From ac9a6c52e96f4c737de3392a7ba16b8fa8958b85 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 6 Apr 2011 15:29:11 +0000 Subject: =?UTF-8?q?-=20IAIK=20Libraries=20(repository)=20aktualisiert:=20?= =?UTF-8?q?=09iaik-moa:=20=20=20=20=20=20=20=20=20=20=20Version=201.29=20?= =?UTF-8?q?=09iaik=5Fjce=5Ffull:=09=09Version=204.0=5FMOA=20=09iaik=5Fcms:?= =?UTF-8?q?=09=09=09Version=204.1=5FMOA=20-=20Einbindung=20von=20Online-Vo?= =?UTF-8?q?llmachten=20-=20Update=20MOA-Template=20zur=20B=C3=BCrgerkarten?= =?UTF-8?q?auswahl=20-=20Update=20Doku=20-=20Update=20Transformationen=20(?= =?UTF-8?q?f=C3=BCr=20Online-Vollmachten)=20-=20=C3=84nderung=20der=20Konf?= =?UTF-8?q?iguration=20f=C3=BCr:=20=09-=20Online-Vollmachten?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1199 d688527b-c9ab-4aba-bd8d-4036d912da1d --- id/server/idserverlib/pom.xml | 7 +- .../moa/id/auth/AuthenticationServer.java | 240 ++++++++++++++++++- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../auth/builder/GetIdentityLinkFormBuilder.java | 67 ++++++ .../builder/VerifyXMLSignatureRequestBuilder.java | 79 +++++++ .../moa/id/auth/data/AuthenticationSession.java | 45 ++++ .../moa/id/auth/servlet/GetForeignIDServlet.java | 9 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 174 ++++++++++++++ .../auth/servlet/ProcessValidatorInputServlet.java | 4 +- .../auth/servlet/StartAuthenticationServlet.java | 18 +- .../servlet/VerifyAuthenticationBlockServlet.java | 2 + .../id/auth/servlet/VerifyCertificateServlet.java | 214 +++++++++++------ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 37 ++- .../moa/id/auth/validator/parep/ParepUtils.java | 9 +- .../id/auth/validator/parep/ParepValidator.java | 6 +- .../moa/id/config/ConfigurationBuilder.java | 32 ++- .../id/config/auth/AuthConfigurationProvider.java | 15 ++ .../moa/id/config/auth/OAAuthParameter.java | 21 ++ .../moa/id/proxy/servlet/ProxyServlet.java | 12 +- .../moa/id/util/ParamValidatorUtils.java | 3 + .../gv/egovernment/moa/id/util/ServletUtils.java | 3 +- .../moa/id/util/client/mis/simple/MISMandate.java | 48 ++++ .../id/util/client/mis/simple/MISSessionId.java | 22 ++ .../id/util/client/mis/simple/MISSimpleClient.java | 261 +++++++++++++++++++++ .../mis/simple/MISSimpleClientException.java | 22 ++ .../resources/properties/id_messages_de.properties | 4 + .../test/abnahme/A/Test100StartAuthentication.java | 16 +- .../test/java/test/abnahme/AbnahmeTestCase.java | 1 + .../abnahme/P/Test100LoginParameterResolver.java | 251 ++++++++++---------- .../moa/id/auth/AuthenticationServerTest.java | 2 +- 30 files changed, 1384 insertions(+), 242 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 6553182b4..eb21c2fd3 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -121,11 +121,11 @@ commons-httpclient commons-httpclient --> - + commons-lang commons-lang @@ -135,10 +135,11 @@ - + org.apache.maven.plugins maven-jar-plugin + true false diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 64eaf30cd..a772e0457 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -15,14 +15,11 @@ */ package at.gv.egovernment.moa.id.auth; -import iaik.ixsil.exceptions.UtilsException; -import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.ByteArrayInputStream; import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -39,10 +36,11 @@ import java.util.Vector; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import HTTPClient.Util; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; @@ -63,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -81,6 +80,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -94,6 +94,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -288,6 +289,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be null; in this case, the default location will be used + * @param useMandate Indicates if mandate is used or not * @param templateURL URL providing an HTML template for the HTML form generated * @param scheme determines the protocol used * @return HTML form @@ -301,6 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String oaURL, String templateURL, String bkuURL, + String useMandate, String sessionID, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { @@ -343,7 +346,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); + session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -357,8 +360,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), - oaParam.getBusinessService(), + oaParam.getBusinessService(), oaParam.getIdentityLinkDomainIdentifier()); + + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + session.setUseMandate(useMandate); + } + else { + session.setUseMandate("false"); + } String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), @@ -529,6 +539,78 @@ public class AuthenticationServer implements MOAIDAuthConstants { return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); } + + /** + * Processes an Mandate sent by the + * MIS.
