From 328e6d233a4854ee0a9d1b5677915c0531f0aa88 Mon Sep 17 00:00:00 2001
From: Alexander Marsalek <amarsalek@iaik.tugraz.at>
Date: Thu, 29 Jan 2015 14:39:05 +0100
Subject: changes to get SI working, DocumentService: SI returns 500 instead of
 html page for GET requests => Nullpointerexception when
 LightweightSourceResolver tries to load the document SZRG: fiscalNumber was
 missing

---
 .../moa/id/auth/AuthenticationServer.java          |  2 +
 .../moa/id/auth/servlet/PEPSConnectorServlet.java  | 69 ++++++++++++++++------
 2 files changed, 52 insertions(+), 19 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 5e4aee81b..43384c58a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1652,6 +1652,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 				data.setFamilyname(PEPSFamilyname);
 				data.setFirstname(PEPSFirstname);
 				data.setIdentifier(PEPSIdentifier);
+				
+				data.setFiscalNumber(PEPSFiscalNumber);
 
 				data.setRepresentative(representative);
 				data.setRepresented(represented);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4cd192070..1be31ded9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -285,28 +285,41 @@ public class PEPSConnectorServlet extends AuthServlet {
 				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
 				
 				// fetch signed doc
-				DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+				DataSource ds = null;
+				try{
+					ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+				}catch(Exception e)
+				{
+					e.printStackTrace();
+				}
 				if(ds == null){
-					throw new ApiUtilsException("No datasource found in response");
-				}				
-				
-				InputStream incoming  = ds.getInputStream();
-				citizenSignature = IOUtils.toString(incoming);
-				incoming.close();
-				
-				Logger.debug("citizenSignature:"+citizenSignature);
-				if(isDocumentServiceUsed(citizenSignature)==true)
+					//Normal DocumentServices return a http-page, but the SI DocumentService returns HTTP error 500 
+					//which results in an exception and ds==null
+					
+					//try to load document from documentservice
+					citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
+					//throw new ApiUtilsException("No datasource found in response");
+				}		
+				else
 				{
-					Logger.debug("Loading document from DocumentService.");
-					String url = getDtlUrlFromResponse(dssSignResponse);
-					//get Transferrequest
-					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
-					//Load document from DocujmentService
-					byte[] data = getDocumentFromDtl(transferRequest, url);
-					citizenSignature = new String(data, "UTF-8");
-					Logger.debug("Overridung citizenSignature with:"+citizenSignature);
+					InputStream incoming  = ds.getInputStream();
+					citizenSignature = IOUtils.toString(incoming);
+					incoming.close();
+					
+					Logger.debug("citizenSignature:"+citizenSignature);
+					if(isDocumentServiceUsed(citizenSignature)==true)
+					{
+						citizenSignature = loadDocumentFromDocumentService(dssSignResponse);
+	//					Logger.debug("Loading document from DocumentService.");
+	//					String url = getDtlUrlFromResponse(dssSignResponse);
+	//					//get Transferrequest
+	//					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
+	//					//Load document from DocumentService
+	//					byte[] data = getDocumentFromDtl(transferRequest, url);
+	//					citizenSignature = new String(data, "UTF-8");
+	//					Logger.debug("Overridung citizenSignature with:"+citizenSignature);
+					}
 				}
-				
 				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
 				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
 	            
@@ -473,11 +486,28 @@ public class PEPSConnectorServlet extends AuthServlet {
 		
 	}
 	
+	private String loadDocumentFromDocumentService(SignResponse dssSignResponse) throws Exception
+	{ 
+		Logger.debug("Loading document from DocumentService.");
+		String url = getDtlUrlFromResponse(dssSignResponse);
+		Logger.debug("Loading document from DocumentService, url:"+url);
+		//get Transferrequest
+		String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
+		//Load document from DocumentService
+		byte[] data = getDocumentFromDtl(transferRequest, url);
+		String citizenSignature = new String(data, "UTF-8");
+		Logger.debug("Overridung citizenSignature with:"+citizenSignature);
+		return citizenSignature;
+	}
 
 	private boolean isDocumentServiceUsed(String citizenSignature) //TODo add better check
 	{
 		if(citizenSignature.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
+		{
+			Logger.trace("isDocumentServiceUsed => true");
 			return true;
+		}
+		Logger.trace("isDocumentServiceUsed => false");
 		return false;
 	}
 
