From 7315bd2e79fe16cf13059408489050ca3450e578 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 5 Dec 2013 12:13:39 +0100 Subject: reactivated stork in default login template --- .../resources/templates/loginFormFull.html | 51 +++++++++------------- 1 file changed, 20 insertions(+), 31 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 801a2dbf1..f25e7129a 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -424,11 +424,6 @@ text-align: right; } - #stork { - margin-bottom: 10px; - margin-top: 5px; - } - #mandateLogin { padding-bottom: 4%; padding-top: 4%; @@ -812,32 +807,26 @@ - - +
+

Home Country Selection

+

+ + + i +

+
-
+

Home Country Selection

#end + + #if($SAMLRequest)#end + + #if($SAMLResponse)#end + +

+ + + + + \ No newline at end of file -- cgit v1.2.3 From 885490d16795b5d8f45d2785aaead8b074fa2cc1 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 16:11:31 +0100 Subject: interface adaptions for szrgw #1 --- .../moa/id/auth/AuthenticationServer.java | 48 +++++++---- .../moa/id/auth/servlet/GetForeignIDServlet.java | 2 +- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- .../moa/id/auth/stork/STORKResponseProcessor.java | 61 ++++++++++---- .../validator/parep/client/szrgw/SZRGWClient.java | 95 ++++++++-------------- 5 files changed, 112 insertions(+), 96 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 49e2cbdd5..fe23b545f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; -import iaik.pki.PKIException; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -32,7 +31,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; -import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; @@ -60,7 +58,6 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; -import org.springframework.util.xml.DomUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -123,8 +120,8 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; @@ -137,7 +134,6 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKAuthnRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1700,8 +1696,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return Identity link assertion * @throws SZRGWClientException */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse - getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { SZRGWClient client = null; @@ -1713,8 +1709,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); - request.setSignature(DOMUtils.serializeNode(signature).getBytes()); + request.setSignature(citizenSignature.getBytes()); + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1735,17 +1732,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // throw new SZRGWClientException("Could not initialize SSL Factory"); // } // } - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - } catch (TransformerException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } // // create request @@ -1775,6 +1765,34 @@ public class AuthenticationServer implements MOAIDAuthConstants { } + /** + * Does the request to the SZR-GW. + * + * @param signature the signature + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + } + + /** + * Does the request to the SZR-GW. + * + * @param PEPSIdentifier the pEPS identifier + * @param PEPSFirstname the pEPS firstname + * @param PEPSFamilyname the pEPS familyname + * @param PEPSDateOfBirth the pEPS date of birth + * @param signature XMLDSIG signature + * @return Identity link assertion + * @throws SZRGWClientException the sZRGW client exception + * @throws ConfigurationException the configuration exception + */ + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException, ConfigurationException { + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); + } + /** * Starts a MOA-ID authentication process using STORK * @param req HttpServletRequest diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 222faec37..be307ae14 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -162,7 +162,7 @@ public class GetForeignIDServlet extends AuthServlet { } // make SZR request to the identity link - CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature); + CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature); if (response.isError()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 653f40670..f1ee4c181 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -178,7 +178,7 @@ public class PEPSConnectorServlet extends AuthServlet { //contact SZR Gateway IdentityLink identityLink = null; try { - identityLink = STORKResponseProcessor.connectToSZRGateway(citizenSignature, storkAssertion.getAttributeStatements().get(0).getAttributes()); + identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList()); } catch (STORKException e) { Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e47a43c90..e2112a4d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; import eu.stork.mw.messages.saml.STORKResponse; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; @@ -294,29 +295,41 @@ public class STORKResponseProcessor { } - + + /** + * helper for reading attributes. Handles logging and error handling. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return the attribute value + * @throws STORKException the sTORK exception + */ + private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException { + try { + String result = attributeList.get(attributeName).getValue().get(0); + Logger.trace(attributeName + " : " + result); + return result; + } catch(NullPointerException e) { + Logger.error(attributeName + " not found in response"); + throw new STORKException(attributeName + " not found in response"); + } + } + /** * Handels connection to SZR-GW and returns Identity Link on success - * @param citizenSignature Citizen signature - * @param attributeList Received attribute List in assertion + * @param iPersonalAttributeList Received attribute List in assertion * @return Identity Link * @throws STORKException */ - public static IdentityLink connectToSZRGateway(Element citizenSignature, List attributeList) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier); - - String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName); - - String lastName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_SURNAME); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_SURNAME+ " : " + lastName); - - String dateOfBirth = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH + " : " + dateOfBirth); - + // fetch mandatory attributes + String citizenSignature = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, attributeList); + String eIdentifier = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, attributeList); + String givenName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, attributeList); + String lastName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SURNAME, attributeList); + String dateOfBirth = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, attributeList); if (!StringUtils.isEmpty(dateOfBirth)) { dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); } @@ -325,7 +338,21 @@ public class STORKResponseProcessor { IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + + // do we have a case of representation? + try { + String representative = getAttributeValue("representative", attributeList); + String represented = getAttributeValue("represented", attributeList); + String mandate = getAttributeValue("mandateContent", attributeList); + + // if we get here we have a representation case + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + + } catch(STORKException e) { + // we do not have a representation case + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + } + if (response.isError()) { Logger.error("Receveid ErrorResponse from SZR Gateway."); throw new SZRGWClientException(response.getError()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index e3457f4de..325bf25a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -39,7 +39,6 @@ import org.apache.commons.httpclient.protocol.Protocol; import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.Text; @@ -254,8 +253,8 @@ public class SZRGWClient { } } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException { + + public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String representative, String represented, String mandateContent) throws SZRGWClientException { String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; try { @@ -299,73 +298,25 @@ public class SZRGWClient { Text text= doc.createTextNode(PEPSDateOfBirth); elem.appendChild(text); } - } - - if (signature == null) - throw new SZRGWClientException("Signature element must not be null!"); - else { - Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature"); - Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent"); - sig.appendChild(xmlcontent); - Node n = doc.importNode(signature, true); - getIdentityLink.appendChild(sig); - xmlcontent.appendChild(n); - } - - - return doc; - } catch (ParserConfigurationException e) { - throw new SZRGWClientException(e); - } /*catch (CertificateEncodingException e) { - throw new SZRGWClientException(e); - }*/ - - } - - public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - - String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; - - try { - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS); - doc.appendChild(getIdentityLink); - - if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) { - - Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData"); - getIdentityLink.appendChild(pepsDataElem); - - if (PEPSIdentifier != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier"); - pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSIdentifier); - elem.appendChild(text); - } - if (PEPSFirstname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname"); + if (representative != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Representative"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFirstname); + Text text= doc.createTextNode(representative); elem.appendChild(text); - } + } - if (PEPSFamilyname != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname"); + if (represented != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Represented"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSFamilyname); + Text text= doc.createTextNode(represented); elem.appendChild(text); } - if (PEPSDateOfBirth != null) { - Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth"); + if (mandateContent != null) { + Element elem = doc.createElementNS(SZRGW_NS, "szrgw:MandateContent"); pepsDataElem.appendChild(elem); - Text text= doc.createTextNode(PEPSDateOfBirth); + Text text= doc.createTextNode(mandateContent); elem.appendChild(text); } } @@ -380,7 +331,27 @@ public class SZRGWClient { Text text= doc.createTextNode(signature); base64content.appendChild(text); } - + + if(representative != null && represented != null && mandateContent != null) { + Element mis = doc.createElementNS(SZRGW_NS, "szrgw:MIS"); + Element filters = doc.createElementNS(SZRGW_NS, "szrgw:Filters"); + mis.appendChild(filters); + Element target = doc.createElementNS(SZRGW_NS, "szrgw:Target"); + mis.appendChild(target); + Element friendlyName = doc.createElementNS(SZRGW_NS, "szrgw:OAFriendlyName"); + mis.appendChild(friendlyName); + getIdentityLink.appendChild(mis); + +// TODO fetch data from oa params +// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +// moasessionid = StringEscapeUtils.escapeHtml(moasessionid); +// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); +// Text text = doc.createTextNode(oaParam.getFriendlyName()); + } + return doc; } catch (ParserConfigurationException e) { throw new SZRGWClientException(e); -- cgit v1.2.3 From ef85e5437f8d228978c1eaf9311aa97a292da4fa Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 16:54:33 +0100 Subject: moved XMLUtil to more reasonable place --- .../moa/id/auth/AuthenticationServer.java | 3 +- .../auth/stork/PEPSConnectorResponseVerifier.java | 2 +- .../moa/id/auth/stork/STORKResponseProcessor.java | 3 +- .../id/config/legacy/BuildFromLegacyConfig.java | 2 +- .../moa/id/config/stork/STORKConfig.java | 2 - .../pvp2x/verification/SAMLVerifierMOASP.java | 2 +- .../at/gv/egovernment/moa/id/util/XMLUtil.java | 143 +++++++++++++++++++++ 7 files changed, 150 insertions(+), 7 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index fe23b545f..b8a0fe678 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -122,6 +122,8 @@ import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; @@ -140,7 +142,6 @@ import eu.stork.peps.auth.commons.PersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import eu.stork.vidp.messages.util.XMLUtil; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java index f78067b5f..b3a707134 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java @@ -40,11 +40,11 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.vidp.messages.exception.SAMLValidationException; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; /** * Verifies the SMAL response according to the STORK specification diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e2112a4d9..ab62c2718 