+ *
    + *
  • Validates given Mandate
    • + *
  • Verifies Mandate by calling the MOA SP component
    • + *
  • Creates an authentication block to be signed by the user
    • + *
  • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the + * security layer implementation
    • + *
+ * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from + * the BKU including the <InfoboxReadResponse> + * @return String representation of the <CreateXMLSignatureRequest> + */ + public String verifyMandate(String sessionID, MISMandate mandate) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID}); + + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + try { + // set extended SAML attributes + setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + } catch (SAXException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } + + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + /** + * + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) throws ConfigurationException, @@ -571,6 +653,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { return createXMLSignatureRequest; } + + /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
*
    @@ -926,6 +1010,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + /** + * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by + * calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandates( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException + { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business); + + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService"); + + } + /** * Intermediate processing of the infoboxes. The first pending infobox * validator may validate the provided input @@ -985,7 +1095,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { int length = extendedSAMLAttributes.length; for (int i=0; i" + nl + "" + nl + ""; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = + "" + nl + + "" + nl + + "" + nl + + "Vollmachten-Anmeldung" + nl + + "" + nl + + "" + nl + + "" + nl + + "
    " + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
    " + nl + + "
    " + nl + + " " + nl + + " " + nl + +// " " + nl + + " " + nl + + "
    " + nl + + "" + nl + + ""; /** * Constructor for GetIdentityLinkFormBuilder. @@ -119,6 +163,29 @@ public class GetIdentityLinkFormBuilder extends Builder { htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL); return htmlForm; } + + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String buildCreateSignature( + String bkuURL, + String xmlRequest, + String dataURL) + throws BuildException + { + String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + return htmlForm; + } /** * Encodes a string for inclusion as a parameter in the form. * Double quotes are substituted by "&quot;". diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 2c97f01ae..a6b61e747 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -152,6 +152,85 @@ public class VerifyXMLSignatureRequestBuilder { return requestElem_; } + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param identityLink - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + public Element build(byte[]mandate, String trustProfileID) + throws ParseException + { + try { + // build the request +// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); +// requestElem_.appendChild(dateTimeElem); +// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); +// dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + //String serializedAssertion = identityLink.getSerializedSamlAssertion(); + //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); + String base64EncodedAssertion = Base64Utils.encode(mandate); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); +// // add the transforms +// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); +// signatureManifestCheckParamsElem.appendChild(referenceInfoElem); +// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); +// +// for (int i = 0; i < dsigTransforms.length; i++) { +// Element verifyTransformsInfoProfileElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); +// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); +// } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } + /** * Builds a <VerifyXMLSignatureRequest> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index eca02a77b..554b5012e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -68,6 +68,16 @@ public class AuthenticationSession { * URL of the BKU */ private String bkuURL; + + /** + * Use mandate + */ + private boolean useMandate; + + /** + * SessionID for MIS + */ + private String misSessionID; /** * identity link read from smartcard */ @@ -582,4 +592,39 @@ public class AuthenticationSession { this.pushInfobox = pushInfobox; } + /** + * + * @param useMandate indicates if mandate is used or not + */ + public void setUseMandate(String useMandate) { + if (useMandate.compareToIgnoreCase("true") == 0) + this.useMandate = true; + else + this.useMandate = false; + + } + + /** + * Returns if mandate is used or not + * @return + */ + public boolean getUseMandate() { + return this.useMandate; + } + + /** + * + * @param misSessionID indicates the MIS session ID + */ + public void setMISSessionID(String misSessionID) { + this.misSessionID = misSessionID; + } + + /** + * Returns the MIS session ID + * @return + */ + public String getMISSessionID() { + return this.misSessionID; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index c83650587..9a6670617 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -219,11 +219,14 @@ public class GetForeignIDServlet extends AuthServlet { try { client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); } catch (IOException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } catch (GeneralSecurityException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } catch (PKIException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } } Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java new file mode 100644 index 000000000..4c0abdb0f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -0,0 +1,174 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.pki.PKIException; + +import java.io.IOException; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for getting the foreign eID + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + */ +public class GetMISSessionIDServlet extends AuthServlet { + + /** + * Constructor for GetMISSessionIDServlet. + */ + public GetMISSessionIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doPost(req, resp); + +// Logger.debug("GET GetMISSessionIDServlet"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and + * responds with a new + * CreateXMLSignatureRequest. + *