@@ -514,6 +544,7 @@ public class PEPSConnectorServlet extends AuthServlet {
   		URL url = null;
 		try 
 		{
+			Logger.debug("getDocumentFromDtl, dtlUrl:'"+dtlUrl+"' eDtlUrl:'"+eDtlUrl+"'");
 			url = new URL(dtlUrl);
 			QName qname = new QName("http://stork.eu",
 				    "DocumentService");
-- 
cgit v1.2.3


From a34e3cc5ca505149d8de588de8d8a19b9a962845 Mon Sep 17 00:00:00 2001
From: Alexander Marsalek <amarsalek@iaik.tugraz.at>
Date: Thu, 29 Jan 2015 15:18:44 +0100
Subject: added qaa check

---
 .../moa/id/auth/servlet/PEPSConnectorServlet.java  | 81 +++++++++++++++++-----
 1 file changed, 65 insertions(+), 16 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 1be31ded9..4c587a5f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -244,7 +244,56 @@ public class PEPSConnectorServlet extends AuthServlet {
 				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
 				throw new MOAIDException("stork.07", null);
 			}
-						
+			
+			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+    		if (oaParam == null)
+    				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+			//================== Check QAA level start ====================
+			int reqQaa = -1;
+			int authQaa = -1;
+			String authQaaStr = null; 
+			try {
+				reqQaa = storkAuthnRequest.getQaa();
+				
+				//TODO: found better solution, but QAA Level in response could be not supported yet
+				try {
+
+					authQaaStr = authnResponse.getAssertions().get(0).
+							getAuthnStatements().get(0).getAuthnContext().
+							getAuthnContextClassRef().getAuthnContextClassRef();
+					moaSession.setQAALevel(authQaaStr);
+					
+				} catch (Throwable e) {
+					Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+					moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+					authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
+				}
+				if(authQaaStr != null)//Check value only if set
+				{
+					authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length()));
+//					authQaa = Integer.valueOf(authQaaStr);
+					if (reqQaa > authQaa) {
+						Logger.warn("Requested QAA level does not match to authenticated QAA level");
+						throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+	
+					}
+				}
+			} catch (MOAIDException e) {
+				throw e;
+
+			} catch (Exception e) {
+				if (Logger.isDebugEnabled())
+					Logger.warn("STORK QAA Level evaluation error", e);
+
+				else
+					Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" 
+							+  e.getMessage() + ")");
+
+				throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+			}
+			//================== Check QAA level end ====================
+			
 			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
 						
 			////////////// incorporate gender from parameters if not in stork response
@@ -356,9 +405,9 @@ public class PEPSConnectorServlet extends AuthServlet {
 //				Logger.error("could not retrieve moa session");
 //				throw new AuthenticationException("auth.01", null);
 //			}
-    		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
-    		if (oaParam == null)
-    				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+//    		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+//    		if (oaParam == null)
+//    				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
     		
     		// retrieve target
 	        //TODO: check in case of SSO!!!
@@ -437,18 +486,18 @@ public class PEPSConnectorServlet extends AuthServlet {
 			// stork did the authentication step
 			moaSession.setAuthenticated(true);
 			
-			//TODO: found better solution, but QAA Level in response could be not supported yet
-			try {
-
-				moaSession.setQAALevel(authnResponse.getAssertions().get(0).
-						getAuthnStatements().get(0).getAuthnContext().
-						getAuthnContextClassRef().getAuthnContextClassRef());
-				
-			} catch (Throwable e) {
-				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-				
-			}
+//			//TODO: found better solution, but QAA Level in response could be not supported yet
+//			try {
+//
+//				moaSession.setQAALevel(authnResponse.getAssertions().get(0).
+//						getAuthnStatements().get(0).getAuthnContext().
+//						getAuthnContextClassRef().getAuthnContextClassRef());
+//				
+//			} catch (Throwable e) {
+//				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+//				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+//				
+//			}
 			
     		//session is implicit stored in changeSessionID!!!!
     		String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-- 
cgit v1.2.3