From 2ded3e74601d89809b8290b0896b27ddce8f35d8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 17 Feb 2016 12:19:25 +0100 Subject: delete STORK authentication module --- .../id/auth/modules/stork/STORKAuthModuleImpl.java | 43 -- .../stork/STORKProcessEngineSignalServlet.java | 113 --- .../AbstractPepsConnectorWithLocalSigningTask.java | 228 ------ .../tasks/CreateStorkAuthRequestFormTask.java | 454 ------------ .../PepsConnectorHandleLocalSignResponseTask.java | 234 ------ ...onnectorHandleResponseWithoutSignatureTask.java | 458 ------------ .../modules/stork/tasks/PepsConnectorTask.java | 798 --------------------- .../moa/id/auth/stork/STORKException.java | 64 -- .../moa/id/auth/stork/STORKResponseProcessor.java | 286 -------- .../STORKAdoptedFamilyNameAttributBuilder.java | 49 -- .../attributes/STORKAgeAttributBuilder.java | 49 -- .../builder/attributes/STORKAttributHelper.java | 71 -- ...RKCanonicalResidenceAddressAttributBuilder.java | 49 -- .../STORKCountryCodeOfBirthAttributBuilder.java | 49 -- .../STORKFiscalNumberAttributBuilder.java | 49 -- .../attributes/STORKGenderAttributBuilder.java | 49 -- .../STORKInhertedFamilyNameAttributBuilder.java | 49 -- .../attributes/STORKIsAgeOverAttributBuilder.java | 49 -- .../STORKMaritalStatusAttributBuilder.java | 49 -- .../STORKNationalityCodeAttributBuilder.java | 49 -- .../attributes/STORKPseudonymAttributBuilder.java | 49 -- .../STORKResidencePermitAttributBuilder.java | 49 -- .../STORKTextResidenceAddressAttributBuilder.java | 49 -- .../attributes/STORKTitleAttributBuilder.java | 49 -- .../id/protocols/stork2/AttributeCollector.java | 367 ---------- .../protocols/stork2/AttributeProviderFactory.java | 101 --- .../id/protocols/stork2/AuthenticationRequest.java | 531 -------------- .../moa/id/protocols/stork2/ConsentEvaluator.java | 249 ------- .../stork2/CorporateBodyMandateContainer.java | 115 --- .../moa/id/protocols/stork2/DataContainer.java | 100 --- .../ExternalAttributeRequestRequiredException.java | 53 -- .../id/protocols/stork2/MOAAttributeProvider.java | 255 ------- .../moa/id/protocols/stork2/MOASTORKRequest.java | 265 ------- .../moa/id/protocols/stork2/MOASTORKResponse.java | 308 -------- .../moa/id/protocols/stork2/MandateContainer.java | 182 ----- .../protocols/stork2/MandateRetrievalRequest.java | 602 ---------------- .../stork2/PhyPersonMandateContainer.java | 132 ---- .../moa/id/protocols/stork2/S2Constants.java | 66 -- .../moa/id/protocols/stork2/STORKPVPUtilits.java | 49 -- .../moa/id/protocols/stork2/STORKProtocol.java | 233 ------ .../protocols/stork2/SimpleNamespaceContext.java | 83 --- .../stork2/UnsupportedAttributeException.java | 29 - .../attributeproviders/AttributeProvider.java | 139 ---- .../EHvdAttributeProviderPlugin.java | 254 ------- .../MandateAttributeRequestProvider.java | 231 ------ .../PVPAuthenticationProvider.java | 238 ------ .../SignedDocAttributeRequestProvider.java | 688 ------------------ .../StorkAttributeRequestProvider.java | 193 ----- .../at.gv.egovernment.moa.id.moduls.IModulInfo | 1 - ....protocols.builder.attributes.IAttributeBuilder | 14 - .../auth/modules/stork/STORK.authmodule.beans.xml | 14 - .../modules/stork/STORKAuthentication.process.xml | 29 - .../resources/xmldata/fakeIdL_IdL_template.xml | 51 -- 53 files changed, 9007 deletions(-) delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKProcessEngineSignalServlet.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAgeAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKFiscalNumberAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKGenderAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKIsAgeOverAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKMaritalStatusAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKNationalityCodeAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKPseudonymAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKResidencePermitAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTextResidenceAddressAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTitleAttributBuilder.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java delete mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java delete mode 100644 id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo delete mode 100644 id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder delete mode 100644 id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml delete mode 100644 id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml delete mode 100644 id/server/modules/module-stork/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml (limited to 'id/server/modules/module-stork/src/main') diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java deleted file mode 100644 index ecb568635..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java +++ /dev/null @@ -1,43 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.stork; - -import org.apache.commons.lang3.StringUtils; - -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; - -/** - * Module descriptor for an auth module providing stork authentication related processes. - * @author tknall - */ -public class STORKAuthModuleImpl implements AuthModule { - - private int priority = 0; - - @Override - public int getPriority() { - return priority; - } - - /** - * Sets the priority of this module. Default value is {@code 0}. - * @param priority The priority. - */ - public void setPriority(int priority) { - this.priority = priority; - } - - @Override - public String selectProcess(ExecutionContext context) { - if (StringUtils.isNotBlank((String) context.get("ccc")) || - StringUtils.isNotBlank((String) context.get("CCC"))) - return "STORKAuthentication"; - else - return null; - } - - @Override - public String[] getProcessDefinitions() { - return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml" }; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKProcessEngineSignalServlet.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKProcessEngineSignalServlet.java deleted file mode 100644 index efc1cd498..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKProcessEngineSignalServlet.java +++ /dev/null @@ -1,113 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.stork; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServletRequest; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathConstants; -import javax.xml.xpath.XPathExpression; -import javax.xml.xpath.XPathFactory; - -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.util.xml.SimpleNamespaceContext; -import org.w3c.dom.Document; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; - -/** - * STORK module specific servlet, overloading {@link ProcessEngineSignalServlet}'s method - * {@linkplain ProcessEngineSignalServlet#getMoaSessionId(HttpServletRequest) getMoaSessionId(HttpServletRequest)} - * extending its capabilities for retrieving the current moa session id. - *

- * This {@code STORKProcessEngineSignalServlet} tries to resolve the moa session id using the following strategy: - *

- * - * @author tknall - * - */ -@WebServlet(urlPatterns = { "/PEPSConnectorWithLocalSigning", "/PEPSConnector" }, loadOnStartup = 1) -public class STORKProcessEngineSignalServlet extends ProcessEngineSignalServlet { - - private static final long serialVersionUID = 1L; - - public STORKProcessEngineSignalServlet() { - super(); - Logger.debug("Registering servlet " + getClass().getName() + " with mappings '/PEPSConnectorWithLocalSigning', '/PEPSConnector'."); - } - - @Override - public String getMoaSessionId(HttpServletRequest request) { - String sessionId = super.getMoaSessionId(request); - - try { - - // use SAML2 relayState - if (sessionId == null) { - sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState")); - } - - // take from InResponseTo attribute of SAMLResponse - if (sessionId == null) { - String base64SamlToken = request.getParameter("SAMLResponse"); - if (base64SamlToken != null) { - byte[] samlToken = Base64Utils.decode(base64SamlToken, false); - Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken)); - - XPath xPath = XPathFactory.newInstance().newXPath(); - SimpleNamespaceContext nsContext = new SimpleNamespaceContext(); - nsContext.bindNamespaceUri("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol"); - xPath.setNamespaceContext(nsContext); - XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)"); - sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING); - sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId)); - } else { - Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); - } - } - - } catch (Exception e) { - Logger.warn("Unable to retrieve moa session id.", e); - } - - return sessionId; - } - - /** - * Parses a xml document (namespace aware). - * - * @param in - * The input stream. - * @return The DOM document. - * @throws ParserConfigurationException - * Thrown in case of configuration error. - * @throws IOException - * Thrown in case of error reading from the input stream. - * @throws SAXException - * Thrown in case of error parsing the document. - */ - public static Document parseDocument(InputStream in) throws ParserConfigurationException, SAXException, IOException { - DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); - documentBuilderFactory.setNamespaceAware(true); - documentBuilderFactory.setIgnoringElementContentWhitespace(false); - documentBuilderFactory.setValidating(false); - DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); - return documentBuilder.parse(in); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java deleted file mode 100644 index ee4961d5e..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java +++ /dev/null @@ -1,228 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.stork.tasks; - -import iaik.x509.X509Certificate; - -import java.io.IOException; -import java.io.InputStream; -import java.io.UnsupportedEncodingException; -import java.security.cert.CertificateException; -import java.util.HashMap; - -import javax.activation.DataSource; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactoryConfigurationError; - -import org.apache.commons.io.IOUtils; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.stork.STORKException; -import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.SPSSFactory; -import at.gv.egovernment.moa.spss.api.SignatureVerificationService; -import at.gv.egovernment.moa.spss.api.common.Content; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.util.xsd.xmldsig.SignatureType; -import at.gv.util.xsd.xmldsig.X509DataType; -import eu.stork.oasisdss.api.LightweightSourceResolver; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.exceptions.UtilsException; -import eu.stork.oasisdss.profile.SignResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; - -public abstract class AbstractPepsConnectorWithLocalSigningTask extends AbstractAuthServletTask { - - public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnectorWithLocalSigning"; - - String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, - TransformerConfigurationException, UtilsException, TransformerException, - TransformerFactoryConfigurationError, IOException, ApiUtilsException { - // fetch signed doc - DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse); - if (ds == null) { - throw new ApiUtilsException("No datasource found in response"); - } - - InputStream incoming = ds.getInputStream(); - String citizenSignature = IOUtils.toString(incoming); - incoming.close(); - - return citizenSignature; - } - - void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, - String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException { - Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); - Logger.debug("Citizen signature will be verified by SZR Gateway!"); - - Logger.debug("fetching OAParameters from database"); - - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter( - moaSession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); - - // retrieve target - // TODO: check in case of SSO!!! - String targetType = null; - if (oaParam.getBusinessService()) { - String id = oaParam.getIdentityLinkDomainIdentifier(); - if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - targetType = id; - else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier(); - } else { - targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); - } - - Logger.debug("Starting connecting SZR Gateway"); - // contact SZR Gateway - IdentityLink identityLink = null; - - identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, oaParam.getFriendlyName(), - targetType, null, oaParam.getMandateProfiles(), citizenSignature); - Logger.debug("SZR communication was successfull"); - - if (identityLink == null) { - Logger.error("SZR Gateway did not return an identity link."); - throw new MOAIDException("stork.10", null); - } - Logger.info("Received Identity Link from SZR Gateway"); - moaSession.setIdentityLink(identityLink); - - Logger.debug("Adding addtional STORK attributes to MOA session"); - moaSession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, - personalAttributeList); - - // We don't have BKUURL, setting from null to "Not applicable" - moaSession.setBkuURL("Not applicable (STORK Authentication)"); - - // free for single use - moaSession.setAuthenticatedUsed(false); - - // stork did the authentication step - moaSession.setAuthenticated(true); - - // TODO: found better solution, but QAA Level in response could be not supported yet - try { - if (authnContextClassRef == null) - authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel(); - moaSession.setQAALevel(authnContextClassRef); - - } catch (Throwable e) { - Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); - - } - - } - - X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException, - UnsupportedEncodingException { - JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); - SignatureType root = ((JAXBElement) ctx.createUnmarshaller().unmarshal( - IOUtils.toInputStream(citizenSignature))).getValue(); - - // extract certificate - for (Object current : root.getKeyInfo().getContent()) - if (((JAXBElement) current).getValue() instanceof X509DataType) { - for (Object currentX509Data : ((JAXBElement) current).getValue() - .getX509IssuerSerialOrX509SKIOrX509SubjectName()) { - JAXBElement casted = ((JAXBElement) currentX509Data); - if (casted.getName().getLocalPart().equals("X509Certificate")) { - return new X509Certificate(((String) casted.getValue()).getBytes("UTF-8")); - } - } - } - return null; - } - - VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException, - BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException, - SAXException, IOException, ParserConfigurationException, MOAException { - // Based on MOA demo client - // Factory und Service instanzieren - SPSSFactory spssFac = SPSSFactory.getInstance(); - SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance(); - - Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null); - - // Position der zu prüfenden Signatur im Dokument angeben - // (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle - // der damit bezeichnete Namenraum mitgegeben werden) - HashMap nSMap = new HashMap(); - nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#"); - VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap); - - // Zu prüfendes Dokument und Signaturposition zusammenfassen - - VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation); - - // Prüfrequest zusammenstellen - VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(null, // Wird Prüfzeit nicht - // angegeben, wird - // aktuelle Zeit - // verwendet - sigInfo, null, // Keine Ergänzungsobjekte notwendig - null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden - false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert - "MOAIDBuergerkartePersonenbindungMitTestkarten");// TODO load from config - // "Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils - - VerifyXMLSignatureResponse verifyResponse = null; - try { - // Aufruf der Signaturprüfung - verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest); - } catch (MOAException e) { - // Service liefert Fehler - System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:"); - System.err.println("Fehlercode: " + e.getMessageId()); - System.err.println("Fehlernachricht: " + e.getMessage()); - throw e; - } - - return verifyResponse; - } - - at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert( - VerifyXMLSignatureResponse xMLVerifySignatureResponse) { - at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse(); - response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode()); - response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority()); - // response.setPublicAuthorityCode(publicAuthorityCode) - response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate()); - response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode()); - response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode()); - // response.setSigningDateTime() - // response.setX509certificate(x509certificate) - response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode()); - // response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck()) - // response.setXmlDsigSubjectName(xmlDsigSubjectName) - return response; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java deleted file mode 100644 index f50e02200..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ /dev/null @@ -1,454 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.stork.tasks; - -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; - -import java.io.IOException; -import java.io.StringWriter; -import java.math.BigInteger; -import java.net.URL; -import java.security.NoSuchAlgorithmException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang3.BooleanUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.IdentifierGenerator; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.w3c.dom.DOMException; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.oasisdss.api.AdditionalProfiles; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.Profiles; -import eu.stork.oasisdss.api.QualityLevels; -import eu.stork.oasisdss.api.SignatureTypes; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.profile.AnyType; -import eu.stork.oasisdss.profile.DocumentType; -import eu.stork.oasisdss.profile.SignRequest; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -/** - * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.