    + * Request parameters: + *
      + *
    • MOASessionID: ID of associated authentication session
      • + *
    • XMLResponse: <InfoboxReadResponse>
      • + *
    + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetMISSessionIDServlet"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + +// Map parameters; +// try +// { +// parameters = getParameters(req); +// } catch (FileUploadException e) +// { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// } + + String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + String misSessionID = session.getMISSessionID(); + + //System.out.println("MIS Session ID (GetMISServlet): " + misSessionID); + + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory); + + if (list == null) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + if (list.size() == 0) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + + // for now: list contains only one element + MISMandate mandate = (MISMandate)list.get(0); + + // verify mandate signature + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate); + + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_AUTH_BLOCK, + session.getSessionID()); + + Logger.debug(createXMLSignatureRequestOrRedirect); + + String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(request); + out.flush(); + + + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } + } + + private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException { + return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL); + + } + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 54d08c59e..b50a1edde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -68,8 +68,8 @@ public class ProcessValidatorInputServlet extends AuthServlet { * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) */ protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - + throws ServletException, IOException { + Logger.debug("GET ProcessInput"); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 10b4041df..2e7d59fde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -15,11 +15,14 @@ */ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.pki.PKIException; + import java.io.IOException; import java.io.PrintWriter; -import java.io.Reader; -import java.io.StringReader; +import java.security.GeneralSecurityException; +import java.util.List; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -31,8 +34,14 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; /** @@ -88,8 +97,7 @@ public class StartAuthenticationServlet extends AuthServlet { resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - //System.out.println("useMandate: " + useMandate); - + try { // check parameter if (!ParamValidatorUtils.isValidTarget(target)) @@ -109,7 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index ad01de6c8..f1fb15be0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -61,6 +61,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + //doPost(req, resp); + Logger.debug("GET VerifyAuthenticationBlock"); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 76c5476ae..d101df1fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -8,12 +8,14 @@ import java.security.GeneralSecurityException; import java.security.cert.CertificateEncodingException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; @@ -22,24 +24,25 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Text; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * Servlet requested for getting the foreign eID @@ -116,25 +119,96 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); - X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_GET_FOREIGN_ID, - session.getSessionID()); - - ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); + X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); + if (cert == null) { + Logger.error("Certificate could not be read."); + throw new AuthenticationException("auth.14", null); + } + + boolean useMandate = session.getUseMandate(); + if (useMandate) { + // Mandate Modus + // make request to MIS + + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + // get identitity link as byte[] + Element elem = session.getIdentityLink().getSamlAssertion(); + String s = DOMUtils.serializeNode(elem); +// byte[] idl = DOMUtils.nodeToByteArray(elem); +// String s = new String(idl); + byte[] idl = s.getBytes(); + + // redirect url + // build redirect(to the GetMISSessionIdSerlvet) + String redirectURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + GET_MIS_SESSIONID, + session.getSessionID()); + + String oaURL = session.getOAURLRequested(); + OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); + String profiles = oaParam.getMandateProfiles(); + + if (profiles == null) { + Logger.error("No Mandate/Profile for OA configured."