From fa30b5b2a26a6df4e56a81283761c35ef81770e3 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 13 Jul 2010 06:25:09 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1166 d688527b-c9ab-4aba-bd8d-4036d912da1d --- id/server/idserverlib/.classpath | 22 +- .../moa/id/auth/AuthenticationServer.java | 58 +-- .../AuthenticationBlockAssertionBuilder.java | 132 +++++ .../builder/CreateXMLSignatureRequestBuilder.java | 138 ++++++ .../moa/id/auth/servlet/GetForeignIDServlet.java | 260 +++++----- .../auth/servlet/StartAuthenticationServlet.java | 4 +- .../servlet/VerifyAuthenticationBlockServlet.java | 1 - .../id/auth/servlet/VerifyCertificateServlet.java | 47 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 8 +- .../client/szrgw/CreateIdentityLinkResponse.java | 14 + .../parep/client/szrgw/CreateMandateRequest.java | 25 +- .../parep/client/szrgw/CreateMandateResponse.java | 16 +- .../parep/client/szrgw/SOAPConstants.java | 19 +- .../validator/parep/client/szrgw/SZRGWClient.java | 537 +++++++++++++-------- .../parep/client/szrgw/SZRGWClientException.java | 70 +-- .../parep/client/szrgw/SZRGWConstants.java | 103 ++-- .../client/szrgw/SZRGWSecureSocketFactory.java | 244 +++++----- .../moa/id/config/ConnectionParameter.java | 9 - .../at/gv/egovernment/moa/id/util/SSLUtils.java | 14 +- 19 files changed, 1002 insertions(+), 719 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath index f0e483a4a..1c79cc393 100644 --- a/id/server/idserverlib/.classpath +++ b/id/server/idserverlib/.classpath @@ -1,13 +1,9 @@ - - - - - - - - - - - - - + + + + + + + + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index fcaa4f053..01c6a512f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -21,6 +21,7 @@ import iaik.x509.X509Certificate; import java.io.File; import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.Principal; import java.util.Calendar; import java.util.Date; import java.util.HashMap; @@ -540,15 +541,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Returns a CreateXMLSignatureRequest for the foreign ID.
+ * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
+ * * * @param sessionID ID of associated authentication session data - * @param infoboxReadResponseParameters The parameters from the response returned from - * the BKU - * @param cert The certificate of the foreign ID + * @param cert The certificate from the user * @return String representation of the <CreateXMLSignatureRequest> */ - public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert) + public String createXMLSignatureRequestForeignID(String sessionID, X509Certificate cert) throws AuthenticationException, BuildException, @@ -558,57 +560,33 @@ public class AuthenticationServer implements MOAIDAuthConstants { ServiceException { if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam); + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); } - public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) - throws - ConfigurationException, - BuildException, - ValidateException { + public String getCreateXMLSignatureRequestForeigID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, X509Certificate cert) throws ConfigurationException + { + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - //BZ.., calculate bPK for signing to be already present in AuthBlock -// IdentityLink identityLink = session.getIdentityLink(); -// if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { -// // only compute bPK if online application is a public service and we have the Stammzahl -// String bpkBase64 = new BPKBuilder().buildBPK( -// identityLink.getIdentificationValue(), -// session.getTarget()); -// identityLink.setIdentificationValue(bpkBase64); -// } - //..BZ + Principal subject = cert.getSubjectDN(); - - // builds the AUTH-block - String authBlock = buildAuthenticationBlock(session); -// session.setAuthBlock(authBlock); - // builds the - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } String createXMLSignatureRequest = - new CreateXMLSignatureRequestBuilder().build(authBlock, - oaParam.getKeyBoxIdentifier(), - transformsInfos, - oaParam.getSlVersion12()); + new CreateXMLSignatureRequestBuilder().buildForeignID(subject.toString(), oaParam, session); return createXMLSignatureRequest; } @@ -642,7 +620,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE); - System.out.println(xmlCreateXMLSignatureResponse); if (isEmpty(xmlCreateXMLSignatureResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); @@ -757,6 +734,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return authBlock; } + /** * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index d684c16c9..bab387b4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -153,6 +153,138 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //..BZ + if (target == null) { + // OA is a business application + if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { + // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator + gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + + //BZ.., adding type of wbPK domain identifier + ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); + //..BZ + + } else { + // We do not have a wbPK, therefore no SAML-Attribute is provided + session.setSAMLAttributeGebeORwbpk(false); + } + } else { + // OA is a govermental application + //BZ.. + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); + //..BZ + + //BZ.., no business service, adding bPK + + Element bpkSamlValueElement; + try { + bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement(); + } catch (Exception e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + ExtendedSAMLAttribute bpkAttribute = + new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(bpkAttribute); + //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + //..BZ + } + + //BZ.., adding friendly name of OA + String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + + ExtendedSAMLAttribute oaFriendlyNameAttribute = + new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(oaFriendlyNameAttribute); + //..BZ + + String assertion; + try { + assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { + wbpkNSDeclaration, + issuer, + issueInstant, + authURL, + gebeORwbpk, + oaURL, + gebDat, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + + return assertion; + + } + + /** + * Builds the authentication block <saml:Assertion> + * + * @param issuer authentication block issuer; "GivenName FamilyName" + * @param issueInstant current timestamp + * @param authURL URL of MOA-ID authentication component + * @param target "Geschäftsbereich"; maybe null if the application + * is a business application + * @param identityLinkValue the content of the <pr:Value> + * child element of the <pr:Identification> + * element derived from the Identitylink; this is the + * value of the wbPK; + * maybe null if the application is a public service + * @param identityLinkType the content of the <pr:Type> + * child element of the <pr:Identification> + * element derived from the Identitylink; this includes the + * URN prefix and the identification number of the business + * application used as input for wbPK computation; + * maybe null if the application is a public service + * @param oaURL public URL of online application requested + * @param gebDat The date of birth from the identity link. + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock. + * + * @return String representation of authentication block + * <saml:Assertion> built + * + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + public String buildAuthBlockForeignID( + String issuer, + String issueInstant, + String authURL, + String target, + String identityLinkValue, + String identityLinkType, + String oaURL, + String gebDat, + List extendedSAMLAttributes, + AuthenticationSession session) + throws BuildException + { + session.setSAMLAttributeGebeORwbpk(true); + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + + //BZ.., reading OA parameters + OAAuthParameter oaParam; + try { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } catch (ConfigurationException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + //..BZ + + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index fe73ce16b..4ef8dc359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -16,8 +16,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; +import java.util.Calendar; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; /** @@ -105,4 +110,137 @@ public class CreateXMLSignatureRequestBuilder implements Constants { return request; } + + /** + * Builds the <CreateXMLSignatureRequest> for a foreign ID. + * + * @param subject the subject of the foreign certificate + * @param oaParam parameter for the OA + * @param session current session + * @return String representation of <CreateXMLSignatureRequest> + */ + public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + + String target = session.getTarget(); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + + Calendar cal = Calendar.getInstance(); + String date = DateTimeUtils.buildDate(cal); + String time = DateTimeUtils.buildTime(cal); + + String request = ""; + request += ""; + request += "SecureSignatureKeypair"; + request += ""; + request += ""; + request += ""; + + request += ""; + request += ""; + request += "Signatur der Anmeldedaten"; + request += ""; + request += ""; + request += ""; + request += "