- * In detail: - *

    - *
  • Validates the stork configuration in order to make sure the selected country is supported.
    • - *
  • Puts a flag ({@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}) into the ExecutionContext reflecting the capability of the C-PEPS to create xml signatures.
    • - *
  • Invokes {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} which
    • - *
      - *
    • Creates and signs a SAML2 stork authentication request.
      • - *
    • Creates a signature request for auth block signature (either to be performed by the C-PEPS or locally).
      • - *
    • Using the velocity template engine in order to create a form with the embedded stork request.
      • - *
    • Writes the form to the response output stream.
      • - *
    - *
- * Expects: - *
    - *
  • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
    • - *
  • Property {@code ccc} set within the moa session.
    • - *
- * Result: - *
    - *
  • Form containing a SAML2 Stork authentication request and an action url pointing to the selected C-PEPS.
    • - *
  • Assertion consumer URL for C-PEPS set either to {@code /PEPSConnector} in case of a C-PEPS supporting xml signatures or {@code /PEPSConnectorWithLocalSigning} if the selected C-PEPS does not support xml signatures.
    • - *
  • In case of a C-PEPS not supporting xml signature: moasession with set signedDoc property (containing the signature request for local signing).
    • - *
  • ExecutionContext contains the boolean flag {@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}. - *
- * Code taken from {@link StartAuthenticationBuilder#build(AuthenticationSession, HttpServletRequest, HttpServletResponse)}.
- * Using {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} - * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) - */ -public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { - - /** - * Boolean value reflecting the capability of the selected c-peps of creating xml signatures. - */ - public static final String PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED = "C-PEPS:XMLSignatureSupported"; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws TaskExecutionException { - - String pendingRequestID = null; - String sessionID = null; - try { - setNoCachingHeaders(resp); - - sessionID = (String) executionContext.get(PARAM_SESSIONID); - pendingRequestID = (String) executionContext.get("pendingRequestID"); - String ccc = (String) executionContext.get("CCC"); - - - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12"); - } - AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID); - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - - // bugfix: the new task system fails to initialize the CCC - set it here - moasession.setCcc((String) executionContext.get(MOAIDAuthConstants.PARAM_CCC)); - - if (StringUtils.isEmpty(moasession.getCcc())) { - // illegal state; task should not have been executed without a selected country - throw new AuthenticationException("stork.22", new Object[] { sessionID }); - - } - MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED); - - STORKConfig storkConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); - if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) { - throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID }); - } - - // STORK authentication - // cpeps cannot be null - CPEPS cpeps = storkConfig.getCPEPS(ccc); - Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); - executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported()); - - //add selected Country-Code to MOASession DAO - moasession.setCcc(ccc); - - Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc()); - startSTORKAuthentication(req, resp, moasession, pendingReq); - - } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); - - } catch (Exception e) { - Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e); - throw new TaskExecutionException("CreateStorkAuthRequestFormTask has an interal Error.", e); - - } - - finally { - - } - } - - /** - * Starts a MOA-ID authentication process using STORK - * - * @param req HttpServletRequest - * @param resp HttpServletResponse - * @param pendingReq - * @param ccc Citizen country code - * @param oaURL URL of the online application - * @param target Target parameter - * @param targetFriendlyName Friendly Name of Target - * @param authURL Authentication URL - * @param sourceID SourceID parameter - * @throws MOAIDException - * @throws AuthenticationException - * @throws WrongParametersException - * @throws ConfigurationException - */ - public void startSTORKAuthentication( - HttpServletRequest req, - HttpServletResponse resp, - AuthenticationSession moasession, IRequest pendingReq) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[]{}); - } - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()}); - - //Start of STORK Processing - STORKConfig storkConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); - - CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); - - Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:"); - String destination = cpeps.getPepsURL().toExternalForm(); - Logger.debug("C-PEPS URL: " + destination); - - - String issuerValue = pendingReq.getAuthURL(); - // String acsURL = new DataURLBuilder().buildDataURL(issuerValue, - // PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID()); - - - String providerName = oaParam.getFriendlyName(); - Logger.debug("Issuer value: " + issuerValue); - - // prepare collection of required attributes - // - attributes for online application - Collection attributesFromConfig = oaParam.getRequestedSTORKAttributes(); - - // - prepare attribute list - PersonalAttributeList attributeList = new PersonalAttributeList(); - - // - fill container - for (StorkAttribute current : attributesFromConfig) { - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(current.getName()); - - boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes()) - if (current.getName().equals(currentGlobalAttribute.getName())) { - globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); - break; - } - - newAttribute.setIsRequired(current.getMandatory() || globallyMandatory); - attributeList.add(newAttribute); - } - - // add sign request - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName("signedDoc"); - newAttribute.setIsRequired(true); - List value = new ArrayList(); - - Logger.debug("PEPS supports XMLSignatures:"+cpeps.isXMLSignatureSupported()); - String acsURL; - if(cpeps.isXMLSignatureSupported())//Send SignRequest to PEPS - { - //solve Problem with sessionIDs - acsURL = issuerValue + PepsConnectorTask.PEPSCONNECTOR_SERVLET_URL_PATTERN; - - value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", moasession.getCcc())); - newAttribute.setValue(value); - attributeList.add(newAttribute); - - // TODO[branch]: STORK AuthReq CPEPS acsURL "/PEPSConnector" - } - else//Process SignRequest locally with MOCCA - { - String target = moasession.getTarget(); - moasession.setTarget("AT"); - String signedDoc = (generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), - "application/xhtml+xml", "AT"));//moasession.getCcc() - moasession.setTarget(target); - Logger.warn("signedDoc to store:"+signedDoc); - //attributeList.add(newAttribute); - - //store SignRequest for later... - moasession.setGenericDataToSession("STORK_signDoc", signedDoc); - - acsURL = issuerValue + AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN; - // TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning" - try { - AuthenticationSessionStoreage.storeSession(moasession); - } catch (MOADatabaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - } - Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); - - if (Logger.isDebugEnabled()) { - Logger.debug("The following attributes are requested for this OA:"); - for (StorkAttribute logReqAttr : attributesFromConfig) - Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.getMandatory()); - } - - //TODO: check Target in case of SSO!! - String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - String spCountry = "AT"; // intentionally set AT - the flow is limited on that use case only - - //generate AuthnRquest - STORKAuthnRequest authnRequest = new STORKAuthnRequest(); - authnRequest.setDestination(destination); - authnRequest.setAssertionConsumerServiceURL(acsURL);//PEPSConnectorWithLocalSigning - authnRequest.setProviderName(providerName); - authnRequest.setIssuer(issuerValue); - authnRequest.setQaa(oaParam.getQaaLevel()); - authnRequest.setSpInstitution(spInstitution); - authnRequest.setSpCountry(spCountry); - authnRequest.setSpApplication(spApplication); - authnRequest.setSpSector(spSector); - authnRequest.setPersonalAttributeList(attributeList); - - //TODO change - authnRequest.setEIDCrossBorderShare(true); - authnRequest.setEIDCrossSectorShare(true); - authnRequest.setEIDSectorShare(true); - - authnRequest.setCitizenCountryCode(moasession.getCcc()); - - Logger.debug("STORK AuthnRequest succesfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); - - if (samlEngine == null) { - Logger.error("Could not initalize STORK SAML engine."); - throw new MOAIDException("stork.00", null); - } - - try { - authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AuthnRequest successfully signed!"); - - //validate AuthnRequest - try { - samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - Logger.error("STORK SAML AuthnRequest not valid.", e); - throw new MOAIDException("stork.01", null); - } - - Logger.debug("STORK AuthnRequest successfully internally validated."); - - //send - moasession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_REQUEST, - authnRequest); - - // do PEPS-conform logging for easier evaluation - try { - // 2015-03-12 16:44:27.144#S-PEPS receives request from SP#spurl#spepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1# - Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives request from SP#" + - moasession.getPublicOAURLPrefix() + "#" + issuerValue + "#" + spApplication + "#" + - new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() + - "#_hash_#" + moasession.getProcessInstanceId() + "#"); - } catch (Exception e1) { - Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); - } - - AuthenticationSessionStoreage.changeSessionID(moasession, authnRequest.getSamlId()); - - - Logger.info("Preparing to send STORK AuthnRequest."); - Logger.info("prepared STORKAuthnRequest: "); - Logger.info(new String(authnRequest.getTokenSaml())); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); - context.put("RelayState", moasession.getSessionID()); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - // TODO[branch]: SAML2 Form Submit to CPEPS, response to acsURL Servlet - - resp.setContentType("text/html;charset=UTF-8"); - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } catch (Exception e) { - Logger.error("Error sending STORK SAML AuthnRequest.", e); - throw new MOAIDException("stork.02", new Object[]{destination}); - - } - - Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); - MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getDestination()); - - // do PEPS-conform logging for easier evaluation - try { - // 2015-03-12 16:44:27.144#S-PEPS generates request to C-PEPS#spepsurl#cpepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1#id2# - Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates request to C-PEPS#" + - issuerValue + "#" + destination + "#" + spApplication + "#" + - new URL(moasession.getPublicOAURLPrefix()).getHost() + "#" + moasession.getCcc() + "#" + oaParam.getQaaLevel() + - "#_hash_#" + moasession.getProcessInstanceId() + "#" + authnRequest.getSamlId() + "#"); - } catch (Exception e1) { - Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); - } - } - - private String generateDssSignRequest(String text, String mimeType, String citizenCountry) { - IdentifierGenerator idGenerator; - try { - idGenerator = new SecureRandomIdentifierGenerator(); - - DocumentType doc = new DocumentType(); - doc.setBase64XML(text.getBytes("UTF-8")); - doc.setID(idGenerator.generateIdentifier()); - - SignRequest request = new SignRequest(); - request.setInputDocuments(ApiUtils.createInputDocuments(doc)); - - String id = idGenerator.generateIdentifier(); - request.setRequestID(id); - request.setDocUI(id); - - request.setProfile(Profiles.XADES_BES.toString()); - request.setNumberOfSigners(BigInteger.ONE); - request.setTargetCountry(citizenCountry); - - // no, no todo. PEPS will alter this value anyhow. - request.setReturnURL("http://invalid_return"); - - AnyType required = new AnyType(); - required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString())); - required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString())); - required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG)); - required.getAny().add(ApiUtils.createIncludeObject(doc)); - request.setOptionalInputs(required); - - return IOUtils.toString(ApiUtils.marshalToInputStream(request)); - } catch (NoSuchAlgorithmException e) { - Logger.error("Cannot generate id", e); - throw new RuntimeException(e); - } catch (ApiUtilsException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (DOMException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } catch (IOException e) { - Logger.error("Could not create SignRequest", e); - throw new RuntimeException(e); - } - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java deleted file mode 100644 index f872241ae..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java +++ /dev/null @@ -1,234 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.stork.tasks; - -import iaik.x509.X509Certificate; - -import java.io.IOException; -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.Source; -import javax.xml.transform.stream.StreamSource; - -import org.apache.commons.codec.binary.Base64; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.stork.STORKException; - -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.Base64Utils; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.profile.SignResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; - -/** - * Processes the citizen's signature, creates identity link using szr gateway and finalizes authentication. - *

- * In detail: - *

    - *
  • Changes moa session id.