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -35,6 +35,8 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -43,7 +45,6 @@ import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; /** * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 7ef043abe..407e7da52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -18,7 +18,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.w3c.dom.Element; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -67,6 +66,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index e388b39e7..24c7ad264 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -20,8 +20,6 @@ import org.w3c.dom.Element; import org.xml.sax.SAXException; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; - import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java index c744abdf5..495f5f0db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -15,8 +15,8 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.vidp.messages.util.XMLUtil; public class SAMLVerifierMOASP implements ISAMLVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java new file mode 100644 index 000000000..d87d510fa --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java @@ -0,0 +1,143 @@ +/** + * + */ +package at.gv.egovernment.moa.id.util; + +import java.io.File; +import java.io.IOException; +import java.io.Reader; +import java.io.StringReader; +import java.io.StringWriter; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +/** + * Helper class for XML processing + * @author bzwattendorfer + * + */ +public class XMLUtil { + + /** + * Transforms a string representation to a DOM representation + * @param xmlString XML as string + * @return DOM representation of String + * @throws ParserConfigurationException + * @throws SAXException + * @throws IOException + */ + public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + + DocumentBuilder builder = dbf.newDocumentBuilder(); + + Reader reader = new StringReader(xmlString); + InputSource src = new InputSource(reader); + Document domDoc = builder.parse(src); + return domDoc.getDocumentElement(); + } + + /** + * Creates a new and empty XML document + * @return New XML document + * @throws ParserConfigurationException + */ + public static Document createNewDocument() throws ParserConfigurationException { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + + DocumentBuilder builder = dbf.newDocumentBuilder(); + return builder.newDocument(); + } + + /** + * Transforms an XML to a String + * @param node XML node + * @return String represenation of XML + */ + public static String printXML(Node node) { + TransformerFactory tfactory = TransformerFactory.newInstance(); + Transformer serializer; + try { + serializer = tfactory.newTransformer(); + + serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8"); + + StringWriter output = new StringWriter(); + serializer.transform(new DOMSource(node), new StreamResult(output)); + return output.toString(); + } catch (TransformerException e) { + + throw new RuntimeException(e); + } + } + + /** + * Writes an XML element to a given file + * @param doc XML element + * @param filename Filename of the file where to write XML + */ + public static void writeXmlFile(Element doc, String filename) { + try { + + Source source = new DOMSource(doc); + File file = new File(filename); + Result result = new StreamResult(file); + + Transformer xformer = TransformerFactory.newInstance().newTransformer(); + xformer.transform(source, result); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + /** + * Gets the first text value of a NodeList + * @param nList NodeList + * @return first text value of a NodeList + */ + public static String getFirstTextValueFromNodeList(NodeList nList) { + if (nList != null && nList.getLength() != 0) { + return nList.item(0).getTextContent(); + } + return null; + } + + /** + * Gets the first element of a Node + * @param parent Node + * @return first element of a Node + */ + public static Element getFirstElement(Node parent) { + Node n = parent.getFirstChild(); + while (n != null && n.getNodeType() != Node.ELEMENT_NODE) { + n = n.getNextSibling(); + } + if (n == null) { + return null; + } + return (Element)n; + } + + + +} -- cgit v1.2.3 From 133f63cef5bffb06e57896a1e83383a414d932df Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 17:01:41 +0100 Subject: attribute name handling is more samlengine like --- .../egovernment/moa/id/auth/stork/STORKResponseProcessor.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index ab62c2718..b8e823de0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -326,11 +326,11 @@ public class STORKResponseProcessor { Logger.trace("Calling SZR Gateway with the following attributes:"); // fetch mandatory attributes - String citizenSignature = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC, attributeList); - String eIdentifier = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, attributeList); - String givenName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, attributeList); - String lastName = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_SURNAME, attributeList); - String dateOfBirth = getAttributeValue(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, attributeList); + String citizenSignature = getAttributeValue("signedDoc", attributeList); + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); if (!StringUtils.isEmpty(dateOfBirth)) { dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); } -- cgit v1.2.3 From 1ff6044b66a717edff42bd3a1c19a044e744c3b3 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Sun, 26 Jan 2014 17:09:46 +0100 Subject: cleanup --- .../moa/id/config/stork/STORKConfig.java | 51 ---------------------- 1 file changed, 51 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 24c7ad264..3282b8737 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -3,7 +3,6 @@ */ package at.gv.egovernment.moa.id.config.stork; -import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; @@ -12,17 +11,7 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import javax.xml.parsers.ParserConfigurationException; - -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; - -import eu.stork.vidp.messages.util.SAMLUtil; -import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -57,54 +46,14 @@ public class STORKConfig { try { CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL())); - - -// List attr = cpep.getAttributeValue(); -// -// ArrayList requestedAttributes = new ArrayList(); -// -// for (String e1 : attr) { -// Element element = XMLUtil.stringToDOM(e1); -// RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element); -// requestedAttributes.add(requestedAttribute); -// } -// moacpep.setCountrySpecificRequestedAttributes(requestedAttributes); - cpepsMap.put(cpep.getCountryCode(), moacpep); } catch (MalformedURLException e) { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); -// } catch (ParserConfigurationException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); -// } catch (SAXException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); -// } catch (IOException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); -// } catch (MessageEncodingException e) { -// Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " -// + cpep.getCountryCode() + " has an invalid Attribute and is ignored."); } -// SAMLSigningParameter samlsign = stork.getSAMLSigningParameter(); // TODO Fix nullpointerexception when nothing is configured -// -// if (samlsign == null) { -// Logger.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found."); -// -// } else { -// SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter(); -// -// if (sigverify == null) { -// Logger.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found."); -// -// } else { -// sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID()); -// } -// } attr = new ArrayList(); for(StorkAttribute current : stork.getAttributes()) { attr.add(current); -- cgit v1.2.3 From 8d18054deef38fa8a434f5049664c7219f5c9d7a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 10:27:20 +0100 Subject: cleaned legacy config from stork artifacts --- .../id/config/legacy/BuildFromLegacyConfig.java | 68 -------- .../moa/id/config/legacy/ConfigurationBuilder.java | 176 --------------------- .../moa/id/config/legacy/OAAuthParameter.java | 59 ------- 3 files changed, 303 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 407e7da52..f5fdbd90a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -14,15 +14,11 @@ import java.util.Map; import java.util.Properties; import java.util.Set; -import org.opensaml.saml2.metadata.RequestedAttribute; import org.w3c.dom.Element; -import eu.stork.vidp.messages.util.SAMLUtil; - import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; @@ -32,8 +28,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName; -import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; @@ -47,13 +41,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType; -import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; @@ -66,7 +56,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.data.IssuerAndSerial; -import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; @@ -283,63 +272,6 @@ public class BuildFromLegacyConfig { parseConnectionParameterClientAuth(foreignIDConnectionParameter); auth_foreign.setConnectionParameter(auth_foreign_connection); - //set STORK configuration - STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); - STORK auth_foreign_stork = new STORK(); - auth_foreign.setSTORK(auth_foreign_stork); - - //set CPEPS - Map map = storkConfig.getCpepsMap(); - Set map_keys = map.keySet(); - List auth_foreign_stork_cpeps = new ArrayList(); - for (String key : map_keys) { - CPEPS cpep = new CPEPS(); - cpep.setCountryCode(map.get(key).getCountryCode()); - cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!! - - List cpep_reqs = new ArrayList(); - - List map1 = map.get(key).getCountrySpecificRequestedAttributes(); - for (RequestedAttribute e1 : map1) { - Element element = SAMLUtil.marshallMessage(e1); - cpep_reqs.add(XMLUtil.printXML(element)); - } - cpep.setAttributeValue(cpep_reqs); - auth_foreign_stork_cpeps.add(cpep); - } - auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); - - - //set SAMLSigningParameter - if (storkConfig.getSignatureCreationParameter() != null && - storkConfig.getSignatureVerificationParameter() != null) { - SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); - auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); - - SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); - auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); - KeyStore stork_saml_creat_keystore = new KeyStore(); - stork_saml_creat.setKeyStore(stork_saml_creat_keystore); - stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); - stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); - KeyName stork_saml_creat_keyname = new KeyName(); - stork_saml_creat.setKeyName(stork_saml_creat_keyname); - stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); - stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); - - - - SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); - auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); - stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); - - } - - //TODO: check correctness - //set QualityAuthenticationAssurance - //set RequestedAttbutes - - //set OnlineMandates config ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); if (onlineMandatesConnectionParameter != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 3abc94b02..525c5a24e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -30,8 +30,6 @@ import iaik.utils.RFC2253NameParserException; import java.io.IOException; import java.math.BigInteger; -import java.net.MalformedURLException; -import java.net.URL; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -41,8 +39,6 @@ import java.util.List; import java.util.Map; import java.util.Vector; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.ws.message.encoder.MessageEncodingException; import org.w3c.dom.Attr; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -56,9 +52,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter; import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.legacy.CPEPS; import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter; -import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -66,15 +60,9 @@ import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; /** * A class that builds configuration data from a DOM based representation. @@ -1218,170 +1206,6 @@ public List getTrustedTemplateURLs() { } - /** - * Creates a SignatureVerificationParameter object from the MOA-ID configuration - * This configuration object contains the TrustProfile to be used for signature verification (STORK SAML Signature Verification) - * - * @return TrustProfileID for signature verification (STORK SAML Signature Verification) - */ - public SignatureVerificationParameter buildSTORKSignatureVerificationParameter() { - - Logger.debug("Loading STORK signature verification parameters."); - - Element signatureVerificationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER); - if (signatureVerificationParameterElement == null) { - Logger.debug("No STORK verification parameters found, " +AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER + "is missing."); - return null; - } - - SignatureVerificationParameter signatureVerificationParameter = new SignatureVerificationParameter(); - - String trustProfileID = XPathUtils.getElementValue(signatureVerificationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID, null); - if (StringUtils.isEmpty(trustProfileID)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID + "is missing."); - return null; - } - Logger.trace("Using the following MOA-SP TrustProfile for STORK SAML signature verification: " + trustProfileID); - signatureVerificationParameter.setTrustProfileID(trustProfileID); - - Logger.info("STORK signature verification parameters loaded."); - - return signatureVerificationParameter; - } - - /** - * Builds a C-PEPS object from configuration - * @param cpepsElement DOM Element of C-PEPS from configuration - * @return C-PEPS object - */ - public CPEPS buildSTORKCpeps(Element cpepsElement) { - - String countryCode = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE); - String cpepsURLString = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL); - if (StringUtils.isEmpty(countryCode)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE + "is missing."); - return null; - } - if (StringUtils.isEmpty(cpepsURLString)) { - Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL + "is missing."); - return null; - } - - URL cpepsURL; - try { - cpepsURL = new URL(cpepsURLString); - } catch (MalformedURLException e) { - Logger.error("Provided CPEPS-URL (" + cpepsURLString + ") for country " + countryCode + " is not a URL", e); - return null; - } - CPEPS cpeps = new CPEPS(countryCode, cpepsURL); - Logger.debug("Adding C-PEPS for country: " + cpeps.getCountryCode() + ", URL: " + cpeps.getPepsURL()); - - Element reqAttributeElement; - NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(cpepsElement, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES); - - while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { - RequestedAttribute requestedAttribute; - try { - requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); - } catch (MessageEncodingException e) { - Logger.error("Provided RequestedAttributes for CPEPS from country " + countryCode + " is malformed.", e); - return null; - } - //only add if STORK attribute is correct - if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { - cpeps.addCountrySpecificRequestedAttribute(requestedAttribute); - Logger.debug("Adding also country specific requested attribute for C-PEPS (" + countryCode + "): " + requestedAttribute.getName() + ", isRequired: " + requestedAttribute.isRequired()); - } else { - Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); - } - - } - - return cpeps; - } - - /** - * Builds the supported C-PEPS Map from configuration - * @return Map of C-PEPS - */ - public Map buildSTORKcPEPSMap() { - - Logger.debug("Loading STORK C-PEPS information"); - - Map cpepsMap = new HashMap(); - - NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS); - - Element cpepsElement; - CPEPS cpeps; - - while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) { - cpeps = buildSTORKCpeps(cpepsElement); - if (cpeps != null) { - cpepsMap.put(cpeps.getCountryCode(), cpeps); - } - } - - if(!cpepsMap.isEmpty()) { - Logger.info("STORK C-PEPS information loaded"); - } - - return cpepsMap; - - } - - /** - * Builds the required STORK QAALevel for this OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK QAALevel for this OA - */ - public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) { - Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA); - - if (qaaLevelElement == null) return null; - - try { - QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement); - return qaaLevel; - } catch (MessageEncodingException e) { - Logger.error("Could not build STORK QAALevel, using default."); - return null; - } - - } - - /** - * Builds the Requested Attributes specific for an OA - * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) - * @return STORK RequestedAttributes for this OA - */ - public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) { - List reqAttributeList = new ArrayList(); - - - Element reqAttributeElement; - NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE); - - while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { - RequestedAttribute requestedAttribute; - try { - requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); - } catch (MessageEncodingException e) { - Logger.error("Provided RequestedAttributes Online Application is malformed.", e); - return null; - } - //only add if STORK attribute is correct - if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { - reqAttributeList.add(requestedAttribute); - } else { - Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); - } - } - - return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); - } - /** * Method warn. * @param messageId to identify a country-specific message diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java index 3948522c0..7174e05dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java @@ -24,15 +24,6 @@ package at.gv.egovernment.moa.id.config.legacy; -import java.util.ArrayList; - -import org.opensaml.saml2.metadata.RequestedAttribute; - -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; - /** * Configuration parameters belonging to an online application, * to use with the MOA ID Auth component. @@ -129,22 +120,6 @@ public class OAAuthParameter extends OAParameter { */ private String identityLinkDomainIdentifierType; - /** - * STORK QAA Level, Default = 4 - */ - private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); - - /** - * STORK RequestedAttributes for Online Application - * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth - */ - private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), - STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); - - /** * Returns true if the Security Layer version is version 1.2, * otherwise false. @@ -464,38 +439,4 @@ public class OAAuthParameter extends OAParameter { return this.mandateProfiles; } - /** - * Returns the defined STORK QAALevel - * @return STORK QAALevel - */ - public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; - } - - /** - * Sets the STORK QAALevel - * @param qaaLevel - */ - public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { - this.qaaLevel = qaaLevel; - } - - /** - * Returns the desired STORK Requested Attributes - * @return STORK Requested Attributes - */ - public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; - } - - /** - * Sets the desired STORK Requested Attributes - * @param requestedAttributes - */ - public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - this.requestedAttributes = requestedAttributes; - } - - - } -- cgit v1.2.3 From fdcc7df81a159284d6bcfcd94be28c6f08afc5e4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 14:09:32 +0100 Subject: fixed merge issue missing bracket --- .../src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 3282b8737..95ed628fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -52,6 +52,7 @@ public class STORKConfig { Logger.warn("Error in MOA-ID Configuration. CPEP entry for country " + cpep.getCountryCode() + " has an invalid URL and is ignored."); } + } attr = new ArrayList(); -- cgit v1.2.3 From 09266016cbcb143d7b6e65d32b49b6b3d2cb53c0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 17:24:46 +0100 Subject: fixed issues after merge --- .../egovernment/moa/id/auth/AuthenticationServer.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index b8a0fe678..9ab96a726 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -135,6 +135,7 @@ import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; +import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -1712,6 +1713,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); request.setSignature(citizenSignature.getBytes()); + PEPSData data = new PEPSData(); + data.setDateOfBirth(PEPSDateOfBirth); + data.setFamilyname(PEPSFamilyname); + data.setFirstname(PEPSFirstname); + data.setIdentifier(PEPSIdentifier); + +// TODO add mandate data +// data.setRepresentative(representative); +// data.setRepresented(represented); +// data.setMandateContent(mandateContent); + request.setPEPSData(data); + + +// request.setMIS(value) + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1790,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException, ConfigurationException { + public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } -- cgit v1.2.3 From 98137f26f5b0bd33d178e16ea5ee9397f2cc2c0a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 17:42:26 +0100 Subject: refactored szrgw response type --- .../moa/id/auth/AuthenticationServer.java | 6 ++--- .../moa/id/auth/servlet/GetForeignIDServlet.java | 27 ++++++++-------------- .../moa/id/auth/stork/STORKResponseProcessor.java | 24 +++++++++---------- 3 files changed, 24 insertions(+), 33 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9ab96a726..3dc2639d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1699,7 +1699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { SZRGWClient client = null; @@ -1790,7 +1790,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { + public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); } @@ -1806,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception * @throws ConfigurationException the configuration exception */ - public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index be307ae14..d42cd85dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.servlet; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.CertificateException; import java.util.Map; @@ -47,14 +48,14 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** * Servlet requested for getting the foreign eID @@ -165,20 +166,12 @@ public class GetForeignIDServlet extends AuthServlet { CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature); - if (response.isError()) { - throw new SZRGWClientException(response.getError()); + if (null != response.getErrorResponse()){ + // TODO fix exception parameter + throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null); } else { - - Element samlAssertion = response.getAssertion(); - - try { - System.out.println("PB: " + DOMUtils.serializeNode(samlAssertion)); - } catch (TransformerException e) { - e.printStackTrace(); - } - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink())); IdentityLink identitylink = ilParser.parseIdentityLink(); session.setIdentityLink(identitylink); @@ -225,9 +218,9 @@ public class GetForeignIDServlet extends AuthServlet { } catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); - } - catch (SZRGWClientException ex) { - handleError(null, ex, req, resp, pendingRequestID); + } catch (Exception e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index b8e823de0..9dede7179 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -3,6 +3,7 @@ */ package at.gv.egovernment.moa.id.auth.stork; +import java.io.ByteArrayInputStream; import java.util.List; import java.util.Vector; @@ -33,14 +34,14 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.vidp.messages.common.STORKConstants; @@ -354,18 +355,15 @@ public class STORKResponseProcessor { response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); } - if (response.isError()) { - Logger.error("Receveid ErrorResponse from SZR Gateway."); - throw new SZRGWClientException(response.getError()); + + if (null != response.getErrorResponse()){ + // TODO fix exception parameter + throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null); } else { - Logger.trace("Receveid Success Response from SZR Gateway."); - Element samlAssertion = response.getAssertion(); - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink())); identityLink = ilParser.parseIdentityLink(); - Logger.debug("Received Identity Link from SZR Gateway"); //TODO: is this ok? // if (StringUtils.isEmpty(identityLink.getDateOfBirth())) { @@ -379,9 +377,9 @@ public class STORKResponseProcessor { } catch (ParseException e) { Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e); - } catch (at.gv.egovernment.moa.id.client.SZRGWClientException e) { - Logger.error("Error connecting SZR-Gateway: ", e); - throw new STORKException("Error connecting SZR-Gateway: ", e); + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); } return identityLink; -- cgit v1.2.3 From 04a2d507dfcf59dac15e542e391797e57a820c82 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 29 Jan 2014 14:02:05 +0100 Subject: complete workflow untested --- .../moa/id/auth/AuthenticationServer.java | 7 ++-- .../auth/builder/StartAuthenticationBuilder.java | 7 ++-- .../moa/id/auth/data/AuthenticationSession.java | 23 ++++++++++++- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 40 +++++----------------- .../moa/id/auth/stork/STORKResponseProcessor.java | 37 +++++++++----------- .../moa/id/protocols/saml1/GetArtifactAction.java | 14 ++++++++ 6 files changed, 68 insertions(+), 60 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3dc2639d5..f19881578 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1723,13 +1723,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { // data.setRepresentative(representative); // data.setRepresented(represented); // data.setMandateContent(mandateContent); - request.setPEPSData(data); - + if(null != PEPSIdentifier) + request.setPEPSData(data); + + // TODO add MIS data // request.setMIS(value) Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); + return response; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java index e4bf37417..3bc152ec8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -36,8 +36,7 @@ public class StartAuthenticationBuilder { Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); // STORK or normal authentication - //TODO: commented because npe was thrown - /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { //STORK authentication Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); Logger.debug("Starting STORK authentication"); @@ -45,13 +44,13 @@ public class StartAuthenticationBuilder { AuthenticationServer.startSTORKAuthentication(req, resp, moasession); return ""; - } else {*/ + } else { //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req); return getIdentityLinkForm; - //} + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4a7676ec8..3ab6701c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -26,6 +26,7 @@ import java.util.Vector; import org.w3c.dom.Element; +import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAuthnRequest; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -254,7 +255,9 @@ public class AuthenticationSession implements Serializable { private VerifyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; - + + private IPersonalAttributeList storkAttributes; + // private String requestedProtocolURL = null; public String getModul() { @@ -962,6 +965,24 @@ public class AuthenticationSession implements Serializable { public void setAuthBlockTokken(String authBlockTokken) { this.authBlockTokken = authBlockTokken; } + + /** + * Memorizes the stork attribute list. + * + * @param personalAttributeList the new stork attributes + */ + public void setStorkAttributes(IPersonalAttributeList personalAttributeList) { + this.storkAttributes = personalAttributeList; + } + + /** + * Recalls the stork attribute list. + * + * @return the stork attributes + */ + public IPersonalAttributeList getStorkAttributes() { + return this.storkAttributes; + } /** // * @return the oAuth20SessionObject diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index f1ee4c181..f05180932 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -78,9 +78,6 @@ public class PEPSConnectorServlet extends AuthServlet { //No authentication session has been started before Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); - } else { - //We know user and MOA takes over session handling, invalidate HttpSession - httpSession.invalidate(); } pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); @@ -192,49 +189,28 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.info("Received Identity Link from SZR Gateway"); moaSession.setIdentityLink(identityLink); - Logger.debug("Adding addtional STORK attributes to MOA assertion"); - //add other stork attributes to MOA assertion - List moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(storkAssertion.getAttributeStatements().get(0).getAttributes()); - moaSession.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); + Logger.debug("Adding addtional STORK attributes to MOA session"); + moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList()); //We don't have BKUURL, setting from null to "Not applicable" moaSession.setBkuURL("Not applicable (STORK Authentication)"); - - Logger.debug("Starting to assemble MOA assertion"); - //produce MOA-Assertion and artifact - String samlArtifactBase64 = - AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession); - Logger.info("MOA assertion assembled and SAML Artifact generated."); + + // free for single use + moaSession.setAuthenticatedUsed(false); + + // stork did the authentication step + moaSession.setAuthenticated(true); //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); //redirect String redirectURL = null; - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - /*redirectURL = moaSession.getOAURLRequested(); - if (!moaSession.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = response.encodeRedirectURL(redirectURL);*/ - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); redirectURL = response.encodeRedirectURL(redirectURL); - } else { - - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID); - } - - try { - AuthenticationSessionStoreage.storeSession(moaSession); - } catch (MOADatabaseException e) { - throw new MOAIDException("Session store error", null); - } response.setContentType("text/html"); response.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 9dede7179..664d0cf57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -14,7 +14,6 @@ import javax.xml.namespace.QName; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.ws.transport.http.HTTPInTransport; import org.opensaml.ws.transport.http.HTTPOutTransport; @@ -35,7 +34,6 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -44,6 +42,7 @@ import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.util.SAMLUtil; @@ -389,33 +388,29 @@ public class STORKResponseProcessor { /** * Transforms additional STORK attributes to MOA Extended attributes - * @param storkAttributeList STORK attribute list + * @param iPersonalAttributeList STORK attribute list * @return */ - public static List addAdditionalSTORKAttributes(List storkAttributeList) { + public static List addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { List moaExtendedSAMLAttributeList = new Vector(); + if(null == iPersonalAttributeList) + return moaExtendedSAMLAttributeList; + Logger.trace("Adding the following attributes to MOA assertion: "); int count = 0; - //only add attributes different than eIdentifier, given name, surname, dateOfBirth, signedDoc - for (Attribute attribute : storkAttributeList) { - //attribute is not in default returned attribute set - if (!STORKConstants.DEFAULT_STORK_RETURNED_ATTRIBUTE_SET.contains(attribute.getName())) { - - String attributeValue = null; - if (!attribute.getAttributeValues().isEmpty()) { - //we have attribute value - attributeValue = SAMLUtil.getStringValueFromXMLObject(attribute.getAttributeValues().get(0)); - } - ExtendedSAMLAttribute extendedSAMLAttribute = - new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); - moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); - count++; - Logger.trace("Additional attribute: " + attribute.getName()); - } + + for (PersonalAttribute attribute : iPersonalAttributeList) { + Object attributeValue = attribute.getValue(); + if (null == attributeValue) + attributeValue = attribute.getComplexValue(); + ExtendedSAMLAttribute extendedSAMLAttribute = + new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); + moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); + count++; + Logger.trace("Additional attribute: " + attribute.getName()); } - Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion."); return moaExtendedSAMLAttributeList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index fa9dbe990..bf353bce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -1,12 +1,17 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -48,6 +53,15 @@ public class GetArtifactAction implements IAction { oaParam, target); + // add other stork attributes to MOA assertion if available + if(null != session.getStorkAttributes()) { + List moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes()); + session.setExtendedSAMLAttributesOA(moaExtendedSAMLAttibutes); + //produce MOA-Assertion and artifact + AuthenticationServer.getInstance().getForeignAuthenticationData(session); + Logger.info("MOA assertion assembled and SAML Artifact generated."); + } + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { -- cgit v1.2.3 From 85a983b556baaaa45ea79a4da232a1a72d323708 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 29 Jan 2014 15:13:42 +0100 Subject: enhanced samlengine for floating config location --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 ++- .../at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f19881578..204e7f724 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1920,11 +1920,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { authnRequest.setEIDSectorShare(true); authnRequest.setCitizenCountryCode("LOCAL"); +// authnRequest.setCitizenCountryCode(moasession.getCcc()); Logger.debug("STORK AuthnRequest succesfully assembled."); - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("CONF0"); + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); try { authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); } catch (STORKSAMLEngineException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index f05180932..4819b8219 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -97,7 +97,7 @@ public class PEPSConnectorServlet extends AuthServlet { } //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); STORKAuthnResponse authnResponse = null; try { -- cgit v1.2.3 From 3e512ed4c85444fcbd3d364ffa48aa3291813b73 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 13:14:34 +0100 Subject: supply organization details on representative case --- .../moa/id/auth/AuthenticationServer.java | 36 +++++++++++++++++----- .../moa/id/auth/stork/STORKResponseProcessor.java | 16 ++++++++-- 2 files changed, 41 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 204e7f724..d77119f4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1699,7 +1699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { SZRGWClient client = null; @@ -1712,20 +1712,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); request.setSignature(citizenSignature.getBytes()); - + PEPSData data = new PEPSData(); data.setDateOfBirth(PEPSDateOfBirth); data.setFamilyname(PEPSFamilyname); data.setFirstname(PEPSFirstname); data.setIdentifier(PEPSIdentifier); -// TODO add mandate data -// data.setRepresentative(representative); -// data.setRepresented(represented); -// data.setMandateContent(mandateContent); + data.setRepresentative(representative); + data.setRepresented(represented); + data.setMandateContent(mandateContent); - if(null != PEPSIdentifier) - request.setPEPSData(data); + data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); + data.setLegalPersonTranslatableType(organizationType); // TODO add MIS data // request.setMIS(value) @@ -1812,6 +1811,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } + + /** + * SZR-GW Client interface. + * + * @param eIdentifier the e identifier + * @param givenName the given name + * @param lastName the last name + * @param dateOfBirth the date of birth + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @return the identity link + * @throws SZRGWClientException the sZRGW client exception + */ + public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, + String givenName, String lastName, String dateOfBirth, + String citizenSignature, String representative, String represented, + String mandate) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, null, null); + } /** * Starts a MOA-ID authentication process using STORK diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 664d0cf57..e81adfb52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -345,10 +345,20 @@ public class STORKResponseProcessor { String representative = getAttributeValue("representative", attributeList); String represented = getAttributeValue("represented", attributeList); String mandate = getAttributeValue("mandateContent", attributeList); + + // we definitely know we have a representation case here + // lets try if the represented is an organization + try { + String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); + String organizationType = getAttributeValue("translateableType", attributeList); + + // if we got here, we have a natural person representing a legal person + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType); + } catch(STORKException e1) { - // if we get here we have a representation case - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); - + // if we get here we have natural persons representing each other + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + } } catch(STORKException e) { // we do not have a representation case response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); -- cgit v1.2.3 From 58b19f33806927a753d76ff2d2f79e44353b0e03 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 15:12:04 +0100 Subject: refactored attribute parsing --- .../moa/id/auth/AuthenticationServer.java | 59 +++++------------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 19 +----- .../moa/id/auth/stork/STORKResponseProcessor.java | 76 ++++++++++++++-------- 3 files changed, 67 insertions(+), 87 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d77119f4a..5ae3d8e47 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1733,53 +1733,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); return response; - - -// client.setAddress(connectionParameters.getUrl()); -// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { -// Logger.debug("Initialisiere SSL Verbindung"); -// try { -// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); -// } catch (IOException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (GeneralSecurityException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } catch (PKIException e) { -// Logger.error("Could not initialize SSL Factory", e); -// throw new SZRGWClientException("Could not initialize SSL Factory"); -// } -// } } catch (ConfigurationException e) { Logger.warn(e); Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); } -// // create request -// CreateIdentityLinkResponse response = null; -// Element request = null; -// try { -// Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature); -// request = doc.getDocumentElement(); -// -// // send request -// response = client.createIdentityLinkResponse(request, connectionParameters.getUrl()); -// -// -// -// } catch (SZRGWClientException e) { -// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. -//// try { -//// response = client.createIdentityLinkResponse(request); -//// } -//// catch (SZRGWClientException e1) { -//// throw new SZRGWClientException(e1); -//// } -// } - - return null; } @@ -1811,6 +1770,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); } + + /** + * Gets the identity link. + * + * @param citizenSignature the citizen signature + * @param representative the representative + * @param represented the represented + * @param mandate the mandate + * @param organizationAddress the organization address + * @param organizationType the organization type + * @return the identity link + * @throws SZRGWClientException + */ + public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, + String representative, String represented, String mandateContent, + String organizationAddress, String organizationType) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + } /** * SZR-GW Client interface. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4819b8219..45e6ab816 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -137,29 +137,12 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); -// Logger.debug("Starting validation of SAML assertion"); -// //verify SAML assertion - Assertion storkAssertion = authnResponse.getAssertions().get(0); -// try { -// STORKResponseProcessor.verifySTORKAssertion( -// storkAssertion, //assertion -// request.getRemoteAddr(), //IP address of user -// storkAuthnRequest.getID(), //ID of STORK AuthnRequest -// request.getRequestURL().toString(), //destination -// HTTPUtils.getBaseURL(request), //audience -// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes -// } catch (STORKException e) { -// Logger.error("Failed to verify STORK SAML Assertion", e); -// throw new MOAIDException("stork.08", null); -// } -// -// Logger.info("SAML assertion succesfully verified!"); - Logger.debug("Starting extraction of signedDoc attribute"); //extract signed doc element and citizen signature Element citizenSignature = null; try { + Assertion storkAssertion = authnResponse.getAssertions().get(0); citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion); moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature)); moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index e81adfb52..466d86f87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -296,6 +296,22 @@ public class STORKResponseProcessor { } + + /** + * Checks for attribute. + * + * @param attributeName the attribute name + * @param attributeList the attribute list + * @return true, if successful + */ + private static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) { + try { + getAttributeValue(attributeName, attributeList); + return true; + } catch(STORKException e) { + return false; + } + } /** * helper for reading attributes. Handles logging and error handling. @@ -325,52 +341,56 @@ public class STORKResponseProcessor { public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - // fetch mandatory attributes - String citizenSignature = getAttributeValue("signedDoc", attributeList); - String eIdentifier = getAttributeValue("eIdentifier", attributeList); - String givenName = getAttributeValue("givenName", attributeList); - String lastName = getAttributeValue("surname", attributeList); - String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); - if (!StringUtils.isEmpty(dateOfBirth)) { - dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - } - - CreateIdentityLinkResponse response; + CreateIdentityLinkResponse identityLinkResponse = null; IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - // do we have a case of representation? - try { + + // if there is no signedDoc attribute, we cannot go on + String citizenSignature = getAttributeValue("signedDoc", attributeList); + + // if we have a signedDoc we test for a representation case + if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) { + // we have a representation case String representative = getAttributeValue("representative", attributeList); String represented = getAttributeValue("represented", attributeList); String mandate = getAttributeValue("mandateContent", attributeList); - // we definitely know we have a representation case here - // lets try if the represented is an organization - try { + if(!hasAttribute("dateOfBirth", attributeList)) { + // if we get here, we have a natural person representing a legal person String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); String organizationType = getAttributeValue("translateableType", attributeList); - // if we got here, we have a natural person representing a legal person - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, organizationAddress, organizationType); - } catch(STORKException e1) { + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType); + } else { + // if we get here, we have a natural person representing another natural person + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - // if we get here we have natural persons representing each other - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); } - } catch(STORKException e) { + } else { // we do not have a representation case - response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + String eIdentifier = getAttributeValue("eIdentifier", attributeList); + String givenName = getAttributeValue("givenName", attributeList); + String lastName = getAttributeValue("surname", attributeList); + String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) + dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); } - - - if (null != response.getErrorResponse()){ + + if (null != identityLinkResponse.getErrorResponse()){ // TODO fix exception parameter - throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null); + throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null); } else { - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink())); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink())); identityLink = ilParser.parseIdentityLink(); Logger.debug("Received Identity Link from SZR Gateway"); -- cgit v1.2.3 From b04ffb6167dca0a3d1c116953b23aebe1ddf4e32 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 18:05:19 +0100 Subject: gender retrieval if not delivered by stork --- .../moa/id/auth/AuthenticationServer.java | 12 ++--- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 54 ++++++++++++++++++++++ .../moa/id/auth/stork/STORKResponseProcessor.java | 7 ++- .../resources/resources/templates/fetchGender.html | 16 +++++++ 4 files changed, 82 insertions(+), 7 deletions(-) create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5ae3d8e47..ec1762cbf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1699,7 +1699,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { SZRGWClient client = null; @@ -1752,7 +1752,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + return getIdentityLink(null, null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); } /** @@ -1768,7 +1768,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature, null, null, null); + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null); } /** @@ -1786,7 +1786,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, String representative, String represented, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + return getIdentityLink(null, null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); } /** @@ -1804,10 +1804,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException the sZRGW client exception */ public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, - String givenName, String lastName, String dateOfBirth, + String givenName, String lastName, String dateOfBirth, String gender, String citizenSignature, String representative, String represented, String mandate) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate, null, null); + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate, null, null); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 45e6ab816..a1d38d488 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; +import java.io.StringWriter; +import java.util.ArrayList; import java.util.List; import javax.servlet.ServletException; @@ -9,6 +11,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.StatusCode; import org.w3c.dom.Element; @@ -22,6 +27,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -30,6 +36,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.STORKAuthnRequest; import eu.stork.peps.auth.commons.STORKAuthnResponse; import eu.stork.peps.auth.engine.STORKSAMLEngine; @@ -154,12 +161,59 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); + ////////////// incorporate gender from parameters if not in stork response + + PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender"); + if(null == gender) { + String gendervalue = (String) request.getParameter("gender"); + if(null != gendervalue) { + gender = new PersonalAttribute(); + gender.setName("gender"); + ArrayList tmp = new ArrayList(); + tmp.add(gendervalue); + gender.setValue(tmp); + + authnResponse.getPersonalAttributeList().add(gender); + } + } + + ////////////////////////////////////////////////////////////////////////// + + Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway IdentityLink identityLink = null; try { identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList()); } catch (STORKException e) { + // this is really nasty but we work against the system here. We are supposed to get the gender attribute from + // stork. If we do not, we cannot register the person in the ERnP - we have to have the + // gender for the represented person. So here comes the dirty hack. + if(e.getMessage().equals("gender not found in response")) { + // fetch gender + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); + VelocityContext context = new VelocityContext(); + context.put("SAMLResponse", request.getParameter("SAMLResponse")); + context.put("action", request.getRequestURL()); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + +// response.setContentType("text/html"); + response.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e1) { + Logger.error("Error sending gender retrival form.", e1); + httpSession.invalidate(); + throw new MOAIDException("stork.10", null); + } + + return; + } Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 466d86f87..5406dc0e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -369,10 +369,13 @@ public class STORKResponseProcessor { String givenName = getAttributeValue("givenName", attributeList); String lastName = getAttributeValue("surname", attributeList); String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); + + // gender attribute is mandatory here because of some legal stuff +// String gender = getAttributeValue("gender", attributeList); if (!StringUtils.isEmpty(dateOfBirth)) dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, representative, represented, mandate); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate); } } else { // we do not have a representation case @@ -406,6 +409,8 @@ public class STORKResponseProcessor { } catch (ParseException e) { Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e); + } catch(STORKException e) { + throw e; } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html b/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html new file mode 100644 index 000000000..f47ee53ff --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html @@ -0,0 +1,16 @@ + + + +
+
+ +
+

Please indicate the gender of the represented.