Authentication Data:

"; + request += "

Personal Data

"; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
Name:"; + request += subject; + request += "
"; + request += "

Application Data

"; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
Name:"; + // friendlyname from OA + request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + request += "
Country:Austria
"; + request += "

Technical Parameters

"; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + boolean business = oaParam.getBusinessService(); + if (business) { + // OA is businessservice + String identifierType = oaParam.getIdentityLinkDomainIdentifierType(); + String identifier = oaParam.getIdentityLinkDomainIdentifier(); + request += ""; + request += ""; + request += ""; + request += ""; + } + else { + // OA is publicservice + request += ""; + request += ""; + request += ""; + request += ""; + + } + + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
URL:"; + //public URL prefix from OA + request += oaParam.getPublicURLPrefix(); + request += "
"; + request += identifierType + ":"; + request += ""; + request += identifier; + request += "
"; + request += "Sector:"; + request += target + " (" + sectorName + ")"; + request += "
Date:"; + request += date; + request += "
Time:"; + request += time; + request += "
"; + + request += "

I hereby request to access this e-government application by using my " + + "domestic electronic identity.
" + + "I further affirm that I am not yet registered with the Austrian Central " + + "Residents Registry and that I am not obliged to register with the Austrian " + + "Central Residents Registry according to Austrian law.
" + + "In the event I am not yet registered with the Supplementary Register, I " + + "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + + "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).