    • - *
  • Decodes and validates the sign response, extracting the citizen's signature.
    • - *
  • Verifies the citizen's signature.
    • - *
  • Create {@code signedDoc} attribute.
    • - *
  • Retrieve identity link from SZR gateway using the citizen's signature.
    • - *
  • If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link. - * Therefore a form is presented asking for the subject's gender. The form finally submits the user back to the - * {@code /PepsConnectorWithLocalSigning} servlet (this task).
    • - *
  • The moa session is updated with authentication information.
    • - *
  • Change moa session id.
    • - *
  • Redirects back to {@code /dispatcher} in order to finalize the authentication.
    • - *
- * Expects: - *
    - *
  • HttpServletRequest parameter {@code moaSessionID}
    • - *
  • HttpServletRequest parameter {@code signresponse}
    • - *
- * Result: - *
    - *
  • Updated moa id session (signed auth block, signer certificate etc.)
    • - *
  • Redirect to {@code /dispatcher}.
    • - *
  • {@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.
    • - *
- * Possible branches: - *
    - *
  • In case the szr gateway throws exception due to missing gender information: - *
      - *
    • Returns a form for gender selection with action url back to this servlet/task.
      • - *
    - *
    • - *
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.
- * - * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) - */ -public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnectorWithLocalSigningTask { - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - String moaSessionID = request.getParameter("moaSessionID"); - String signResponse = request.getParameter("signresponse"); - Logger.info("moaSessionID:" + moaSessionID); - Logger.info("signResponse:" + signResponse); - - if (moaSessionID != null && signResponse != null) { - // redirect from oasis with signresponse - handleSignResponse(executionContext, request, response); - } else { - // should not occur - throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null); - } - return; - } - - private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) throws TaskExecutionException { - Logger.info("handleSignResponse started"); - String moaSessionID = request.getParameter("moaSessionID"); - String signResponse = request.getParameter("signresponse"); - Logger.info("moaSessionID:" + moaSessionID); - Logger.info("signResponse:" + signResponse); - String pendingRequestID = null; - try { - - // load MOASession from database - AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID); - // change MOASessionID - moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - - Logger.info("pendingRequestID:" + pendingRequestID); - String signResponseString = new String(Base64Utils.decode(signResponse, false), "UTF8"); - Logger.info("RECEIVED signresponse:" + signResponseString); - // create SignResponse object - Source response1 = new StreamSource(new java.io.StringReader(signResponseString)); - SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class); - - // SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new - // java.io.StringReader(Base64.signResponse))); - - String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); - - // memorize signature into authblock - moaSession.setAuthBlock(citizenSignature); - - X509Certificate cert = getSignerCertificate(citizenSignature); - moaSession.setSignerCertificate(cert); - VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature); - at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse); - - moaSession.setXMLVerifySignatureResponse(tmp); - executionContext.put("identityLinkAvailable", false); - try { - IPersonalAttributeList personalAttributeList = - moaSession.getGenericDataFromSession( - AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, - IPersonalAttributeList.class); - // Add SignResponse TODO Add signature (extracted from signResponse)? - List values = new ArrayList(); - values.add(signResponseString); - // values.add(citizenSignature); - Logger.debug("Assembling signedDoc attribute"); - PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available"); - personalAttributeList.add(signedDocAttribute); - - String authnContextClassRef = moaSession.getGenericDataFromSession( - "STORK_authContextClass", String.class); - SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature); - executionContext.put("identityLinkAvailable", true); - } catch (STORKException e) { - // this is really nasty but we work against the system here. We are supposed to get the gender attribute - // from - // stork. If we do not, we cannot register the person in the ERnP - we have to have the - // gender for the represented person. So here comes the dirty hack. - if (e.getCause() instanceof STORKException - && e.getCause().getMessage().equals("gender not found in response")) { - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); - VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", request.getParameter("SAMLResponse")); - context.put("action", request.getRequestURL()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - response.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e1) { - Logger.error("Error sending gender retrival form.", e1); - // httpSession.invalidate(); - throw new MOAIDException("stork.10", null); - } - - return; - } - - Logger.error("Error connecting SZR Gateway", e); - throw new MOAIDException("stork.10", null); - } - - Logger.debug("Add full STORK AuthnResponse to MOA session"); - moaSession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_RESPONSE, - request.getParameter("SAMLResponse")); - - MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED); - - moaSession.setForeigner(true); - - // session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - - // redirect - String redirectURL = null; - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), - ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), - newMOASessionID); - redirectURL = response.encodeRedirectURL(redirectURL); - - response.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - - } catch (AuthenticationException e) { - throw new TaskExecutionException(e.getMessage(), e); - - } catch (MOAIDException e) { - throw new TaskExecutionException(e.getMessage(), e); - - } catch (Exception e) { - Logger.error("PEPSConnector has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); - } - - finally { - - } - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java deleted file mode 100644 index 0ac26f45f..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ /dev/null @@ -1,458 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.stork.tasks; - -import iaik.x509.X509Certificate; - -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.Collection; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.Source; -import javax.xml.transform.stream.StreamSource; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.saml2.core.StatusCode; - -import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.stork.STORKException; -import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; - -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.profile.SignRequest; -import eu.stork.oasisdss.profile.SignResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -/** - * Validates the SAML response from C-PEPS. - *

- * In detail: - *

    - *
  • Decodes and validates SAML response from C-PEPS.
    • - *
  • Retrieves the moa session using the session id provided by HttpServletRequest parameter {@code RelayState} or by {@code inResponseTo} attribute of the saml response.
    • - *
  • Store saml response in moa session.
    • - *
  • Change moa session id.
    • - *
  • Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.
    • - *
- * Expects: - *
    - *
  • HttpServletRequest parameter {@code moaSessionID} to be {@code null}
    • - *
  • HttpServletRequest parameter {@code signresponse} to be {@code null}
    • - *
  • HttpServletRequest parameter {@code SAMLResponse}
    • - *
  • Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute within the saml response, both reflecting the moa session id.
    • - *
- * Result: - *
    - *
  • Updated moa session (with saml response).
    • - *
  • Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.
    • - *
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.
- * - * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) - */ -public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPepsConnectorWithLocalSigningTask { - - private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet"; - // load from config below - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - String moaSessionID = request.getParameter("moaSessionID"); - String signResponse = request.getParameter("signresponse"); - Logger.info("moaSessionID:" + moaSessionID); - Logger.info("signResponse:" + signResponse); - - if (moaSessionID == null && signResponse == null) { - // normal saml response - handleSAMLResponse(executionContext, request, response); - - } else { - // should not occur - throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null); - } - return; - } - - private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) throws TaskExecutionException { - Logger.info("handleSAMLResponse started"); - String pendingRequestID = null; - - setNoCachingHeaders(response); - try { - Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message."); - Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request)); - - Logger.trace("No Caching headers set for HTTP response"); - - // check if https or only http - super.checkIfHTTPisAllowed(request.getRequestURL().toString()); - - Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); - - // extract STORK Response from HTTP Request - // Decodes SAML Response - byte[] decSamlToken; - try { - decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); - Logger.debug("SAMLResponse: " + new String(decSamlToken)); - - } catch (NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); - throw new MOAIDException("stork.04", null); - } - - // Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); - - STORKAuthnResponse authnResponse = null; - try { - // validate SAML Token - Logger.debug("Starting validation of SAML response"); - authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost()); - Logger.info("SAML response succesfully verified!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to verify STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - Logger.info("STORK SAML Response message succesfully extracted"); - Logger.debug("STORK response: "); - Logger.debug(authnResponse.toString()); - - Logger.debug("Trying to find MOA Session-ID ..."); - // String moaSessionID = request.getParameter(PARAM_SESSIONID); - // first use SAML2 relayState - String moaSessionID = request.getParameter("RelayState"); - - // escape parameter strings - moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); - - // check if SAML2 relaystate includes a MOA sessionID - if (StringUtils.isEmpty(moaSessionID)) { - // if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier - - moaSessionID = authnResponse.getInResponseTo(); - moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); - - if (StringUtils.isEmpty(moaSessionID)) { - // No authentication session has been started before - Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); - Logger.debug("PEPSConnectorURL was: " + request.getRequestURL()); - throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); - - } else - Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute."); - - } else - // Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter."); - Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState."); - - /* - * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because - * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter - */ - // if (!ParamValidatorUtils.isValidSessionID(moaSessionID)) - // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - - // load MOASession from database - AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID); - // change MOASessionID - moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Found MOA sessionID: " + moaSessionID); - - String statusCodeValue = authnResponse.getStatusCode(); - - if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) { - Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue); - throw new MOAIDException("stork.06", new Object[] { statusCodeValue }); - } - - Logger.info("Got SAML response with authentication success message."); - - Logger.debug("MOA session is still valid"); - - STORKAuthnRequest storkAuthnRequest = - moaSession.getGenericDataFromSession( - AuthenticationSessionStorageConstants.STORK_REQUEST, - STORKAuthnRequest.class); - - if (storkAuthnRequest == null) { - Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - throw new MOAIDException("stork.07", null); - } - - Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - - - // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled - // with ALL attributes when there is more than one assertion in the SAML2 STORK message. - IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList(); - - // if the list is empty, there was just one assertion... probably - if(attributeList.isEmpty()) - attributeList = authnResponse.getPersonalAttributeList(); - - // //////////// incorporate gender from parameters if not in stork response - // but first, check if we have a representation case - if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList) - || STORKResponseProcessor.hasAttribute("representative", attributeList) - || STORKResponseProcessor.hasAttribute("represented", attributeList)) { - // in a representation case... - moaSession.setUseMandate("true"); - - // and check if we have the gender value - PersonalAttribute gender = attributeList.get("gender"); - if (null == gender) { - String gendervalue = (String) request.getParameter("gender"); - if (null != gendervalue) { - gender = new PersonalAttribute(); - gender.setName("gender"); - ArrayList tmp = new ArrayList(); - tmp.add(gendervalue); - gender.setValue(tmp); - - attributeList.add(gender); - } - } - } - - - - // //////////////////////////////////////////////////////////////////////// - - Logger.debug("Starting extraction of signedDoc attribute"); - // extract signed doc element and citizen signature - String citizenSignature = null; - try { - PersonalAttribute signedDoc = attributeList.get("signedDoc"); - String signatureInfo = null; - // FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem... - if (signedDoc != null) { - signatureInfo = signedDoc.getValue().get(0); - // should not occur - } else { - - // store SAMLResponse - moaSession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_RESPONSE, - request.getParameter("SAMLResponse")); - // store authnResponse - - // moaSession.setAuthnResponse(authnResponse);//not serializable - moaSession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, - attributeList); - - String authnContextClassRef = null; - try { - authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0) - .getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(); - } catch (Throwable e) { - Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); - } - - moaSession.setGenericDataToSession("STORK_authContextClass", authnContextClassRef); - moaSession.setGenericDataToSession("STORK_returnURL", request.getRequestURL()); - - // load signedDoc - String signRequest = moaSession.getGenericDataFromSession("STORK_signDoc", String.class); - - // session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - // set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID - // signRequest - - String issuerValue = pendingReq.getAuthURL(); - String acsURL = issuerValue - + AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN; - - String url = acsURL + "?moaSessionID=" + newMOASessionID; - // redirect to OASIS module and sign there - - boolean found = false; - try { - Collection aps = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs(); - Logger.info("Found AttributeProviderPlugins:" + aps.size()); - for (StorkAttributeProviderPlugin ap : aps) { - Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes()); - if (ap.getAttributes().equalsIgnoreCase("signedDoc")) { - // FIXME: A servlet's class field is not thread safe!!! - oasisDssWebFormURL = ap.getUrl(); - found = true; - Logger.info("Loaded signedDoc attribute provider url from config:" + oasisDssWebFormURL); - break; - } - } - } catch (Exception e) { - e.printStackTrace(); - Logger.error("Loading the signedDoc attribute provider url from config failed"); - } - if (!found) { - Logger.error("Failed to load the signedDoc attribute provider url from config"); - } - performRedirect(url, request, response, signRequest); - - return; - } - - // FIXME: This servlet/task is intended to handle peps responses without signature, so why do we try to process that signature here? - SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource( - new java.io.StringReader(signatureInfo))); - - citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); - - // memorize signature into authblock - moaSession.setAuthBlock(citizenSignature); - - X509Certificate cert = getSignerCertificate(citizenSignature); - moaSession.setSignerCertificate(cert); - moaSession.setForeigner(true); - - } catch (Throwable e) { - Logger.error("Could not extract citizen signature from C-PEPS", e); - throw new MOAIDException("stork.09", null); - } - - // FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code. - try { - SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions() - .get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef() - .getAuthnContextClassRef(), citizenSignature); - } catch (STORKException e) { - // this is really nasty but we work against the system here. We are supposed to get the gender attribute - // from - // stork. If we do not, we cannot register the person in the ERnP - we have to have the - // gender for the represented person. So here comes the dirty hack. - if (e.getCause() instanceof STORKException - && e.getCause().getMessage().equals("gender not found in response")) { - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); - VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", request.getParameter("SAMLResponse")); - context.put("action", request.getRequestURL()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - response.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e1) { - Logger.error("Error sending gender retrival form.", e1); - // httpSession.invalidate(); - throw new MOAIDException("stork.10", null); - } - - return; - } - - Logger.error("Error connecting SZR Gateway", e); - throw new MOAIDException("stork.10", null); - } - - Logger.debug("Add full STORK AuthnResponse to MOA session"); - moaSession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_RESPONSE, - request.getParameter("SAMLResponse")); - - - // session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - - // redirect - String redirectURL = null; - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), - ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), - newMOASessionID); - redirectURL = response.encodeRedirectURL(redirectURL); - - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - - } catch (AuthenticationException e) { - throw new TaskExecutionException(e.getMessage(), e); - - } catch (MOAIDException e) { - throw new TaskExecutionException(e.getMessage(), e); - - } catch (Exception e) { - Logger.error("PEPSConnector has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); - } - - finally { - - } - - } - - private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString) - throws MOAIDException { - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); - VelocityContext context = new VelocityContext(); - - Logger.debug("performRedirect, signrequest:" + signRequestString); - Source signDoc = new StreamSource(new java.io.StringReader(signRequestString)); - SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class); - signRequest.setReturnURL("TODO"); - signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest)); - context.put("signrequest", Base64Utils.encode(signRequestString.getBytes("UTF8"))); - context.put("clienturl", url); - context.put("action", oasisDssWebFormURL); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e) { - Logger.error("Error sending DSS signrequest.", e); - throw new MOAIDException("stork.11", null); - } - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java deleted file mode 100644 index 8322d1a02..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ /dev/null @@ -1,798 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.stork.tasks; - -import iaik.x509.X509Certificate; - -import java.io.InputStream; -import java.io.StringWriter; -import java.net.URL; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.List; - -import javax.activation.DataSource; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.namespace.QName; -import javax.xml.transform.stream.StreamSource; -import javax.xml.ws.BindingProvider; -import javax.xml.ws.Service; -import javax.xml.ws.soap.SOAPBinding; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.saml2.core.StatusCode; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; - -import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.auth.stork.STORKException; -import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; - -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; -import at.gv.util.xsd.xmldsig.SignatureType; -import at.gv.util.xsd.xmldsig.X509DataType; -import eu.stork.documentservice.DocumentService; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.LightweightSourceResolver; -import eu.stork.oasisdss.profile.DocumentType; -import eu.stork.oasisdss.profile.DocumentWithSignature; -import eu.stork.oasisdss.profile.SignResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -/** - * Evaluates the SAML response from the C-PEPS and authenticates the user. - *

- * In detail: - *

    - *
  • Decodes and validates the SAML response from the C-PEPS.
    • - *
  • Change moa session id.
    • - *
  • Extracts the subject's gender from request parameter {@code gender} if not available from the saml response.
    • - *
  • Extracts the {@code signedDoc} attribute from the response, get signed doc payload using stork attribute query request.
    • - *
  • Request SZR gateway for verification of the citizen's signature and for creating of an identity link.
    • - *
  • In case of mandate mode: If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link. Therefore a form is presented asking for the subject's gender. The form submits the user back to the {@code /PepsConnector} servlet (this task).
    • - *
  • The moa session is updated with authentication information.
    • - *
  • Change moa session id.
    • - *
  • Redirects back to {@code /dispatcher} in order to finalize the authentication.
    • - *
- * Expects: - *
    - *
  • HttpServletRequest parameter {@code SAMLResponse}
    • - *
  • Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute from the SAML response (both depicting the moa session id)
    • - *
  • HttpServletRequest parameter {@code gender} in case the request comes from the gender selection form
    • - *
  • {@code signedDoc} attribute within the SAML response.
    • - *
- * Result: - *
    - *
  • Updated moa id session (identity link, stork attributes...)
    • - *
  • {@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.
    • - *
  • Redirect to {@code /dispatcher}.
    • - *
- * Possible branches: - *
    - *
  • In case the szr gateway throws exception due to missing gender information: - *
      - *
    • Returns a form for gender selection with action url back to this servlet/task.
      • - *
    - *
    • - *
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet}.
- * - * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) - */ -public class PepsConnectorTask extends AbstractAuthServletTask { - - public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnector"; - - public PepsConnectorTask() { - super(); - - } - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - String pendingRequestID = null; - - setNoCachingHeaders(response); - - try { - - Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message."); - Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request)); - - // check if https or only http - super.checkIfHTTPisAllowed(request.getRequestURL().toString()); - - Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); - - // extract STORK Response from HTTP Request - // Decodes SAML Response - byte[] decSamlToken; - try { - decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); - Logger.debug("SAMLResponse: " + new String(decSamlToken)); - - } catch (NullPointerException e) { - Logger.error("Unable to retrieve STORK Response", e); - throw new MOAIDException("stork.04", null); - } - - // Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); - - STORKAuthnResponse authnResponse = null; - try { - // validate SAML Token - Logger.debug("Starting validation of SAML response"); - authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost()); - Logger.info("SAML response succesfully verified!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to verify STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - Logger.info("STORK SAML Response message succesfully extracted"); - Logger.debug("STORK response: "); - Logger.debug(authnResponse.toString()); - - // do PEPS-conform logging for easier evaluation - try { - // 2015-03-12 16:44:27.144#S-PEPS receives response from C-PEPS#orig_msg_id id2 (in response to)#orig_msg_id id1 (in response to)#status#msghash#msg_id id3# - Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives response from C-PEPS#" + - authnResponse.getInResponseTo() + "#NA#" + authnResponse.getMessage() + "#_hash_#" + authnResponse.getSamlId() + "#"); - } catch (Exception e1) { - Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); - } - - Logger.debug("Trying to find MOA Session-ID ..."); - // String moaSessionID = request.getParameter(PARAM_SESSIONID); - // first use SAML2 relayState - String moaSessionID = request.getParameter("RelayState"); - - // escape parameter strings - moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); - - // check if SAML2 relaystate includes a MOA sessionID - if (StringUtils.isEmpty(moaSessionID)) { - // if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier - - moaSessionID = authnResponse.getInResponseTo(); - moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); - - if (StringUtils.isEmpty(moaSessionID)) { - // No authentication session has been started before - Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); - Logger.debug("PEPSConnectorURL was: " + request.getRequestURL()); - throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); - - } else - Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute."); - - } else - // Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter."); - Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState."); - - /* - * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because - * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter - */ - // if (!ParamValidatorUtils.isValidSessionID(moaSessionID)) - // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - - // load MOASession from database - AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID); - // change MOASessionID - moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Found MOA sessionID: " + moaSessionID); - - String statusCodeValue = authnResponse.getStatusCode(); - - if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) { - Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue); - throw new MOAIDException("stork.06", new Object[] { statusCodeValue }); - } - - Logger.info("Got SAML response with authentication success message."); - - Logger.debug("MOA session is still valid"); - - STORKAuthnRequest storkAuthnRequest = - moaSession.getGenericDataFromSession( - AuthenticationSessionStorageConstants.STORK_REQUEST, - STORKAuthnRequest.class); - - if (storkAuthnRequest == null) { - Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - throw new MOAIDException("stork.07", null); - } - - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); - - //================== Check QAA level start ==================== - int reqQaa = -1; - int authQaa = -1; - String authQaaStr = null; - try { - reqQaa = storkAuthnRequest.getQaa(); - - //TODO: found better solution, but QAA Level in response could be not supported yet - try { - - authQaaStr = authnResponse.getAssertions().get(0). - getAuthnStatements().get(0).getAuthnContext(). - getAuthnContextClassRef().getAuthnContextClassRef(); - moaSession.setQAALevel(authQaaStr); - - } catch (Throwable e) { - Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); - authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel(); - } - if(authQaaStr != null)//Check value only if set - { - authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length())); -// authQaa = Integer.valueOf(authQaaStr); - if (reqQaa > authQaa) { - Logger.warn("Requested QAA level does not match to authenticated QAA level"); - throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); - - } - } - } catch (MOAIDException e) { - throw e; - - } catch (Exception e) { - if (Logger.isDebugEnabled()) - Logger.warn("STORK QAA Level evaluation error", e); - - else - Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" - + e.getMessage() + ")"); - - throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); - - } - //================== Check QAA level end ==================== - - - Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - - // fetch attribute list from response - IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); - if(authnResponse.getAssertions().size() > 1) { - for(IPersonalAttributeList currentList : authnResponse.getPersonalAttributeLists()) { - for(PersonalAttribute currentAttribute : currentList.values()) { - if(!attributeList.containsKey(currentAttribute.getName())) - attributeList.add((PersonalAttribute) currentAttribute.clone()); - else { - if(!attributeList.get(currentAttribute.getName()).getValue().equals(currentAttribute.getValue())) - throw new TaskExecutionException("data integrity failure", new Exception("data integrity failure: found non-matching values in multiple attributes of type " + currentAttribute.getName())); - } - } - } - } - - // //////////// incorporate gender from parameters if not in stork response - - // but first, check if we have a representation case - if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList) - || STORKResponseProcessor.hasAttribute("representative", attributeList) - || STORKResponseProcessor.hasAttribute("represented", attributeList)) { - // in a representation case... - moaSession.setUseMandate("true"); - - // and check if we have the gender value - PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if - // there is no representation case? - if (null == gender) { - String gendervalue = (String) request.getParameter("gender"); - if (null != gendervalue) { - gender = new PersonalAttribute(); - gender.setName("gender"); - ArrayList tmp = new ArrayList(); - tmp.add(gendervalue); - gender.setValue(tmp); - - attributeList.add(gender); - } - } - } - - // //////////////////////////////////////////////////////////////////////// - - MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED); - - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - String citizenSignature = null; - if(config.isStorkFakeIdLActive() && config.getStorkNoSignatureCountries().contains(storkAuthnRequest.getCitizenCountryCode()) && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { - Logger.debug("signedDoc extraction skipped due to configuration"); - } else { - Logger.debug("Starting extraction of signedDoc attribute"); - // extract signed doc element and citizen signature - try { - - if (attributeList.get("signedDoc") == null - || attributeList.get("signedDoc").getValue() == null - || attributeList.get("signedDoc").getValue().get(0) == null) { - Logger.info("STORK Response include NO signedDoc attribute!"); - throw new STORKException("STORK Response include NO signedDoc attribute."); - - } - - String signatureInfo = attributeList.get("signedDoc").getValue().get(0); - - - Logger.debug("signatureInfo:" + signatureInfo); - - SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource( - new java.io.StringReader(signatureInfo))); - - // fetch signed doc - DataSource ds = null; - try{ - ds = LightweightSourceResolver.getDataSource(dssSignResponse); - }catch(Exception e) - { - e.printStackTrace(); - } - if(ds == null){ - //Normal DocumentServices return a http-page, but the SI DocumentService returns HTTP error 500 - //which results in an exception and ds==null - - //try to load document from documentservice - citizenSignature = loadDocumentFromDocumentService(dssSignResponse); - //throw new ApiUtilsException("No datasource found in response"); - } - else - { - InputStream incoming = ds.getInputStream(); - citizenSignature = IOUtils.toString(incoming); - incoming.close(); - - Logger.debug("citizenSignature:"+citizenSignature); - if(isDocumentServiceUsed(citizenSignature)==true) - { - citizenSignature = loadDocumentFromDocumentService(dssSignResponse); - // Logger.debug("Loading document from DocumentService."); - // String url = getDtlUrlFromResponse(dssSignResponse); - // //get Transferrequest - // String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url); - // //Load document from DocumentService - // byte[] data = getDocumentFromDtl(transferRequest, url); - // citizenSignature = new String(data, "UTF-8"); - // Logger.debug("Overridung citizenSignature with:"+citizenSignature); - } - } - - JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); - SignatureType root = ((JAXBElement) ctx.createUnmarshaller().unmarshal( - IOUtils.toInputStream(citizenSignature))).getValue(); - - // memorize signature into authblock - moaSession.setAuthBlock(citizenSignature); - - // extract certificate - for (Object current : root.getKeyInfo().getContent()) - if (((JAXBElement) current).getValue() instanceof X509DataType) { - for (Object currentX509Data : ((JAXBElement) current).getValue() - .getX509IssuerSerialOrX509SKIOrX509SubjectName()) { - JAXBElement casted = ((JAXBElement) currentX509Data); - if (casted.getName().getLocalPart().equals("X509Certificate")) { - moaSession.setSignerCertificate(new X509Certificate(((String) casted.getValue()) - .getBytes("UTF-8"))); - break; - } - } - } - - } catch (Throwable e) { - Logger.error("Could not extract citizen signature from C-PEPS", e); - throw new MOAIDException("stork.09", null); - } - } - Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); - Logger.debug("Citizen signature will be verified by SZR Gateway!"); - - Logger.debug("fetching OAParameters from database"); - - // //read configuration paramters of OA - // AuthenticationSession moasession; - // try { - // moasession = AuthenticationSessionStoreage.getSession(moaSessionID); - // } catch (MOADatabaseException e2) { - // Logger.error("could not retrieve moa session"); - // throw new AuthenticationException("auth.01", null); - // } - - // retrieve target - // TODO: check in case of SSO!!! - String targetType = null; - if (oaParam.getBusinessService()) { - String id = oaParam.getIdentityLinkDomainIdentifier(); - if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - targetType = id; - else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier(); - } else { - targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); - } - - Logger.debug("Starting connecting SZR Gateway"); - // contact SZR Gateway - IdentityLink identityLink = null; - executionContext.put("identityLinkAvailable", false); - try { - if(config.isStorkFakeIdLActive() && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { - // create fake IdL - // - fetch IdL template from resources - InputStream s = PepsConnectorTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); - Element idlTemplate = DOMUtils.parseXmlValidating(s); - - identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); - - // replace data - Element idlassertion = identityLink.getSamlAssertion(); - // - set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - if(!STORKResponseProcessor.hasAttribute("eIdentifier", attributeList)) - throw new STORKException("eIdentifier is missing"); - String eIdentifier = STORKResponseProcessor.getAttributeValue("eIdentifier", attributeList, false); - prIdentification.getFirstChild().setNodeValue(eIdentifier); - - // - set last name - Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); - if(!STORKResponseProcessor.hasAttribute("surname", attributeList)) - throw new STORKException("surname is missing"); - String familyName = STORKResponseProcessor.getAttributeValue("surname", attributeList, false); - prFamilyName.getFirstChild().setNodeValue(familyName); - - // - set first name - Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); - if(!STORKResponseProcessor.hasAttribute("givenName", attributeList)) - throw new STORKException("givenName is missing"); - String givenName = STORKResponseProcessor.getAttributeValue("givenName", attributeList, false); - prGivenName.getFirstChild().setNodeValue(givenName); - - // - set date of birth - Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); - if(!STORKResponseProcessor.hasAttribute("dateOfBirth", attributeList)) - throw new STORKException("dateOfBirth is missing"); - String dateOfBirth = STORKResponseProcessor.getAttributeValue("dateOfBirth", attributeList, false); - dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth)); - prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth); - - identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); - - //resign IDL - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey()); - identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); - - } else { - //contact SZR Gateway - Logger.debug("Starting connecting SZR Gateway"); - - identityLink = STORKResponseProcessor.connectToSZRGateway( - attributeList, - oaParam.getFriendlyName(), - targetType, - null, - oaParam.getMandateProfiles(), - citizenSignature); - - } - - } catch (STORKException e) { - // this is really nasty but we work against the system here. We are supposed to get the gender attribute - // from - // stork. If we do not, we cannot register the person in the ERnP - we have to have the - // gender for the represented person. So here comes the dirty hack. - if (e.getCause() instanceof STORKException - && e.getCause().getMessage().equals("gender not found in response")) { - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); - VelocityContext context = new VelocityContext(); - context.put("SAMLResponse", request.getParameter("SAMLResponse")); - context.put("action", request.getRequestURL()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - response.