+
+ + +
+
+ + + \ No newline at end of file -- cgit v1.2.3 From 8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 19:04:02 +0100 Subject: added stork signature client api - untested --- id/server/idserverlib/pom.xml | 5 +++ .../moa/id/auth/AuthenticationServer.java | 36 ++++++++++++++------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 39 ++++++++++++---------- 3 files changed, 53 insertions(+), 27 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 8a9cdd51f..245348d09 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -37,6 +37,11 @@ SamlEngine 1.1.0 + + eu.stork + oasis-dss-api + 1.0.0-SNAPSHOT + MOA.id.server moa-id-commons diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ec1762cbf..decf166c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -58,6 +58,7 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.DOMException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -137,6 +138,11 @@ import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.profile.DocumentType; +import eu.stork.oasisdss.profile.InputDocuments; +import eu.stork.oasisdss.profile.SignRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1882,7 +1888,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName("signedDoc"); List value = new ArrayList(); - value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml")); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml")); newAttribute.setValue(value); attributeList.add(newAttribute); @@ -1978,18 +1984,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentifierGenerator idGenerator; try { idGenerator = new SecureRandomIdentifierGenerator(); - - return "" + - "" + - "" + - "" + text + "" + - "" + - "" + - ""; + + DocumentType doc = new DocumentType(); + doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + request.setRequestID(idGenerator.generateIdentifier()); + + return ApiUtils.marshalToDocument(request).getTextContent(); } catch (NoSuchAlgorithmException e) { Logger.error("Cannot generate id", e); throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (ParserConfigurationException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index a1d38d488..3129c9e31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -10,6 +10,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.xml.transform.stream.StreamSource; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; @@ -30,11 +31,15 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -144,23 +149,6 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - Logger.debug("Starting extraction of signedDoc attribute"); - //extract signed doc element and citizen signature - Element citizenSignature = null; - try { - - Assertion storkAssertion = authnResponse.getAssertions().get(0); - citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion); - moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature)); - moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature)); - - } catch (Exception e) { - Logger.error("Could not extract citizen signature from C-PEPS", e); - throw new MOAIDException("stork.09", null); - } - Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); - Logger.debug("Citizen signature will be verified by SZR Gateway!"); - ////////////// incorporate gender from parameters if not in stork response PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender"); @@ -179,6 +167,23 @@ public class PEPSConnectorServlet extends AuthServlet { ////////////////////////////////////////////////////////////////////////// + Logger.debug("Starting extraction of signedDoc attribute"); + //extract signed doc element and citizen signature + String citizenSignature = null; + try { + citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + moaSession.setAuthBlock(citizenSignature); + + // FIXME untested + Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature))); + moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp)); + + } catch (Exception e) { + Logger.error("Could not extract citizen signature from C-PEPS", e); + throw new MOAIDException("stork.09", null); + } + Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); + Logger.debug("Citizen signature will be verified by SZR Gateway!"); Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway -- cgit v1.2.3 From 20c7b74026da669ff560281e69b4df37392154fd Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 20:49:58 +0100 Subject: supply MIS information to SZRGW --- .../moa/id/auth/AuthenticationServer.java | 45 ++++++++++++++++------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 21 +++++++++- .../moa/id/auth/stork/STORKResponseProcessor.java | 12 ++++-- 3 files changed, 63 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index decf166c4..60b269059 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -135,9 +135,13 @@ import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.util.xsd.mis.MandateIdentifiers; +import at.gv.util.xsd.mis.Target; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import at.gv.util.xsd.srzgw.MISType; +import at.gv.util.xsd.srzgw.MISType.Filters; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.ApiUtilsException; import eu.stork.oasisdss.profile.DocumentType; @@ -1700,20 +1704,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** * Does the request to the SZR-GW - * @param signature XMLDSIG signature + * @param oaFriendlyName + * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { - SZRGWClient client = null; - try { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - client = new SZRGWClient(connectionParameters); + SZRGWClient client = new SZRGWClient(connectionParameters); CreateIdentityLinkRequest request = new CreateIdentityLinkRequest(); @@ -1732,8 +1735,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { data.setLegalPersonCanonicalRegisteredAddress(organizationAddress); data.setLegalPersonTranslatableType(organizationType); - // TODO add MIS data -// request.setMIS(value) + if(null != mandateContent) { + MISType mis = new MISType(); + + Target targetObject = new Target(); + targetObject.setValue(target); + mis.setTarget(targetObject); + + mis.setOAFriendlyName(oaFriendlyName); + + Filters filterObject = new Filters(); + MandateIdentifiers mandateIds = new MandateIdentifiers(); + for(String current : filters.split(",")) + mandateIds.getMandateIdentifier().add(current.trim()); + filterObject.setMandateIdentifiers(mandateIds); + mis.setFilters(filterObject); + + request.setMIS(mis); + } Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl()); @@ -1791,8 +1810,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, String representative, String represented, String mandateContent, - String organizationAddress, String organizationType) throws SZRGWClientException { - return getIdentityLink(null, null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, organizationType); + String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(null, null, null, null, null, + citizenSignature, represented, representative, mandateContent, organizationAddress, + organizationType, target, oaFriendlyName, filters); } /** @@ -1812,8 +1833,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, String givenName, String lastName, String dateOfBirth, String gender, String citizenSignature, String representative, String represented, - String mandate) throws SZRGWClientException { - return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate, null, null); + String mandate, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, + citizenSignature, representative, represented, mandate, null, + null, target, oaFriendlyName, filters); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 3129c9e31..bd8c6420d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -30,6 +30,8 @@ import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -185,11 +187,28 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); + Logger.debug("fetching OAParameters from database"); + + //read configuration paramters of OA + AuthenticationSession moasession; + try { + moasession = AuthenticationSessionStoreage.getSession(moaSessionID); + } catch (MOADatabaseException e2) { + Logger.error("could not retrieve moa session"); + throw new AuthenticationException("auth.01", null); + } + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); + Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway IdentityLink identityLink = null; try { - identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList()); + identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(), + oaParam.getFriendlyName(), + oaParam.getTarget(), + oaParam.getMandateProfiles()); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from // stork. If we do not, we cannot register the person in the ERnP - we have to have the diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 5406dc0e1..8385c5dbe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -334,11 +334,15 @@ public class STORKResponseProcessor { /** * Handels connection to SZR-GW and returns Identity Link on success + * @param oaFriendlyName + * @param target + * @param filters + * @param filter * @param iPersonalAttributeList Received attribute List in assertion * @return Identity Link * @throws STORKException */ - public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String target, String filters) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); CreateIdentityLinkResponse identityLinkResponse = null; @@ -362,7 +366,7 @@ public class STORKResponseProcessor { String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); String organizationType = getAttributeValue("translateableType", attributeList); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, target, oaFriendlyName, filters); } else { // if we get here, we have a natural person representing another natural person String eIdentifier = getAttributeValue("eIdentifier", attributeList); @@ -375,7 +379,9 @@ public class STORKResponseProcessor { if (!StringUtils.isEmpty(dateOfBirth)) dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, + givenName, lastName, dateOfBirth, gender, citizenSignature, representative, + represented, mandate, target, oaFriendlyName, filters); } } else { // we do not have a representation case -- cgit v1.2.3 From e1e410da00a399a8b059645a14a7848b39d3525c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 20:59:16 +0100 Subject: removed old saml-engine --- id/server/idserverlib/pom.xml | 7 - .../moa/id/auth/stork/STORKResponseProcessor.java | 189 --------------------- 2 files changed, 196 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 245348d09..1efa46c7d 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -25,13 +25,6 @@ - - - MOA.id - stork-saml-engine - 1.5.2 - - eu.stork SamlEngine diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 8385c5dbe..6d88a1684 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -40,11 +40,8 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.util.SAMLUtil; /** * @@ -60,192 +57,6 @@ public class STORKResponseProcessor { /** OASIS DSS Success Message */ public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success"; - /** - * Extracts a STORK response from a HTTP message - * @param request HttpServletRequest - * @param response HttpServletResponse - * @return STORK Response - * @throws STORKException - */ - public static STORKResponse receiveSTORKRepsonse(HttpServletRequest request, HttpServletResponse response) throws STORKException { - - HTTPInTransport httpInTransport = new HttpServletRequestAdapter(request); - HTTPOutTransport httpOutTransport = new HttpServletResponseAdapter(response, request.isSecure()); - - httpInTransport.getPeerAddress(); - - String samlResponseString = request.getParameter("SAMLResponse"); - - if (StringUtils.isEmpty(samlResponseString)) { - Logger.error("SAMLResponse not found in request."); - throw new STORKException("SAMLResponse not found in request."); - } - - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - - samlMessageContext.setInboundMessageTransport(httpInTransport); - samlMessageContext.setOutboundMessageTransport(httpOutTransport); - - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - - try { - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding SAMLResponse message", e); - throw new STORKException("Error decoding SAMLResponse message", e); - } - - if (!