"; + + request += ""; + request += ""; + + request += "
"; + request += "
"; + request += ""; + request += ""; + request += "application/xhtml+xml"; + request += ""; + request += ""; + request += "
"; + request += "
"; + + return request; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 0599c79bd..c2de2e3e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -1,38 +1,31 @@ package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; -import iaik.x509.X509Certificate; import java.io.IOException; import java.security.GeneralSecurityException; -import java.security.cert.CertificateEncodingException; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Text; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String redirectURL = null; - X509Certificate cert = null; AuthenticationSession session = null; try { // check parameter @@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); - cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters); - -// Element signature = AuthenticationServer.getInstance().getDsigElement -// (sessionID, parameters); + String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + Logger.debug(xmlCreateXMLSignatureResponse); + + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig(); -// if (signature == null) { - if (cert == null) { - handleError("Error retrieving signature from foreign eID card.", null, req, resp); + Element signature = csresp.getDsigSignature(); + + // make SZR request to the identity link + CreateIdentityLinkResponse response = getIdentityLink(signature); + + if (response.isError()) { + throw new SZRGWClientException(response.getError()); } else { - - // make SZR request - //Element samlAssertion = getIdentityLink(signature); - Element samlAssertion = getIdentityLink(cert); - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); - IdentityLink identitylink = ilParser.parseIdentityLink(); - session.setIdentityLink(identitylink); - - String samlArtifactBase64 = - AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - } - catch (ParseException ex) { - handleError(null, ex, req, resp); + Element samlAssertion = response.getAssertion(); + + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLink identitylink = ilParser.parseIdentityLink(); + session.setIdentityLink(identitylink); + + String samlArtifactBase64 = + AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + } catch (MOAIDException ex) { handleError(null, ex, req, resp); @@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet { /** * Does the request to the SZR-GW - * @param givenname - * @param familyname - * @param dateofbirth + * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException */ - /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ - private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { + private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException { - SZRGWClient client = new SZRGWClient(); - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; - Logger.debug("Connection Parameters: " + connectionParameters); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (PKIException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - } - // create request - Document doc = buildGetIdentityLinkRequest(cert); - Element request = doc.getDocumentElement(); - CreateIdentityLinkResponse response = null; - - //try { - response = client.createIdentityLinkResponse(request); - //} catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - // client = new SZRGWClient(url); - // response = client.createIdentityLinkResponse(request); - // } - + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + throw new SZRGWClientException(e); + } catch (GeneralSecurityException e) { + throw new SZRGWClientException(e); + } catch (PKIException e) { + throw new SZRGWClientException(e); + } + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + } + + // create request + CreateIdentityLinkResponse response = null; + Element request = null; + try { + Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature); + request = doc.getDocumentElement(); + + // send request + response = client.createIdentityLinkResponse(request); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + try { + response = client.createIdentityLinkResponse(request); + } + catch (SZRGWClientException e1) { + throw new SZRGWClientException(e1); + } + } - return response.getAssertion(); + + return response; } @@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet { * @param birthday * @return */ - private static Document buildGetIdentityLinkRequest(X509Certificate cert) { - - try { - byte[] certbyte = cert.getEncoded(); - String certstring = Base64.encode(certbyte); - - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); - doc.appendChild(getIdentityLink); - - Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); - getIdentityLink.appendChild(x509certificate); - Text certbase64 = doc.createTextNode(certstring); - x509certificate.appendChild(certbase64); - - return doc; - } catch (ParserConfigurationException e) { - e.printStackTrace(); - } catch (CertificateEncodingException e) { - e.printStackTrace(); - } - return null; - - } - - /** - * Checks a parameter. - * @param param parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } +// private static Document buildGetIdentityLinkRequest(X509Certificate cert) { +// +// try { +// byte[] certbyte = cert.getEncoded(); +// String certstring = Base64.encode(certbyte); +// +// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); +// factory.setNamespaceAware(true); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// Document doc = builder.newDocument(); +// +// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); +// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); +// doc.appendChild(getIdentityLink); +// +// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); +// getIdentityLink.appendChild(x509certificate); +// Text certbase64 = doc.createTextNode(certstring); +// x509certificate.appendChild(certbase64); +// +// return doc; +// } catch (ParserConfigurationException e) { +// e.printStackTrace(); +// } catch (CertificateEncodingException e) { +// e.printStackTrace(); +// } +// return null; +// +// } +// +// /** +// * Checks a parameter. +// * @param param parameter +// * @return true if the parameter is null or empty +// */ +// private boolean isEmpty(String param) { +// return param == null || param.length() == 0; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 8165f90f8..2430095b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -63,7 +63,7 @@ public class StartAuthenticationServlet extends AuthServlet { } authURL = authURL.concat(req.getContextPath() + "/"); - String target = req.getParameter(PARAM_TARGET); + String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -91,7 +91,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); - + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 824df9ca8..8ae951dda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -96,7 +96,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); String redirectURL = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index c9c1e794d..1b96ce8a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -93,7 +93,6 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); AuthenticationSession session = null; try { @@ -104,55 +103,19 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - - System.out.println(cert); - - String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert); - - System.out.println(createXMLSignatureRequest); - + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); // build dataurl (to the GetForeignIDSerlvet) - String dataurl = + String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_GET_FOREIGN_ID, session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); -// Logger.debug("Send CreateXMLSignatureRequest to BKU"); -// String keyboxIdentifier = "SecureSignatureKeypair"; -// //String keyboxIdentifier = "CertifiedKeypair"; -// String xmlContent = " " + -// "CreateXMLSignatureRequest" + -// "