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e1) { - Logger.error("Error sending gender retrival form.", e1); - // httpSession.invalidate(); - throw new MOAIDException("stork.10", null); - } - - return; - } - - Logger.error("Error connecting SZR Gateway", e); - throw new MOAIDException("stork.10", null); - } - Logger.debug("SZR communication was successfull"); - - if (identityLink == null) { - Logger.error("SZR Gateway did not return an identity link."); - throw new MOAIDException("stork.10", null); - } - - MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); - moaSession.setForeigner(true); - - Logger.info("Received Identity Link from SZR Gateway"); - executionContext.put("identityLinkAvailable", true); - moaSession.setIdentityLink(identityLink); - - Logger.debug("Adding addtional STORK attributes to MOA session"); - moaSession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, - attributeList); - - Logger.debug("Add full STORK AuthnResponse to MOA session"); - moaSession.setGenericDataToSession( - AuthenticationSessionStorageConstants.STORK_RESPONSE, - request.getParameter("SAMLResponse")); - - - // We don't have BKUURL, setting from null to "Not applicable" - moaSession.setBkuURL("Not applicable (STORK Authentication)"); - - // free for single use - moaSession.setAuthenticatedUsed(false); - - // stork did the authentication step - moaSession.setAuthenticated(true); - - // do PEPS-conform logging for easier evaluation - try { - // 2015-03-12 16:44:27.144#S-PEPS generates response to SP#orig_msg_id id1 (in response to)#status#msghash#msg_id id4# - Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates response to SP#" + - "#" + moaSession.getProcessInstanceId() + "#" + authnResponse.getMessage() + "#_hash_#" + moaSession.getProcessInstanceId() + "#"); - } catch (Exception e1) { - Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); - } - - // TODO: found better solution, but QAA Level in STORK response is not be supported yet -// try { -// -// moaSession.setQAALevel(authnResponse.getAssertions().get(0).getAuthnStatements().get(0) -// .getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef()); -// -// } catch (Throwable e) { -// Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); -// moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); -// -// } - - // session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); - - Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); - - // redirect - String redirectURL = null; - redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), - ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), - newMOASessionID); - redirectURL = response.encodeRedirectURL(redirectURL); - - // response.setContentType("text/html"); - // response.setStatus(302); - // response.addHeader("Location", redirectURL); - response.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - - } catch (AuthenticationException e) { - throw new TaskExecutionException(e.getMessage(), e); - - } catch (MOAIDException e) { - throw new TaskExecutionException(e.getMessage(), e); - - } catch (Exception e) { - Logger.error("PEPSConnector has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); - } - - finally { - - } - - } - - private boolean isDocumentServiceUsed(String citizenSignature) // TODo add better check - { - if (citizenSignature - .contains("
Service Name:{http://stork.eu}DocumentService
Port Name:{http://stork.eu}DocumentServicePort
")) { - Logger.trace("isDocumentServiceUsed => true"); - return true; - } - - Logger.trace("isDocumentServiceUsed => false"); - return false; - } - - /** - * Get DTL uril from the oasis sign response - * - * @param signRequest - * The signature response - * @return The URL of DTL service - * @throws SimpleException - */ - private String getDtlUrlFromResponse(SignResponse dssSignResponse) { - List documents = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(), - ApiUtils.OPTIONAL_OUTPUT_DOCUMENTWITHSIGNATURE, DocumentWithSignature.class); - DocumentType sourceDocument = documents.get(0).getDocument(); - - if (sourceDocument.getDocumentURL() != null) - return sourceDocument.getDocumentURL(); - else - return null;// throw new Exception("No document url found"); - } - - // From DTLPEPSUTIL - - /** - * Get document from DTL - * - * @param transferRequest - * The transfer request (attribute query) - * @param eDtlUrl - * The DTL url of external DTL - * @return the document data - * @throws SimpleException - */ - private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception { - URL url = null; - try { - - Logger.trace("getDocumentFromDtl, dtlUrl:'"+getdtlUrl()+"' eDtlUrl:'"+eDtlUrl+"'"); - url = new URL(getdtlUrl()); - QName qname = new QName("http://stork.eu", "DocumentService"); - - Service service = Service.create(url, qname); - DocumentService docservice = service.getPort(DocumentService.class); - - BindingProvider bp = (BindingProvider) docservice; - SOAPBinding binding = (SOAPBinding) bp.getBinding(); - binding.setMTOMEnabled(true); - - if (eDtlUrl.equalsIgnoreCase(getdtlUrl())) - return docservice.getDocument(transferRequest, ""); - else - return docservice.getDocument(transferRequest, eDtlUrl); - } catch (Exception e) { - e.printStackTrace(); - throw new Exception("Error in getDocumentFromDtl", e); - } - } - - /** - * Get a document transfer request (attribute query) - * - * @param docId - * @return - * @throws SimpleException - */ - private String getDocTransferRequest(String docId, String destinationUrl) throws Exception { - String spCountry = docId.substring(0, docId.indexOf("/")); - final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - STORKAttrQueryRequest req = new STORKAttrQueryRequest(); - req.setAssertionConsumerServiceURL(getdtlUrl()); - req.setDestination(destinationUrl); - req.setSpCountry(spCountry); - req.setQaa(3);// TODO - PersonalAttributeList pal = new PersonalAttributeList(); - PersonalAttribute attr = new PersonalAttribute(); - attr.setName("docRequest"); - attr.setIsRequired(true); - attr.setValue(Arrays.asList(docId)); - pal.add(attr); - req.setPersonalAttributeList(pal); - - STORKAttrQueryRequest req1; - try { - req1 = engine.generateSTORKAttrQueryRequest(req); - return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - e.printStackTrace(); - throw new Exception("Error in doc request attribute query generation", e); - } - } - - private String getdtlUrl() { - String dtlUrl; - try { - AuthConfiguration authConfigurationProvider = AuthConfigurationProviderFactory.getInstance(); - dtlUrl = authConfigurationProvider.getDocumentServiceUrl(); - Logger.info ("PEPSConnectorServlet, using dtlUrl:"+dtlUrl); - - } catch (Exception e) { - dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService"; - Logger.error("Loading documentservice url failed, using default value:"+dtlUrl, e); - - } - - -// Properties props = new Properties(); -// try { -// props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties")); -// dtlUrl = props.getProperty("docservice.url"); -// } catch (IOException e) { -// dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService"; -// Logger.error("Loading DTL config failed, using default value:" + dtlUrl); -// e.printStackTrace(); -// } - - return dtlUrl; - - } - - private String loadDocumentFromDocumentService(SignResponse dssSignResponse) throws Exception - { - Logger.debug("Loading document from DocumentService."); - String url = getDtlUrlFromResponse(dssSignResponse); - Logger.debug("Loading document from DocumentService, url:"+url); - //get Transferrequest - String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url); - //Load document from DocumentService - byte[] data = getDocumentFromDtl(transferRequest, url); - String citizenSignature = new String(data, "UTF-8"); - Logger.debug("Overridung citizenSignature with:"+citizenSignature); - return citizenSignature; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java deleted file mode 100644 index 79641d085..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java +++ /dev/null @@ -1,64 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - - -/** - * Exception thrown if error occurs in STORK processing - * @author bzwattendorfer - * - */ -public class STORKException extends Exception{ - - /** - * - */ - private static final long serialVersionUID = 1L; - - public STORKException() { - super(); - - } - - public STORKException(String message, Throwable cause) { - super(message, cause); - - } - - public STORKException(String message) { - super(message); - - } - - public STORKException(Throwable cause) { - super(cause); - - } - - - - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java deleted file mode 100644 index 65a3637a9..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ /dev/null @@ -1,286 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.List; -import java.util.Vector; - -import javax.activation.DataSource; -import javax.xml.transform.Source; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.stream.StreamSource; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang3.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.LightweightSourceResolver; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.api.exceptions.UtilsException; -import eu.stork.oasisdss.profile.SignResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; - -/** - * - * Handles all functionality for the processing of a STORK response - * @author bzwattendorfer - * - */ -public class STORKResponseProcessor { - - /** OASIS DSS Namespace */ - public static final String OASIS_DSS_NS = "urn:oasis:names:tc:dss:1.0:core:schema"; - - /** OASIS DSS Success Message */ - public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success"; - - /** - * Checks for attribute. - * - * @param attributeName the attribute name - * @param attributeList the attribute list - * @return true, if successful - */ - public static boolean hasAttribute(String attributeName, IPersonalAttributeList attributeList) { - try { - getAttributeValue(attributeName, attributeList); - return true; - } catch(STORKException e) { - return false; - } - } - - /** - * helper for reading attributes. Handles logging and error handling. - * - * @param attributeName the attribute name - * @param attributeList the attribute list - * @return the attribute value - * @throws STORKException the sTORK exception - */ - private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException { - return getAttributeValue(attributeName, attributeList, true); - } - public static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList, boolean throwException) throws STORKException { - try { - String result = attributeList.get(attributeName).getValue().get(0); - Logger.trace(attributeName + " : " + result); - return result; - } catch(Exception e) { - Logger.error(attributeName + " not found in response"); - if(throwException) - throw new STORKException(attributeName + " not found in response"); - else - return null; - } - } - - /** - * Handels connection to SZR-GW and returns Identity Link on success. - * - * @param attributeList the attribute list - * @param oaFriendlyName the oa friendly name - * @param targetType the target type - * @param targetValue the target value - * @param filters the filters - * @param citizenSignature2 - * @return Identity Link - * @throws STORKException the sTORK exception - * @throws MOAIDException - */ - public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List filters, String citizenSignature) throws STORKException, MOAIDException { - Logger.trace("Calling SZR Gateway with the following attributes:"); - - CreateIdentityLinkResponse identityLinkResponse = null; - IdentityLink identityLink = null; - try { - Logger.trace("Starting call..."); - - // if there is no signedDoc attribute, we cannot go on - if(citizenSignature==null || citizenSignature.length()==0) - { - String signResponseString = getAttributeValue("signedDoc", attributeList); - - //Extract signature from SIgnResponse - Source response1 = new StreamSource(new java.io.StringReader(signResponseString)); - SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class); - citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); - } - - String fiscalNumber = getAttributeValue("fiscalNumber", attributeList, false); - - // if we have a signedDoc we test for a representation case - // - according to stork samlengine and commons - if(hasAttribute("mandate", attributeList)) { - // we have a representation case - String mandate = getAttributeValue("mandate", attributeList, false); - - if(!hasAttribute("dateOfBirth", attributeList)) { - // if we get here, we have a natural person representing a legal person - String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList, false); - String organizationType = getAttributeValue("translateableType", attributeList, false); - - identityLinkResponse = SZRGWClientUtils.getIdentityLink(citizenSignature, null, null, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); - } else { - // if we get here, we have a natural person representing another natural person - String eIdentifier = getAttributeValue("eIdentifier", attributeList, false); - String givenName = getAttributeValue("givenName", attributeList, false); - String lastName = getAttributeValue("surname", attributeList, false); - String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false); - - // gender attribute is mandatory here because of some legal stuff - String gender = getAttributeValue("gender", attributeList, false); - - if (!StringUtils.isEmpty(dateOfBirth)) - dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - - identityLinkResponse = SZRGWClientUtils.getIdentityLink(eIdentifier, - givenName, lastName, dateOfBirth, gender, citizenSignature, null, - null, mandate, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); - } - } - // - according to stork spec - else if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) { - // we have a representation case - String representative = getAttributeValue("representative", attributeList, false); - String represented = getAttributeValue("represented", attributeList, false); - String mandate = getAttributeValue("mandateContent", attributeList, false); - - if(!hasAttribute("dateOfBirth", attributeList)) { - // if we get here, we have a natural person representing a legal person - String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList, false); - String organizationType = getAttributeValue("translateableType", attributeList, false); - - identityLinkResponse = SZRGWClientUtils.getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); - } else { - // if we get here, we have a natural person representing another natural person - String eIdentifier = getAttributeValue("eIdentifier", attributeList, false); - String givenName = getAttributeValue("givenName", attributeList, false); - String lastName = getAttributeValue("surname", attributeList, false); - String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false); - - // gender