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + String profilesArray[] = profiles.split(","); + for(int i = 0; i < profilesArray.length; i++) { + profilesArray[i] = profilesArray[i].trim(); + } + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory); + String redirectMISGUI = misSessionID.getRedirectURL(); + + if (misSessionID == null) { + Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); + throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } + + session.setMISSessionID(misSessionID.getSessiondId()); + + resp.setStatus(302); + resp.addHeader("Location", redirectMISGUI); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + else { + // Foreign Identities Modus + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_GET_FOREIGN_ID, + session.getSessionID()); + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); + + + Logger.debug("Send CreateXMLSignatureRequest to BKU"); + } - Logger.debug("Send CreateXMLSignatureRequest to BKU"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); - } + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } catch (TransformerException e) { + handleError(null, e, req, resp); + } } /** @@ -161,58 +235,58 @@ public class VerifyCertificateServlet extends AuthServlet { * @throws SZRGWClientException */ /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ - private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { - - SZRGWClient client = new SZRGWClient(); - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; - Logger.debug("Connection Parameters: " + connectionParameters); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (PKIException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - - } - // create request - Document doc = buildGetIdentityLinkRequest(cert); - Element request = doc.getDocumentElement(); - CreateIdentityLinkResponse response = null; - - //try { - response = client.createIdentityLinkResponse(request); - //} catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - // client = new SZRGWClient(url); - // response = client.createIdentityLinkResponse(request); - // } - - - return response.getAssertion(); - - } +// private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { +// +// SZRGWClient client = new SZRGWClient(); +// +// try { +// AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); +// ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); +// //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; +// Logger.debug("Connection Parameters: " + connectionParameters); +// client.setAddress(connectionParameters.getUrl()); +// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { +// Logger.debug("Initialisiere SSL Verbindung"); +// try { +// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); +// } catch (IOException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (GeneralSecurityException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (PKIException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } +// } +// +// Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); +// +// +// } +// catch (ConfigurationException e) { +// Logger.warn(e); +// Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); +// +// } +// // create request +// Document doc = buildGetIdentityLinkRequest(cert); +// Element request = doc.getDocumentElement(); +// CreateIdentityLinkResponse response = null; +// +// //try { +// response = client.createIdentityLinkResponse(request); +// //} catch (SZRGWClientException e) { +// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. +// // client = new SZRGWClient(url); +// // response = client.createIdentityLinkResponse(request); +// // } +// +// +// return response.getAssertion(); +// +// } /** * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index dff366829..23861d290 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -18,6 +18,7 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,6 +26,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -33,7 +35,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -126,11 +131,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (createXMLSignatureRequestOrRedirect == null) { // no identity link found + boolean useMandate = session.getUseMandate(); + if (useMandate) { + Logger.error("Online-Mandate Mode for foreign citizencs not supported."); + throw new AuthenticationException("auth.13", null); + } + try { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - // create the InfoboxReadRequest to get the certificate + // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl (to the GetForeignIDSerlvet) @@ -142,6 +153,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + } catch(Exception e) { @@ -150,7 +162,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } else { - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); + boolean useMandate = session.getUseMandate(); + if (useMandate) { // Mandate modus + // read certificate and set dataurl to VerifyCertificateForMandatesServlet + + Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + + String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_CERTIFICATE, + session.getSessionID()); + + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + } + else { + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index a8e22562a..51551834e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** @@ -245,9 +246,13 @@ public class ParepUtils { try { Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); - + + String s = DOMUtils.serializeNode(mandator); + // check if physical person - Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + + // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator, // "descendant-or-self::pr:CorporateBody", nameSpaceNode); return physicalPerson != null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 2a0126b82..9d5c0f7cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -95,7 +95,11 @@ public class ParepValidator implements InfoboxValidator { public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; + + /** */ + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; /** register and register number for non physical persons - the domain identifier for business applications*/ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index