From f5a9a02b839f036eb0ebaa6c58526a2483a3d4b7 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 23 Jan 2014 14:44:14 +0100 Subject: natural person should work --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 93 +++++++++++----------- .../moa/id/auth/stork/STORKResponseProcessor.java | 10 +-- 2 files changed, 53 insertions(+), 50 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index df93f4d85..653f40670 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -11,7 +11,6 @@ import javax.servlet.http.HttpSession; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.StatusCode; -import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -30,19 +29,21 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.mw.messages.saml.STORKResponse; -import eu.stork.vidp.messages.util.XMLUtil; +import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.auth.commons.STORKAuthnResponse; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * Endpoint for receiving STORK response messages */ public class PEPSConnectorServlet extends AuthServlet { private static final long serialVersionUID = 1L; - + public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector"; - + /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ @@ -89,33 +90,35 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request - STORKResponse storkResponse = null; + //Decodes SAML Response + byte[] decSamlToken; try { - storkResponse = STORKResponseProcessor.receiveSTORKRepsonse(request, response); - } catch (STORKException e) { + decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); + } catch(NullPointerException e) { Logger.error("Unable to retrieve STORK Response", e); throw new MOAIDException("stork.04", null); } - - Logger.info("STORK SAML Response message succesfully extracted"); - Logger.debug("STORK response (pretty print): "); - Logger.debug(XMLHelper.prettyPrintXML(storkResponse.getDOM())); - Logger.trace("STORK response (original): "); - Logger.trace(XMLUtil.printXML(storkResponse.getDOM())); - - Logger.debug("Starting validation of SAML response"); - //verify SAML response + + //Get SAMLEngine instance + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("CONF0"); + + STORKAuthnResponse authnResponse = null; try { - STORKResponseProcessor.verifySTORKResponse(storkResponse); - } catch (STORKException e) { + //validate SAML Token + Logger.debug("Starting validation of SAML response"); + authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost()); + Logger.info("SAML response succesfully verified!"); + }catch(STORKSAMLEngineException e){ Logger.error("Failed to verify STORK SAML Response", e); throw new MOAIDException("stork.05", null); } - - Logger.info("SAML response succesfully verified!"); - - String statusCodeValue = storkResponse.getStatus().getStatusCode().getValue(); - + + Logger.info("STORK SAML Response message succesfully extracted"); + Logger.debug("STORK response: "); + Logger.debug(authnResponse.toString()); + + String statusCodeValue = authnResponse.getStatusCode(); + if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) { Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue); throw new MOAIDException("stork.06", new Object[] { statusCodeValue }); @@ -136,26 +139,26 @@ public class PEPSConnectorServlet extends AuthServlet { } Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - - Logger.debug("Starting validation of SAML assertion"); - //verify SAML assertion - Assertion storkAssertion = storkResponse.getAssertions().get(0); - try { - STORKResponseProcessor.verifySTORKAssertion( - storkAssertion, //assertion - request.getRemoteAddr(), //IP address of user - storkAuthnRequest.getID(), //ID of STORK AuthnRequest - request.getRequestURL().toString(), //destination - HTTPUtils.getBaseURL(request), //audience - storkAuthnRequest.getRequestedAttributes()); //Requested Attributes - } catch (STORKException e) { - Logger.error("Failed to verify STORK SAML Assertion", e); - throw new MOAIDException("stork.08", null); - } - - Logger.info("SAML assertion succesfully verified!"); - - Logger.debug("Starting extraction of signedDoc attribute"); + +// Logger.debug("Starting validation of SAML assertion"); +// //verify SAML assertion + Assertion storkAssertion = authnResponse.getAssertions().get(0); +// try { +// STORKResponseProcessor.verifySTORKAssertion( +// storkAssertion, //assertion +// request.getRemoteAddr(), //IP address of user +// storkAuthnRequest.getID(), //ID of STORK AuthnRequest +// request.getRequestURL().toString(), //destination +// HTTPUtils.getBaseURL(request), //audience +// storkAuthnRequest.getRequestedAttributes()); //Requested Attributes +// } catch (STORKException e) { +// Logger.error("Failed to verify STORK SAML Assertion", e); +// throw new MOAIDException("stork.08", null); +// } +// +// Logger.info("SAML assertion succesfully verified!"); + + Logger.debug("Starting extraction of signedDoc attribute"); //extract signed doc element and citizen signature Element citizenSignature = null; try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index a6e595239..e47a43c90 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -305,9 +305,9 @@ public class STORKResponseProcessor { public static IdentityLink connectToSZRGateway(Element citizenSignature, List attributeList) throws STORKException { Logger.trace("Calling SZR Gateway with the following attributes:"); - String fiscalNumber = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER); - Logger.trace(STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER + " : " + fiscalNumber); - + String eIdentifier = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_FISCALNUMBER); + Logger.trace(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER + " : " + eIdentifier); + String givenName = SAMLUtil.getAttributeStringValue(attributeList, STORKConstants.STORK_ATTRIBUTE_GIVENNAME); Logger.trace(STORKConstants.STORK_ATTRIBUTE_GIVENNAME+ " : " + givenName); @@ -325,8 +325,8 @@ public class STORKResponseProcessor { IdentityLink identityLink = null; try { Logger.trace("Starting call..."); - response = AuthenticationServer.getInstance().getIdentityLink(fiscalNumber, givenName, lastName, dateOfBirth, citizenSignature); - if (response.isError()) { + response = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature); + if (response.isError()) { Logger.error("Receveid ErrorResponse from SZR Gateway."); throw new SZRGWClientException(response.getError()); } -- cgit v1.2.3