWClient client = null; @@ -1713,8 +1709,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(DOMUtils.serializeNode(signature).getBytes()); + request.setSignature(citizenSignature.getBytes()); + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1735,17 +1732,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // throw new SZRGWClientException("Could not initialize SSL Factory"); // } // } - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } catch (TransformerException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } // // create request @@ -1775,6 +1765,34 @@ public class AuthenticationServer implements MOAIDAuthConstants { } + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); + } + /** * Starts a MOA-ID authentication process using STORK * @param req HttpServletRequest diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 222faec37..be307ae14 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -162,7 +162,7 @@ public class GetForeignIDServlet extends AuthServlet { } // make SZR request to the identity link - CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature); + CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature); if (response.isError()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 653f40670..f1ee4c181 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -178,7 +178,7 @@ public class PEPSConnectorServlet extends AuthServlet { //contact SZR Gateway IdentityLink identityLink = null; try { - identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes()); + identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList()); } catch (STORKException e) { Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e47a43c90..e2112a4d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; import eu.stork.mw.messages.saml.STORKResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; @@ -294,29 +295,41 @@ public class STORKResponseProcessor { } - + + /** + * helper for reading attributes. Handles logging and error handling. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return the attribute value + * @throws STORKException the sTORK exception + */ + private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException { + try { + String result = attributeList.get(attributeName).getValue().get(0); + Logger.trace(attributeName + " : " + result); + return result; + } catch(NullPointerException e) { + Logger.error(attributeName + " not found in response"); + throw new STORKException(attributeName + " not found in response"); + } + } + /** * Handels connection to SZR-GW and returns Identity Link on success - * @param citizenSignature Citizen signature - * @param attributeList Received attribute List in assertion + * @param iPersonalAttributeList Received attribute List in assertion * @return Identity Link * @throws STORKException */ - public static IdentityLink connectToSZRGateway(Element citizenSignature, List attributeList) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier); - - String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName); - - String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName); - - String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth); - + // fetch mandatory attributes + String citizenSignature = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, attributeList); + String eIdentifier = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, attributeList); + String givenName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, attributeList); + String lastName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SURNAME, attributeList); + String dateOfBirth = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, attributeList); if (!StringUtils.isEmpty(dateOfBirth)) { dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); } @@ -325,7 +338,21 @@ public class STORKResponseProcessor { IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + + // do we have a case of representation? + try { + String representative = getAttributeValue("representative", attributeList); + String represented = getAttributeValue("represented", attributeList); + String mandate = getAttributeValue("mandateContent", attributeList); + + // if we get here we have a representation case + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + + } catch(STORKException e) { + // we do not have a representation case + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + } + if (response.isError()) { Logger.error("Receveid ErrorResponse from SZR Gateway."); throw new SZRGWClientException(response.getError()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index e3457f4de..325bf25a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -39,7 +39,6 @@ import org.apache.commons.httpclient.protocol.Protocol; import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.Text; @@ -254,8 +253,8 @@ public class SZRGWClient { } } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String representative, String represented, String mandateContent) throws SZRGWClientException { String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; try { @@ -299,73 +298,25 @@ public class SZRGWClient { Text text= doc.createTextNode(PEPSDateOfBirth); elem.appendChild(text); } - } - - if (signature == null) - throw new SZRGWClientException("Signature element must not be null!"); - else { - Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); - Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent"); - sig.appendChild(xmlcontent); - Node n = doc.importNode(signature, true); - getIdentityLink.appendChild(sig); - xmlcontent.appendChild(n); - } - - - return doc; - } catch (ParserConfigurationException e) { - throw new SZRGWClientException(e); - } /*catch (CertificateEncodingException e) { - throw new SZRGWClientException(e); - }*/ - - } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - - String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; - - try { - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); - doc.appendChild(getIdentityLink); - - if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { - - Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); - getIdentityLink.appendChild(pepsDataElem); - - if (PEPSIdentifier != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); - pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSIdentifier); - elem.appendChild(text); - } - if (PEPSFirstname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + if (representative != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Representative"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFirstname); + Text text= doc.createTextNode(representative); elem.appendChild(text); - } + } - if (PEPSFamilyname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + if (represented != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Represented"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFamilyname); + Text text= doc.createTextNode(represented); elem.appendChild(text); } - if (PEPSDateOfBirth != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + if (mandateContent != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:MandateContent"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSDateOfBirth); + Text text= doc.createTextNode(mandateContent); elem.appendChild(text); } } @@ -380,7 +331,27 @@ public class SZRGWClient { Text text= doc.createTextNode(signature); base64content.appendChild(text); } - + + if(representative != null && represented != null && mandateContent != null) { + Element mis = doc.createElementNS(SZRGW_NS, "szrgw:MIS"); + Element filters = doc.createElementNS(SZRGW_NS, "szrgw:Filters"); + mis.appendChild(filters); + Element target = doc.createElementNS(SZRGW_NS, "szrgw:Target"); + mis.appendChild(target); + Element friendlyName = doc.createElementNS(SZRGW_NS, "szrgw:OAFriendlyName"); + mis.appendChild(friendlyName); + getIdentityLink.appendChild(mis); + +// TODO fetch data from oa params +// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +// moasessionid = StringEscapeUtils.escapeHtml(moasessionid); +// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); +// Text text = doc.createTextNode(oaParam.getFriendlyName()); + } + return doc; } catch (ParserConfigurationException e) { throw new SZRGWClientException(e); -- cgit v1.2.3