(samlMessageContext.getInboundSAMLMessage() instanceof STORKResponse)) { - Logger.error("Message received is not a SAMLResponse message"); - throw new STORKException("Message received is not a SAMLResponse message"); - } - - STORKResponse samlResponse = (STORKResponse) samlMessageContext.getInboundSAMLMessage(); - - return samlResponse; - } - - /** - * Verifies a STORK response according STORK specification - * @param storkResponse STORK Response to verify - * @throws STORKException if validation fails - */ - public static void verifySTORKResponse(STORKResponse storkResponse) throws STORKException { - - ResponseVerifier responseVerifier = new PEPSConnectorResponseVerifier(); - try { - responseVerifier.verify(storkResponse); - } catch (SecurityException e) { - Logger.error("Error validating response message from PEPS.", e); - throw new STORKException("Error validating response message from PEPS."); - } - - } - - /** - * Verifies a STORK assertion - * @param assertion STORK assertion - * @param ipAddress Client IP address - * @param authnRequestID ID of the AuthnRequest - * @param recipient recipient for verification - * @param audience audience for verification - * @param reqAttributeList RequestedAttribute list for verification - * @throws STORKException - */ - public static void verifySTORKAssertion( - Assertion assertion, - String ipAddress, - String authnRequestID, - String recipient, - String audience, - List reqAttributeList) throws STORKException { - - //validate Assertion - AssertionVerifier assertionVerifier = new PEPSConnectorAssertionVerifier(); - try { - assertionVerifier.verify(assertion, ipAddress, authnRequestID, recipient, audience, reqAttributeList); - - //verify if all required attributes are present - PEPSConnectorAssertionVerifier.validateRequiredAttributes(reqAttributeList, assertion.getAttributeStatements().get(0).getAttributes()); - - } catch (SecurityException e) { - Logger.error("Error verifying assertion from PEPS", e); - throw new STORKException("Error validating assertion received from PEPS."); - } - - } - - /** - * Extracts the citizen signature from the signedDoc element present in the STORK assertion - * @param storkAssertion STORK assertion - * @return citizen signature as XML - * @throws STORKException - */ - public static Element extractCitizenSignature(Assertion storkAssertion) throws STORKException { - - Logger.debug("Processing DSS signature response from PEPS"); - - Element signatureResponse = getSignedDocAttributeValue(storkAssertion); - - if (signatureResponse == null) { - String msg = "Could not find DSS signature response in SAML assertion"; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.debug("Found DSS signature in SAML assertion"); - - Logger.debug("DSS Signature creation response received from PEPS (pretty print):"); - Logger.debug(XMLHelper.prettyPrintXML(signatureResponse)); - Logger.trace("DSS Signature creation response received from PEPS (original):"); - Logger.trace(XMLUtil.printXML(signatureResponse)); - - Element signature = getSignature(signatureResponse); - - if (signature == null) { - String msg = "Could not find citizen signature in SAML assertion"; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.debug("Found foreign citizen signature in SAML assertion (pretty print):"); - Logger.debug(XMLHelper.prettyPrintXML(signature)); - Logger.trace("Found foreign citizen signature in SAML assertion (original):"); - Logger.trace(XMLUtil.printXML(signature)); - - return signature; - } - - /** - * Extracts the signedDoc attribute from a STORK assertion as XML - * @param storkAssertion STORK assertion - * @return Value of signedDoc attribute - * @throws STORKException - */ - private static Element getSignedDocAttributeValue(Assertion storkAssertion) throws STORKException { - - XMLObject xmlObj = SAMLUtil.getAttributeValue(storkAssertion.getAttributeStatements().get(0).getAttributes(), STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC); - - - if (xmlObj instanceof XSAny) - return getSignedDocAttributeValueFromAny((XSAny) xmlObj); - else if (xmlObj instanceof XSString) - return getSignedDocAttributValueFromString((XSString) xmlObj); - else - return null; - - } - - /** - * Get signedDoc as XML if provided as anyType - * @param any AttributeValue as anyType - * @return signedDoc as XML - */ - private static Element getSignedDocAttributeValueFromAny(XSAny any) { - if (!any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).isEmpty()) { - XMLObject xmlObj = any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).get(0); - return xmlObj.getDOM(); - } else { - return null; - } - } - - /** - * Get signedDoc as XML if provided as String - * @param string AttributeValue as String - * @return signedDoc as XML - * @throws STORKException - */ - private static Element getSignedDocAttributValueFromString(XSString string) throws STORKException { - try { - return XMLUtil.stringToDOM(string.getValue()); - } catch (Exception e) { - Logger.error("Error building DOM", e); - throw new STORKException(e); - - } - } - /** * Extracts the signature value out of a DSS response * @param signatureResponse DSS signature response -- cgit v1.2.3 From 5ee3da37829fa14d70ad827e19364be4800fab37 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 08:55:04 +0100 Subject: fixed target type for MIS info --- .../moa/id/auth/AuthenticationServer.java | 17 +++++++++-------- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 18 +++++++++++++++++- .../moa/id/auth/stork/STORKResponseProcessor.java | 21 +++++++++++---------- 3 files changed, 37 insertions(+), 19 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 60b269059..94cab53d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1710,7 +1710,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws SZRGWClientException */ - public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { try { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); @@ -1739,7 +1739,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { MISType mis = new MISType(); Target targetObject = new Target(); - targetObject.setValue(target); + targetObject.setType(targetType); + targetObject.setValue(targetValue); mis.setTarget(targetObject); mis.setOAFriendlyName(oaFriendlyName); @@ -1777,7 +1778,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException { - return getIdentityLink(null, null, null, null, null, XMLHelper.nodeToString(signature), null, null, null); + return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature)); } /** @@ -1793,7 +1794,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException the configuration exception */ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException { - return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null); + return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null); } /** @@ -1810,10 +1811,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public CreateIdentityLinkResponse getIdentityLink(String citizenSignature, String representative, String represented, String mandateContent, - String organizationAddress, String organizationType, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { return getIdentityLink(null, null, null, null, null, citizenSignature, represented, representative, mandateContent, organizationAddress, - organizationType, target, oaFriendlyName, filters); + organizationType, targetType, targetValue, oaFriendlyName, filters); } /** @@ -1833,10 +1834,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { public CreateIdentityLinkResponse getIdentityLink(String eIdentifier, String givenName, String lastName, String dateOfBirth, String gender, String citizenSignature, String representative, String represented, - String mandate, String target, String oaFriendlyName, String filters) throws SZRGWClientException { + String mandate, String targetType, String targetValue, String oaFriendlyName, String filters) throws SZRGWClientException { return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, represented, mandate, null, - null, target, oaFriendlyName, filters); + null, targetType, targetValue, oaFriendlyName, filters); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index bd8c6420d..9dfce7838 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -200,6 +200,22 @@ public class PEPSConnectorServlet extends AuthServlet { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); + + // retrieve target + //TODO: check in case of SSO!!! + String targetType = null; + String targetValue = null; + if(oaParam.getBusinessService()) { + String id = oaParam.getIdentityLinkDomainIdentifier(); + if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + targetValue = id.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + else + targetValue = moasession.getDomainIdentifier(); + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_; + } else { + targetType = AuthenticationSession.TARGET_PREFIX_; + targetValue = oaParam.getTarget(); + } Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway @@ -207,7 +223,7 @@ public class PEPSConnectorServlet extends AuthServlet { try { identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(), oaParam.getFriendlyName(), - oaParam.getTarget(), + targetType, targetValue, oaParam.getMandateProfiles()); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 6d88a1684..20ceb2128 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -144,16 +144,17 @@ public class STORKResponseProcessor { } /** - * Handels connection to SZR-GW and returns Identity Link on success - * @param oaFriendlyName - * @param target - * @param filters - * @param filter - * @param iPersonalAttributeList Received attribute List in assertion + * Handels connection to SZR-GW and returns Identity Link on success. + * + * @param attributeList the attribute list + * @param oaFriendlyName the oa friendly name + * @param targetType the target type + * @param targetValue the target value + * @param filters the filters * @return Identity Link - * @throws STORKException + * @throws STORKException the sTORK exception */ - public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String target, String filters) throws STORKException { + public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, String filters) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); CreateIdentityLinkResponse identityLinkResponse = null; @@ -177,7 +178,7 @@ public class STORKResponseProcessor { String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList); String organizationType = getAttributeValue("translateableType", attributeList); - identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, target, oaFriendlyName, filters); + identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters); } else { // if we get here, we have a natural person representing another natural person String eIdentifier = getAttributeValue("eIdentifier", attributeList); @@ -192,7 +193,7 @@ public class STORKResponseProcessor { identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender, citizenSignature, representative, - represented, mandate, target, oaFriendlyName, filters); + represented, mandate, targetType, targetValue, oaFriendlyName, filters); } } else { // we do not have a representation case -- cgit v1.2.3 From 2ee0d4beb3b23613b1bdaa3f9c58723d30303b79 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 14:39:04 +0100 Subject: fixed saml post binding template location --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 94cab53d4..209743f45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1986,7 +1986,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.trace("Initialize VelocityEngine..."); VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/saml2-post-binding-moa.vm"); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); VelocityContext context = new VelocityContext(); context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); context.put("action", destination); -- cgit v1.2.3 From 9122bf6862fe34881e5454f54c69692b7f5ed083 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 