dbfbda535..b5275cdd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -125,6 +125,10 @@ public class ConfigurationBuilder { public static final String AUTH_FOREIGN_IDENTITIES_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities"; + /** an XPATH-Expression */ + public static final String AUTH_ONLINEMANDATES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates"; + /** an XPATH-Expression */ @@ -146,6 +150,8 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles"; + /** an XPATH-Expression */ protected static final String CONNECTION_PARAMETER_URL_XPATH = CONF + "ConnectionParameter/@URL"; /** an XPATH-Expression */ @@ -242,6 +248,18 @@ public class ConfigurationBuilder { return buildConnectionParameter(foreignid); } + + /** + * Build a ConnectionParameter containing all information + * of the OnlineMandates element in the authentication component + * @return ConnectionParameter of the authentication component OnlineMandates element + */ + public ConnectionParameter buildOnlineMandatesConnectionParameter() { + Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH); + if (onlinemandates==null) return null; + return buildConnectionParameter(onlinemandates); + + } /** * Method buildAuthBKUSelectionType. @@ -529,7 +547,19 @@ public class ConfigurationBuilder { } Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( - verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + + Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH); + if (mandateProfilesNode != null) { + if ("businessService".equalsIgnoreCase(oaType)) { + Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed."); + throw new ConfigurationException("config.02", null); + } + else { + String profiles = DOMUtils.getText(mandateProfilesNode); + oap.setMandateProfiles(profiles); + } + } } OA_set.add(oap); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6e296b4f4..ceb047280 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ private ConnectionParameter foreignIDConnectionParameter; + /** + * parameter for connection to OnlineMandates Service + */ + private ConnectionParameter onlineMandatesConnectionParameter; + /** * Parameter for trusted BKUs */ @@ -271,6 +276,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); + onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); defaultChainingMode = builder.getDefaultChainingMode(); @@ -393,6 +399,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { public ConnectionParameter getForeignIDConnectionParameter() { return foreignIDConnectionParameter; } + + /** + * Return a ConnectionParameter bean containing all information + * of the authentication component OnlineMandates element + * @return ConnectionParameter of the authentication component OnlineMandates element + */ + public ConnectionParameter getOnlineMandatesConnectionParameter() { + return onlineMandatesConnectionParameter; + } /** * Return a string with a url-reference to the VerifyIdentityLink trust diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index c352fae6c..aa5aa21a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -88,6 +88,11 @@ public class OAAuthParameter extends OAParameter { */ private VerifyInfoboxParameters verifyInfoboxParameters; + /** + * Parameter for Mandate profiles + */ + private String mandateProfiles; + /** * BZ * Type for authentication number (e.g. Firmenbuchnummer) @@ -325,5 +330,21 @@ public class OAAuthParameter extends OAParameter { public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; } + + /** + * Sets the Mandate/Profiles + * @param profiles + */ + public void setMandateProfiles(String profiles) { + this.mandateProfiles = profiles; + } + + /** + * Returns the Mandates/Profiles + * @return + */ + public String getMandateProfiles() { + return this.mandateProfiles; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index ce15b75bd..6802005f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; @@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet { protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); - //@TODO Parameter + + String artifact = req.getParameter(PARAM_SAMLARTIFACT); + artifact = StringEscapeUtils.escapeHtml(artifact); + try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null) { + if (artifact != null) { // check if SAML Artifact was already used in this session (in case of page reload) HttpSession session = req.getSession(); - if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) { if (session.getAttribute(ATT_BROWSERREQU)==null) { tunnelRequest(req, resp); }else{ @@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map Vector parameters = new Vector(); -//@TODO Parameter for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) { String paramName = (String) enu.nextElement(); if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 79db9907b..d35fc875d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -446,6 +446,9 @@ public class ParamValidatorUtils { public static boolean isValidXMLDocument(String document) { + if (document == null) + return false; + Logger.debug("Überprüfe Parameter XMLDocument"); try { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 1915ce40a..24e5ff3d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -64,7 +64,8 @@ public class ServletUtils { out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); out.flush(); out.close(); - Logger.debug("Finished POST " + servletName); + Logger.debug("Finished POST " + servletName); + } else { String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); resp.setContentType("text/html"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java new file mode 100644 index 000000000..59ca0d5ca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +public class MISMandate { + + final static private String OID_NOTAR = "1.2.40.0.10.3.1"; + final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"; + + final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2"; + final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"; + + final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3"; + final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft"; + + final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4"; + final static private String TEXT_ORGANWALTER = "Organwalter"; + + + private String oid = null; + private byte[] mandate = null; + + public String getProfRep() { + return oid; + } + public void setProfRep(String oid) { + this.oid = oid; + } + public byte[] getMandate() { + return mandate; + } + public void setMandate(byte[] mandate) { + this.mandate = mandate; + } + + public String getTextualDescriptionOfOID() { + if (this.oid.equalsIgnoreCase(OID_NOTAR)) + return TEXT_NOTAR; + if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT)) + return TEXT_RECHTSANWALT; + if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER)) + return TEXT_ZIVILTECHNIKER; + if (this.oid.equalsIgnoreCase(OID_ORGANWALTER)) + return TEXT_ORGANWALTER; + + return "Keine textuelle Beschreibung für OID " + oid; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java new file mode 100644 index 000000000..d8bec4900 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +public class MISSessionId { + + private String sessiondId = null; + private String redirectURL = null; + + public String getSessiondId() { + return sessiondId; + } + public void setSessiondId(String sessiondId) { + this.sessiondId = sessiondId; + } + public String getRedirectURL() { + return redirectURL; + } + public void setRedirectURL(String redirectURL) { + this.redirectURL = redirectURL; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java new file mode 100644 index 000000000..25c341584 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -0,0 +1,261 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.util.ArrayList; +import java.util.List; + +import javax.net.ssl.SSLSocketFactory; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.methods.StringRequestEntity; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.xerces.parsers.DOMParser; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.SAXNotRecognizedException; +import org.xml.sax.SAXNotSupportedException; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + + +public class MISSimpleClient { + + + private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd"; + + private static Element NS_NODE = null; + + + static { + try { + NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test"); + NS_NODE.setAttribute("xmlns:soap", SOAP_NS); + NS_NODE.setAttribute("xmlns:mis", MIS_NS); + } catch (Exception e) { + Logger.warn("Error initializing namespace node.", e); + } + } + + public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + if (webServiceURL == null) { + throw new NullPointerException("Argument webServiceURL must not be null."); + } + if (sessionId == null) { + throw new NullPointerException("Argument sessionId must not be null."); + } + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + + try { + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); + Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID"); + sessionIdElement.appendChild(doc.createTextNode(sessionId)); + mirElement.appendChild(sessionIdElement); + + // send soap request + Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); + + // check for error + checkForError(mandateIssueResponseElement); + + // check for session id + NodeList mandateElements = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE); + + if (mandateElements == null || mandateElements.getLength() == 0) { + throw new MISSimpleClientException("No mandates found in response."); + } + + ArrayList foundMandates = new ArrayList(); + for (int i=0; i 0) { + Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate"); + certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + //certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert))); + // certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + mirElement.appendChild(certElement); + } + Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL"); + redirectElement.appendChild(doc.createTextNode(redirectURL)); + mirElement.appendChild(redirectElement); + if (mandateIdentifier != null && mandateIdentifier.length > 0) { + Element filtersElement = doc.createElementNS(MIS_NS, "Filters"); + Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers"); + for (int i=0; iURL "{0}" Interne Fehlermeldung: {1} auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}" +auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt. +auth.14=Zertifikat konnte nicht ausgelesen werden. +auth.15=Fehler bei Anfrage an Vollmachten Service. +auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java index 6ab9c9679..4293fc477 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java @@ -37,7 +37,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { "http://localhost:9080/", //oaURL "file:" + findXmldata("AuthTemplate.html"), "http://localhost:3495/http-security-layer-request", - null, null); + null, null, null); htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -55,7 +55,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { "gb", //target "http://localhost:9080/", //oaURL null, - "http://localhost:3495/http-security-layer-request", null, null); + "http://localhost:3495/http-security-layer-request", null, null, null); htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -75,7 +75,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { "file:" + findXmldata("AuthTemplate.html"), null, null, - null); + null, null); htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED"); //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8")); assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -93,7 +93,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { server.startAuthentication(null, //authURL "gb", //target "http://localhost:9080/", //oaURL - null, null, null, null); + null, null, null, null, null); //assertEquals("",htmlForm); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); @@ -113,7 +113,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("http://localhost:8080/auth", //authURL "gb", "http://localhost:9080/", //oaURL - null, null, null, null); + null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } @@ -131,7 +131,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("https://localhost:8443/auth", //authURL "gb", "http://host_not_in_config/", //oaURL - null, null, null, null); + null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } @@ -150,7 +150,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("https://localhost:8443/auth", //authURL "gb", null, //oaURL - null, null, null, null); + null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } @@ -169,7 +169,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication("https://localhost:8443/auth", //authURL null, "http://localhost:9080/", //oaURL - null, null, null, null); + null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); } diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java index 23130f4c8..4ef3ad92f 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java @@ -131,6 +131,7 @@ public class AbnahmeTestCase extends MOAIDTestCase { null, null, null, + null, null); String sessionID = parseSessionIDFromForm(htmlForm); return sessionID; diff --git a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java index ab2781590..248e5cc33 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java @@ -14,19 +14,8 @@ * limitations under the License. */ package test.abnahme.P; -import java.util.Map; - -import sun.misc.BASE64Decoder; import test.abnahme.AbnahmeTestCase; -import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; -import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; -import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; -import at.gv.egovernment.moa.util.Base64Utils; - /** * @author Stefan Knirsch * @version $Id$ @@ -35,127 +24,127 @@ import at.gv.egovernment.moa.util.Base64Utils; public class Test100LoginParameterResolver extends AbnahmeTestCase { - private static final String CLIENT_IP_ADDRESS = "56.246.75.11"; - private OAConfiguration oaConf; - private LoginParameterResolver lpr; - +// private static final String CLIENT_IP_ADDRESS = "56.246.75.11"; +// private OAConfiguration oaConf; +// private LoginParameterResolver lpr; +// public Test100LoginParameterResolver(String name) { super(name); } - - private void setUp(String publicURLPrefix) - throws Exception { - - // get configuration data - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix); - oaConf = oaParam.getOaConfiguration(); - System.out.println("Parameterübergabe: " + oaConf.getAuthType()); - - // get login parameter resolver - LoginParameterResolverFactory.initialize(); - lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); - } - public void testP101() throws Exception { - try { - // read configuration and set up LoginParameterResolver - setUp("https://testP101:9443/"); - if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) - fail(); - - // assemble authentication data - AuthenticationData authData = new AuthenticationData(); - authData.setFamilyName("Huber"); - authData.setGivenName("Hugo"); - - // resolve login headers - Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); - - // validate login headers - assertEquals(1, loginHeaders.keySet().size()); - System.out.println("Header Authorization: " + loginHeaders.get("Authorization")); - System.out.println("Decoded UserID:Password " + - new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6)))); - String userIDPassword = "Hugo:Huber"; - String credentials = Base64Utils.encode(userIDPassword.getBytes()); - assertEquals("Basic " + credentials, loginHeaders.get("Authorization")); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - - } - public void testP102() throws Exception { - try { - // read configuration and set up LoginParameterResolver - setUp("https://testP102:9443/"); - if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - fail(); - - // assemble authentication data - AuthenticationData authData = new AuthenticationData(); - String DATE_OF_BIRTH = "1963-12-29"; - String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw="; - authData.setDateOfBirth(DATE_OF_BIRTH); - authData.setBPK(VPK); - - // resolve login parameters - Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); - - // validate login headers - assertEquals(2, loginParameters.keySet().size()); - System.out.println("Param1: " + loginParameters.get("Param1")); - System.out.println("Param2: " + loginParameters.get("Param2")); - assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1")); - assertEquals(VPK, loginParameters.get("Param2")); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } - - public void testP103() throws Exception { - try { - // read configuration and set up LoginParameterResolver - setUp("https://localhost:9443/"); - if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) - fail(); - - // assemble authentication data - AuthenticationData authData = new AuthenticationData(); - boolean PUBLIC_AUTH = true; - String BKZ = "FinanzamtWien23Leitstelle"; - boolean QUAL_CERT = false; - String STAMMZAHL = "3456789012"; - authData.setPublicAuthority(PUBLIC_AUTH); - authData.setPublicAuthorityCode(BKZ); - authData.setQualifiedCertificate(QUAL_CERT); - authData.setIdentificationValue(STAMMZAHL); - - // resolve login headers - Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); - - // validate login headers - assertEquals(5, loginHeaders.keySet().size()); - System.out.println("Header Param1: " + loginHeaders.get("Param1")); - System.out.println("Header Param2: " + loginHeaders.get("Param2")); - System.out.println("Header Param3: " + loginHeaders.get("Param3")); - System.out.println("Header Param4: " + loginHeaders.get("Param4")); - System.out.println("Header Param5: " + loginHeaders.get("Param5")); - assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1")); - assertEquals(BKZ, loginHeaders.get("Param2")); - assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3")); - assertEquals(STAMMZAHL, loginHeaders.get("Param4")); - assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5")); - System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); - } - catch (Exception e) { - System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); - throw e; - } - } +// +// private void setUp(String publicURLPrefix) +// throws Exception { +// +// // get configuration data +// ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); +// OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix); +// oaConf = oaParam.getOaConfiguration(); +// System.out.println("Parameterübergabe: " + oaConf.getAuthType()); +// +// // get login parameter resolver +// LoginParameterResolverFactory.initialize(); +// lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); +// } +// public void testP101() throws Exception { +// try { +// // read configuration and set up LoginParameterResolver +// setUp("https://testP101:9443/"); +// if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) +// fail(); +// +// // assemble authentication data +// AuthenticationData authData = new AuthenticationData(); +// authData.setFamilyName("Huber"); +// authData.setGivenName("Hugo"); +// +// // resolve login headers +// Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); +// +// // validate login headers +// assertEquals(1, loginHeaders.keySet().size()); +// System.out.println("Header Authorization: " + loginHeaders.get("Authorization")); +// System.out.println("Decoded UserID:Password " + +// new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6)))); +// String userIDPassword = "Hugo:Huber"; +// String credentials = Base64Utils.encode(userIDPassword.getBytes()); +// assertEquals("Basic " + credentials, loginHeaders.get("Authorization")); +// System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); +// } +// catch (Exception e) { +// System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); +// throw e; +// } +// +// } +// public void testP102() throws Exception { +// try { +// // read configuration and set up LoginParameterResolver +// setUp("https://testP102:9443/"); +// if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) +// fail(); +// +// // assemble authentication data +// AuthenticationData authData = new AuthenticationData(); +// String DATE_OF_BIRTH = "1963-12-29"; +// String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw="; +// authData.setDateOfBirth(DATE_OF_BIRTH); +// authData.setBPK(VPK); +// +// // resolve login parameters +// Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); +// +// // validate login headers +// assertEquals(2, loginParameters.keySet().size()); +// System.out.println("Param1: " + loginParameters.get("Param1")); +// System.out.println("Param2: " + loginParameters.get("Param2")); +// assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1")); +// assertEquals(VPK, loginParameters.get("Param2")); +// System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); +// } +// catch (Exception e) { +// System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); +// throw e; +// } +// } +// +// public void testP103() throws Exception { +// try { +// // read configuration and set up LoginParameterResolver +// setUp("https://localhost:9443/"); +// if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) +// fail(); +// +// // assemble authentication data +// AuthenticationData authData = new AuthenticationData(); +// boolean PUBLIC_AUTH = true; +// String BKZ = "FinanzamtWien23Leitstelle"; +// boolean QUAL_CERT = false; +// String STAMMZAHL = "3456789012"; +// authData.setPublicAuthority(PUBLIC_AUTH); +// authData.setPublicAuthorityCode(BKZ); +// authData.setQualifiedCertificate(QUAL_CERT); +// authData.setIdentificationValue(STAMMZAHL); +// +// // resolve login headers +// Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, ""); +// +// // validate login headers +// assertEquals(5, loginHeaders.keySet().size()); +// System.out.println("Header Param1: " + loginHeaders.get("Param1")); +// System.out.println("Header Param2: " + loginHeaders.get("Param2")); +// System.out.println("Header Param3: " + loginHeaders.get("Param3")); +// System.out.println("Header Param4: " + loginHeaders.get("Param4")); +// System.out.println("Header Param5: " + loginHeaders.get("Param5")); +// assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1")); +// assertEquals(BKZ, loginHeaders.get("Param2")); +// assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3")); +// assertEquals(STAMMZAHL, loginHeaders.get("Param4")); +// assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5")); +// System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); +// } +// catch (Exception e) { +// System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); +// throw e; +// } +// } } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java index f873f2c3f..db7aa9719 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java @@ -45,7 +45,7 @@ public class AuthenticationServerTest extends UnitTestCase { public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception { String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/"; AuthenticationServer server = AuthenticationServer.getInstance(); - String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null); + String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null, null); String sessionID = parseSessionIDFromForm(htmlForm); String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml"); HashMap parameters = new HashMap(1); -- cgit v1.2.3