16:21:13 +0100 Subject: fixed outgoing signrequest - mostly tested --- .../moa/id/auth/AuthenticationServer.java | 40 +++++++++++++---- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 52 +++++++++++++++++----- .../moa/id/auth/stork/STORKResponseProcessor.java | 51 --------------------- 3 files changed, 73 insertions(+), 70 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 209743f45..146137a2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -31,6 +31,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; +import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.CertificateException; @@ -49,6 +50,7 @@ import javax.servlet.http.HttpSession; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringEscapeUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; @@ -123,7 +125,6 @@ import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; @@ -142,10 +143,14 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; import at.gv.util.xsd.srzgw.MISType; import at.gv.util.xsd.srzgw.MISType.Filters; +import eu.stork.oasisdss.api.AdditionalProfiles; import eu.stork.oasisdss.api.ApiUtils; import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.api.Profiles; +import eu.stork.oasisdss.api.QualityLevels; +import eu.stork.oasisdss.api.SignatureTypes; +import eu.stork.oasisdss.profile.AnyType; import eu.stork.oasisdss.profile.DocumentType; -import eu.stork.oasisdss.profile.InputDocuments; import eu.stork.oasisdss.profile.SignRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -1912,7 +1917,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName("signedDoc"); List value = new ArrayList(); - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml")); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), + "application/xhtml+xml", + moasession.getCcc())); newAttribute.setValue(value); attributeList.add(newAttribute); @@ -2004,20 +2011,37 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); } - private static String generateDssSignRequest(String text, String mimeType) { + private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) { IdentifierGenerator idGenerator; try { idGenerator = new SecureRandomIdentifierGenerator(); DocumentType doc = new DocumentType(); - doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes()); + doc.setBase64XML(text.getBytes()); + doc.setID(idGenerator.generateIdentifier()); SignRequest request = new SignRequest(); request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - request.setRequestID(idGenerator.generateIdentifier()); + String id = idGenerator.generateIdentifier(); + request.setRequestID(id); + request.setDocUI(id); - return ApiUtils.marshalToDocument(request).getTextContent(); + request.setProfile(Profiles.XADES_BES.toString()); + request.setNumberOfSigners(BigInteger.ONE); + request.setTargetCountry(citizenCountry); + + // no, no todo. PEPS will alter this value anyhow. + request.setReturnURL("http://invalid_return"); + + AnyType required = new AnyType(); + required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); + required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); + required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); + required.getAny().add(ApiUtils.createIncludeObject(doc)); + request.setOptionalInputs(required); + + return IOUtils.toString(ApiUtils.marshalToInputStream(request)); } catch (NoSuchAlgorithmException e) { Logger.error("Cannot generate id", e); throw new RuntimeException(e); @@ -2027,7 +2051,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } catch (DOMException e) { Logger.error("Could not create SignRequest", e); throw new RuntimeException(e); - } catch (ParserConfigurationException e) { + } catch (IOException e) { Logger.error("Could not create SignRequest", e); throw new RuntimeException(e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 9dfce7838..a3c8ebe4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -1,7 +1,10 @@ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.x509.X509Certificate; import java.io.IOException; +import java.io.InputStream; import java.io.StringWriter; +import java.net.URL; import java.util.ArrayList; import java.util.List; @@ -10,19 +13,19 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; import javax.xml.transform.stream.StreamSource; +import org.apache.commons.io.IOUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; -import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.StatusCode; -import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -33,14 +36,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.util.xsd.xmldsig.SignatureType; +import at.gv.util.xsd.xmldsig.X509DataType; import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.profile.DocumentWithSignature; import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -173,14 +176,41 @@ public class PEPSConnectorServlet extends AuthServlet { //extract signed doc element and citizen signature String citizenSignature = null; try { - citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); + + List doclocations = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), DocumentWithSignature.class.getSimpleName(), DocumentWithSignature.class); + // TODO handle multiple docs? + Logger.debug("trying first doclocation"); + String docUrl = doclocations.get(0).getDocument().getDocumentURL(); + Logger.debug("trying first doclocation successful"); + + // fetch signed doc + URL url = new URL(docUrl); + InputStream incomming = url.openStream(); + citizenSignature = IOUtils.toString(incomming); + incomming.close(); + + JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); + SignatureType root = ((JAXBElement) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue(); + + // memorize signature into authblock moaSession.setAuthBlock(citizenSignature); + + // extract certificate + for(Object current : root.getKeyInfo().getContent()) + if(((JAXBElement) current).getValue() instanceof X509DataType) { + for(Object currentX509Data : ((JAXBElement) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) { + JAXBElement casted = ((JAXBElement) currentX509Data); + if(casted.getName().getLocalPart().equals("X509Certificate")) { + moaSession.setSignerCertificate(new X509Certificate(((String)casted.getValue()).getBytes())); + break; + } + } + } - // FIXME untested - Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature))); - moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp)); - } catch (Exception e) { + } catch (Throwable e) { Logger.error("Could not extract citizen signature from C-PEPS", e); throw new MOAIDException("stork.09", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 20ceb2128..2534110d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -57,57 +57,6 @@ public class STORKResponseProcessor { /** OASIS DSS Success Message */ public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success"; - /** - * Extracts the signature value out of a DSS response - * @param signatureResponse DSS signature response - * @return signature - * @throws STORKException - */ - private static Element getSignature(Element signatureResponse) throws STORKException { - - NodeList nList = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "ResultMajor"); - - String resultMajor = XMLUtil.getFirstTextValueFromNodeList(nList); - - if (StringUtils.isEmpty(resultMajor)) { - String msg = "DSS response not correct, ResultMajor element missing."; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.trace("ResultMajor of DSS response: " + resultMajor); - - if (!OASIS_DSS_SUCCESS_MSG.equals(resultMajor)) { - String msg = "DSS response not correct, ResultMajor is " + resultMajor; - Logger.error(msg); - throw new STORKException(msg); - } - - NodeList nList2 = signatureResponse.getElementsByTagNameNS(OASIS_DSS_NS, "Base64Signature");; - - String base64SigString = XMLUtil.getFirstTextValueFromNodeList(nList2); - - if (StringUtils.isEmpty(base64SigString)) { - String msg = "DSS response not correct, Base64Signature element missing."; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.trace("Base64Signature element of DSS response: " + base64SigString); - - String sigString = new String(Base64.decode(base64SigString)); - - try { - return XMLUtil.stringToDOM(sigString); - } catch (Exception e) { - String msg = "Unable to extract signature from DSS response"; - Logger.error(msg); - throw new STORKException(msg); - } - - - } - /** * Checks for attribute. * -- cgit v1.2.3 From c2ccb7f48188b369c34cf2116b593a6d7c46b1ac Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 16:29:15 +0100 Subject: refactored gender retrieval --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 52 ++++++++++------------ .../moa/id/auth/stork/STORKResponseProcessor.java | 3 +- 2 files changed, 26 insertions(+), 29 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index a3c8ebe4d..b1829439a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -167,6 +167,30 @@ public class PEPSConnectorServlet extends AuthServlet { gender.setValue(tmp); authnResponse.getPersonalAttributeList().add(gender); + } else { + // this is really nasty but we work against the system here. We are supposed to get the gender attribute from + // stork. If we do not, we cannot register the person in the ERnP - we have to have the + // gender for the represented person. So here comes the dirty hack. + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); + VelocityContext context = new VelocityContext(); + context.put("SAMLResponse", request.getParameter("SAMLResponse")); + context.put("action", request.getRequestURL()); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + response.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e1) { + Logger.error("Error sending gender retrival form.", e1); + httpSession.invalidate(); + throw new MOAIDException("stork.10", null); + } + + return; } } @@ -256,34 +280,6 @@ public class PEPSConnectorServlet extends AuthServlet { targetType, targetValue, oaParam.getMandateProfiles()); } catch (STORKException e) { - // this is really nasty but we work against the system here. We are supposed to get the gender attribute from - // stork. If we do not, we cannot register the person in the ERnP - we have to have the - // gender for the represented person. So here comes the dirty hack. - if(e.getMessage().equals("gender not found in response")) { - // fetch gender - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); - VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", request.getParameter("SAMLResponse")); - context.put("action", request.getRequestURL()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - -// response.setContentType("text/html"); - response.getOutputStream().write(writer.toString().getBytes()); - } catch (Exception e1) { - Logger.error("Error sending gender retrival form.", e1); - httpSession.invalidate(); - throw new MOAIDException("stork.10", null); - } - - return; - } Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 2534110d5..344e842b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -136,7 +136,8 @@ public class STORKResponseProcessor { String dateOfBirth = getAttributeValue("dateOfBirth", attributeList); // gender attribute is mandatory here because of some legal stuff -// String gender = getAttributeValue("gender", attributeList); + String gender = getAttributeValue("gender", attributeList); + if (!StringUtils.isEmpty(dateOfBirth)) dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); -- cgit v1.2.3 From 3c1884ee275350e7b2a78256342d9610b1766898 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 31 Jan 2014 16:31:50 +0100 Subject: remove testing Citizen Country Code from auth flow --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 146137a2c..67824bb44 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1953,8 +1953,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { authnRequest.setEIDCrossSectorShare(true); authnRequest.setEIDSectorShare(true); - authnRequest.setCitizenCountryCode("LOCAL"); -// authnRequest.setCitizenCountryCode(moasession.getCcc()); + authnRequest.setCitizenCountryCode(moasession.getCcc()); Logger.debug("STORK AuthnRequest succesfully assembled."); -- cgit v1.2.3