attribute is mandatory here because of some legal stuff - String gender = getAttributeValue("gender", attributeList, false); - - if (!StringUtils.isEmpty(dateOfBirth)) - dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - - identityLinkResponse = SZRGWClientUtils.getIdentityLink(eIdentifier, - givenName, lastName, dateOfBirth, gender, citizenSignature, representative, - represented, mandate, targetType, targetValue, oaFriendlyName, filters, fiscalNumber); - } - } else { - // we do not have a representation case - String eIdentifier = getAttributeValue("eIdentifier", attributeList, false); - String givenName = getAttributeValue("givenName", attributeList, false); - String lastName = getAttributeValue("surname", attributeList, false); - String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false); - if (!StringUtils.isEmpty(dateOfBirth)) - dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth); - identityLinkResponse = SZRGWClientUtils.getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, fiscalNumber); - } - - if (null != identityLinkResponse.getErrorResponse()){ - throw new SZRGWClientException("service.08", (String)identityLinkResponse.getErrorResponse().getErrorCode(), - (String)identityLinkResponse.getErrorResponse().getInfo()); - } - else { - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink())); - identityLink = ilParser.parseIdentityLink(); - - Logger.debug("Received Identity Link from SZR Gateway"); - //TODO: is this ok? -// if (StringUtils.isEmpty(identityLink.getDateOfBirth())) { -// identityLink.setDateOfBirth("9999-12-31"); -// } - - } - - } catch (ParseException e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } catch (ApiUtilsException e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } catch (IllegalArgumentException e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } catch (TransformerConfigurationException e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } catch (UtilsException e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } catch (TransformerException e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } catch (TransformerFactoryConfigurationError e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } catch (IOException e) { - Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e); - throw new MOAIDException("auth.25", null, e); - } - - return identityLink; - - } - - private static String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException - { - // fetch signed doc - DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse); - if(ds == null){ - throw new ApiUtilsException("No datasource found in response"); - } - - InputStream incoming = ds.getInputStream(); - String citizenSignature = IOUtils.toString(incoming); - incoming.close(); - - return citizenSignature; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java deleted file mode 100644 index 124e490f2..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.ADOPTEDFAMILYNAME_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.ADOPTEDFAMILYNAME_FRIENDLYNAME, STORKConstants.ADOPTEDFAMILYNAME_NAME, - STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.ADOPTEDFAMILYNAME_FRIENDLYNAME, STORKConstants.ADOPTEDFAMILYNAME_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAgeAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAgeAttributBuilder.java deleted file mode 100644 index dff93139c..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAgeAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKAgeAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.AGE_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.AGE_FRIENDLYNAME, STORKConstants.AGE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.AGE_FRIENDLYNAME, STORKConstants.AGE_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java deleted file mode 100644 index fb9172f6e..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class STORKAttributHelper { - - public static String getAttribut(String attributName, - IAuthData authSession) throws UnavailableAttributeException { - - if (!authSession.isForeigner()) { - throw new UnavailableAttributeException(attributName); - - } else { - IPersonalAttributeList storkAttributes = - authSession.getGenericData( - AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, - IPersonalAttributeList.class); - - if ( storkAttributes == null ) { - throw new UnavailableAttributeException(attributName); - - } - - try { - PersonalAttribute attribut = storkAttributes.get(attributName); - if (attribut != null) { - - return attribut.getValue().get(0); - - } else - throw new UnavailableAttributeException(attributName); - - } catch (Exception e) { - Logger.warn("Attribut " + attributName + " generation error", e); - throw new UnavailableAttributeException(attributName); - } - } - - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java deleted file mode 100644 index 66d8a6bc1..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.CANONICALRESIDENCEADDRESS_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.CANONICALRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.CANONICALRESIDENCEADDRESS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.CANONICALRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.CANONICALRESIDENCEADDRESS_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java deleted file mode 100644 index 706f5dd3a..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.CONTRYCODEOFBIRTH_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.CONTRYCODEOFBIRTH_FRIENDLYNAME, STORKConstants.CONTRYCODEOFBIRTH_NAME, - STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.CONTRYCODEOFBIRTH_FRIENDLYNAME, STORKConstants.CONTRYCODEOFBIRTH_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKFiscalNumberAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKFiscalNumberAttributBuilder.java deleted file mode 100644 index adc1d28da..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKFiscalNumberAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.FISCALNUMBER_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.FISCALNUMBER_FRIENDLYNAME, STORKConstants.FISCALNUMBER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.FISCALNUMBER_FRIENDLYNAME, STORKConstants.FISCALNUMBER_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKGenderAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKGenderAttributBuilder.java deleted file mode 100644 index 2faeaf2d7..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKGenderAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKGenderAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.GENDER_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.GENDER_FRIENDLYNAME, STORKConstants.GENDER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.GENDER_FRIENDLYNAME, STORKConstants.GENDER_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java deleted file mode 100644 index b6d29d42f..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.INHERITEDFAMILYNAME_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.INHERITEDFAMILYNAME_FRIENDLYNAME, STORKConstants.INHERITEDFAMILYNAME_NAME, - STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.INHERITEDFAMILYNAME_FRIENDLYNAME, STORKConstants.INHERITEDFAMILYNAME_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKIsAgeOverAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKIsAgeOverAttributBuilder.java deleted file mode 100644 index 2ac3e2aaa..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKIsAgeOverAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.ISAGEOVER_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.ISAGEOVER_FRIENDLYNAME, STORKConstants.ISAGEOVER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.ISAGEOVER_FRIENDLYNAME, STORKConstants.ISAGEOVER_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKMaritalStatusAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKMaritalStatusAttributBuilder.java deleted file mode 100644 index c4e42029e..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKMaritalStatusAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.MARITALSTATUS_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.MARITALSTATUS_FRIENDLYNAME, STORKConstants.MARITALSTATUS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.MARITALSTATUS_FRIENDLYNAME, STORKConstants.MARITALSTATUS_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKNationalityCodeAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKNationalityCodeAttributBuilder.java deleted file mode 100644 index 47fbdd145..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKNationalityCodeAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.NATIONALITYCODE_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.NATIONALITYCODE_FRIENDLYNAME, STORKConstants.NATIONALITYCODE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.NATIONALITYCODE_FRIENDLYNAME, STORKConstants.NATIONALITYCODE_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKPseudonymAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKPseudonymAttributBuilder.java deleted file mode 100644 index 6b079b8d4..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKPseudonymAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.PSEUDONYM_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.PSEUDONYM_FRIENDLYNAME, STORKConstants.PSEUDONYM_NAME, - STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.PSEUDONYM_FRIENDLYNAME, STORKConstants.PSEUDONYM_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKResidencePermitAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKResidencePermitAttributBuilder.java deleted file mode 100644 index 5728a3979..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKResidencePermitAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.RESIDENCEPERMIT_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.RESIDENCEPERMIT_FRIENDLYNAME, STORKConstants.RESIDENCEPERMIT_NAME, - STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.RESIDENCEPERMIT_FRIENDLYNAME, STORKConstants.RESIDENCEPERMIT_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTextResidenceAddressAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTextResidenceAddressAttributBuilder.java deleted file mode 100644 index 1879eb42a..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTextResidenceAddressAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.TEXTRESIDENCEADDRESS_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.TEXTRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.TEXTRESIDENCEADDRESS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.TEXTRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.TEXTRESIDENCEADDRESS_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTitleAttributBuilder.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTitleAttributBuilder.java deleted file mode 100644 index 107386b5a..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKTitleAttributBuilder.java +++ /dev/null @@ -1,49 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; - -public class STORKTitleAttributBuilder implements IPVPAttributeBuilder { - - public String getName() { - return STORKConstants.TITLE_NAME; - } - - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - - return g.buildStringAttribute(STORKConstants.TITLE_FRIENDLYNAME, STORKConstants.TITLE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authData)); - - } - - public ATT buildEmpty(IAttributeGenerator g) { - return g.buildEmptyAttribute(STORKConstants.TITLE_FRIENDLYNAME, STORKConstants.TITLE_NAME); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java deleted file mode 100644 index 2e72f216a..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ /dev/null @@ -1,367 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * The AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins. - * The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes. - * Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user - * interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes. - * - * TODO how do we treat mandatory and optional attributes? - */ -public class AttributeCollector implements IAction { - - /** - * The Constant ARTIFACT_ID. - */ - private static final String ARTIFACT_ID = "artifactId"; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) - */ - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - - // - fetch the container - String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.11", null); - } - - - if (httpReq.getParameter("SAMLResponse") != null) { - Logger.info("Got SAML response from external attribute provider."); - - MOASTORKResponse STORK2Response = new MOASTORKResponse(httpReq); - - //extract STORK Response from HTTP Request - byte[] decSamlToken; - try { - decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); - } catch (NullPointerException e) { - if (httpReq.getRemoteHost().contains("129.27.142")) { - Logger.warn("Availability check by " + httpReq.getRemoteHost() + " on URI: " + httpReq.getRequestURI()); - } else { - Logger.error("Unable to retrieve STORK Request for host: " + httpReq.getRemoteHost() + " and URI: " + httpReq.getRequestURI(), e); - } - throw new MOAIDException("stork.04", null); - } - - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - - STORKAuthnResponse authnResponse = null; - - - // check if valid authn response is contained - try { - authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, httpReq.getRemoteAddr()); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); - } - - STORK2Response.setSTORKAuthnResponseToken(decSamlToken); - - // check if the attributes are provided for the same person from request - // requires presence of eIdentifier for unambigious correlation - Logger.debug("Checking if the attribute relates to the correct person.."); - try { - String remoteEIdentifier= authnResponse.getPersonalAttributeList().get("eIdentifier").getValue().get(0); - String localEidentifier= container.getResponse().getStorkAuthnResponse().getPersonalAttributeList().get("eIdentifier").getValue().get(0); - if (!remoteEIdentifier.equals(localEidentifier)) { - Logger.error("The attribute is not provided for the same person!"); - throw new MOAIDException("stork.25", null); - } - } catch (NullPointerException ex) { - Logger.warn("Could not check the correlation of attributes from external provider. Ignoring the check."); - //Logger.debug(ex); - //throw new MOAIDException("stork.04", null); // TODO revise message, raise exception when ehvd checked - } - - if (authnResponse.getPersonalAttributeList().size() > 0) { - Logger.info("Response from external attribute provider contains " + authnResponse.getPersonalAttributeList().size() + " attributes."); - container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList())); - } - - } - - // end addition - - - // read configuration parameters of OA - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()}); - - // find the attribute provider plugin that can handle the response - IPersonalAttributeList newAttributes = null; - - Iterator attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()); - while(attibuteProvidersInterator.hasNext()) - try { - newAttributes = attibuteProvidersInterator.next().parse(httpReq); - - // stop as soon as we hit a capable plugin - break; - } catch (UnsupportedAttributeException e1) { - // the current provider cannot find anything familiar within the - // provided httpreq. Try the next one. - } - - if (null == newAttributes) { - // we do not have a provider which is capable of fetching something - // from the received httpreq. - Logger.error("No attribute could be retrieved from the response the attribute provider gave us."); - } - - // - insert the embedded attribute(s) into the container - if (null != newAttributes) - container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes)); - - // see if we need some more attributes - SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam); - - if (sloInfo == null) { - sloInfo = new SLOInformationImpl(req.getAuthURL(), null, null, null, req.requestedModule()); - } - - return sloInfo; - - } - - /** - * Checks if there are missing attributes and tries to fetch them. If there are no more attribute to fetch, - * this very method creates and sends the protocol result to the asking S-PEPS. - * - * @param container the {@link DataContainer} representing the status of the overall query. - * @return the string - * @throws MOAIDException - */ - public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException { - // check if there are attributes we need to fetch - - IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); - IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList(); - List missingAttributes = new ArrayList(); - Logger.debug("aquire list of missing attributes"); - for (PersonalAttribute current : requestAttributeList) - if (!responseAttributeList.containsKey(current.getName())) { - if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) { - // add the ones we need - missingAttributes.add(current); - Logger.debug("add " + current.getName() + " to the list of missing attributes"); - } - } else { - // remove the ones we do not want to share from the response list - if(null != current.getStatus() && current.getStatus().equals(AttributeStatusType.WITHHELD.value())) { - responseAttributeList.remove(current.getName()); - Logger.debug("remove " + current.getName() + " from the list of resulting attributes because the user does not want to disclose the data"); - } - } - - Logger.info("collecting attributes..."); - Logger.debug("found " + missingAttributes.size() + " missing attributes"); - - // Try to get all missing attributes - try { - // for each attribute still missing - for (PersonalAttribute currentAttribute : missingAttributes) { - - /* - * prefill attributes with "notAvailable". If we get them later, we override the value and status. - * This way, there is no error case in which an attribute is left unanswered. - */ - IPersonalAttributeList aquiredAttributes = new PersonalAttributeList(); - currentAttribute.setStatus(AttributeStatusType.NOT_AVAILABLE.value()); - aquiredAttributes.add((PersonalAttribute) currentAttribute.clone()); - container.getResponse().setPersonalAttributeList( - addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes)); - // - check if we can find a suitable AttributeProvider Plugin - - Iterator attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs()); - while(attibuteProvidersInterator.hasNext()) { - AttributeProvider currentProvider = attibuteProvidersInterator.next(); - - // build a section of attribute provider's predefined attributes and missing attributes - // only missing attributes that can be handled by attribute provider will be sent to it - List currentProviderConfiguredAttributes = new ArrayList(); - for (String attributeName : currentProvider.getSupportedAttributeNames()) { - for (PersonalAttribute missingAttribute : missingAttributes) { - if (missingAttribute.getName().equals(attributeName)) { - currentProviderConfiguredAttributes.add(missingAttribute); - break; - } - } - } - - try { - // - hand over control to the suitable plugin - Logger.info(currentProvider.getClass().getSimpleName() + " called to handle attribute '" + currentAttribute.getName() + "'"); - - //aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession); - //aquiredAttributes = currentProvider.acquire(missingAttributes, container.getRequest().getSpCountry(), moasession); - aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest(), authData); - - Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'"); - break; - } catch (UnsupportedAttributeException e) { - // ok, try the next attributeprovider - Logger.info(currentProvider.getClass().getSimpleName() + " could not handle attribute '" + currentAttribute.getName() + "'"); - } catch (MOAIDException e) { - // the current plugin had an error. Try the next one. - Logger.info(currentProvider.getClass().getSimpleName() + " could not handle attribute '" + currentAttribute.getName() + "' due to an error"); - } - } - - // check if we could fetch the attribute - if (null == aquiredAttributes) { - // if not - Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'"); - } else - // else, update any existing attributes - container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes)); - } - Logger.info("collecting attributes done"); - - // ask for consent if necessary - new ConsentEvaluator().generateSTORKResponse(response, container); - - return null; // AssertionId - // TODO - - } catch (ExternalAttributeRequestRequiredException e) { - // the attribute request is ongoing and requires an external service. - try { - // memorize the container again - Logger.debug("prepare putting the container into temporary storage..."); - - // - generate new key - String newArtifactId = new SecureRandomIdentifierGenerator() - .generateIdentifier(); - // - put container in temporary store. - AssertionStorage.getInstance().put(newArtifactId, container); - - Logger.debug("...successful"); - - Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes"); - - // add container-key to redirect embedded within the return URL - e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam); - - } catch (Exception e1) { - // TODO should we return the response as is to the PEPS? - Logger.error("Error putting incomplete Stork response into temporary storage", e1); - e1.printStackTrace(); - throw new MOAIDException("stork.11", null); - } - - //TODO: in case of Single LogOut -> SLO information has to be stored - return null; // TODO what to do here? - } - } - - /** - * Adds or updates all {@link PersonalAttribute} objects given in {@code source} to/in {@code target}. - * - * @param target the target - * @param source the source - * @return - * @throws MOAIDException - */ - private PersonalAttributeList addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { - - PersonalAttributeList updatedList = new PersonalAttributeList(); - for (PersonalAttribute el : target) - updatedList.add(el); - - Logger.debug("Updating " + source.size() + " attributes..."); - for (PersonalAttribute current : source) { - Logger.debug("treating " + current.getName()); - - // check if we need to update the current pa - if (updatedList.containsKey(current.getName())) { - PersonalAttribute existing = target.get(current.getName()); - if(!(existing.isEmptyValue() && existing.isEmptyComplexValue())) - if(!(existing.getValue().equals(current.getValue()) || existing.getComplexValue().equals(current.getComplexValue()))) { - Logger.error("Attribute Value does not match the value from first authentication!"); - throw new MOAIDException("stork.16", new Object[] {existing.getName()}); - } - - updatedList.get(current.getName()).setStatus(current.getStatus()); - updatedList.get(current.getName()).setValue(current.getValue()); - updatedList.get(current.getName()).setComplexValue(current.getComplexValue()); - } else - updatedList.add(current); - - Logger.debug("...successfully treated " + current.getName()); - } - - return updatedList; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() - */ - public String getDefaultActionName() { - return STORKProtocol.ATTRIBUTE_COLLECTOR; - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java deleted file mode 100644 index aadbbd959..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ /dev/null @@ -1,101 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.EHvdAttributeProviderPlugin; -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.MandateAttributeRequestProvider; -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.PVPAuthenticationProvider; -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.SignedDocAttributeRequestProvider; -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.StorkAttributeRequestProvider; -import at.gv.egovernment.moa.logging.Logger; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.PriorityQueue; - -/** - * A factory for creating AttributeProvider objects. - */ -public class AttributeProviderFactory { - - /** - * Gets the available plugins. - * - * @return the available plugins - */ - public static List getAvailablePlugins() { - return MOAIDConstants.ALLOWED_STORKATTRIBUTEPROVIDERS; - } - - /** - * Creates an AttributeProvider object for the given shortname. Returns - * {@code null} if there is no such provider available. - * - * @param shortname the simpleName for the providers class - * @return the attribute provider - */ - public static AttributeProvider create(String shortname, String url, String attributes) { - if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url, attributes); - } else if (shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url, attributes); - } else if (shortname.equals("SignedDocAttributeRequestProvider")) { - return new SignedDocAttributeRequestProvider(url, attributes); - } else if (shortname.equals("MandateAttributeRequestProvider")) { - try { - return new MandateAttributeRequestProvider(url, attributes); - } catch (Exception ex) { - ex.printStackTrace(); - return null; - } - } else if (shortname.equals("PVPAuthenticationProvider")) { - return new PVPAuthenticationProvider(url, attributes); - } else { - return null; - } - } - - /** - * Gets fresh instances of the configured plugins. - * - * @param collection the configured a ps - * @return the configured plugins - */ - public static Iterator getConfiguredPlugins( - Collection collection) { - - PriorityQueue result = new PriorityQueue(); - for (StorkAttributeProviderPlugin current : collection) { - - result.add(create(current.getName(), current.getUrl(), current.getAttributes())); - Logger.debug("Adding configured attribute provider: " + current.getClass().getName() + current.getName() + " at " + current.getUrl()); - } - - return result.iterator(); - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java deleted file mode 100644 index f16f7c9a8..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ /dev/null @@ -1,531 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.apache.velocity.runtime.RuntimeConstants; -import org.w3c.dom.Element; -import org.w3c.dom.NamedNodeMap; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.StringWriter; -import java.net.MalformedURLException; -import java.net.URL; - - -/** - * Second request step - after authentication of the user is done and moasession obtained, - * process request and forward the user further to PEPS and/or other entities - * - * @author bsuzic - */ - -public class AuthenticationRequest implements IAction { - - - private VelocityEngine velocityEngine; - private MOASTORKRequest moaStorkRequest = null; - - - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - - if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) { - - this.moaStorkRequest = (MOASTORKRequest) req; - - Logger.debug("Entering MOASTORKRequest"); - httpResp.reset(); - - //TODO: CHECK: req.getOAURL() should return the unique OA identifier - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); - - MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq); - - // check if it is attribute query - if (moaStorkRequest.isAttrRequest()) { - Logger.debug("Starting AttrQueryRequest"); - - moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse()); - } - // check if we have authentication request - else if (moaStorkRequest.isAuthnRequest()) { - Logger.debug("Starting AuthenticationRequest"); - moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); - - //STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - - // Logger.debug("Starting generation of SAML response"); - // try { - // moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false)); - // } catch (STORKSAMLEngineException ex) { - // Logger.error("Failed to generate STORK SAML Response", ex); - // throw new MOAIDException("stork.05", null); // TODO - // } - - // Get personal attributtes from MOA/IdentityLink - - //build STORK attributes from local authentication information - if (authData != null) { - int reqQaa = -1; - int authQaa = -1; - try { - reqQaa = moaStorkRequest.getStorkAuthnRequest().getQaa(); - authQaa = Integer.valueOf( - authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length())); - - if (reqQaa > authQaa) { - Logger.warn("Requested QAA level does not match to authenticated QAA level"); - throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); - - } - - } catch (MOAIDException e) { - throw e; - - } catch (Exception e) { - if (Logger.isDebugEnabled()) - Logger.warn("STORK QAA Level evaluation error", e); - - else - Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" - + e.getMessage() + ")"); - - throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); - - } - - moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam)); - - } - } - - //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); - - // Prepare extended attributes - Logger.debug("Preparing data container"); - - // create fresh container - DataContainer container = new DataContainer(); - - // - fill in the request we extracted above - container.setRequest(moaStorkRequest); - - // - fill in the partial response created above - container.setResponse(moaStorkResponse); - - container.setRemoteAddress(httpReq.getRemoteAddr()); - - Logger.debug("Data container prepared"); - - if(oaParam.isRequireConsentForStorkAttributes()) - new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam); - else - new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam); - - return null; - } -// // check if we are getting request for citizen of some other country -// else if (req instanceof MOASTORKRequest) { -// return handleMOAStorkRequest("VIDP", (MOASTORKRequest) req, httpReq.getRemoteAddr(), httpResp); -// } - - // Check if we got the response from PEPS - // If so then process it and forward to SP - else if ((req instanceof MOASTORKResponse)) { - return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp); - } else { - Logger.error("Could not recognize request."); - throw new MOAIDException("stork.15", null); - } - } - - /* - Handles STORKAuthnRequeste received for citizens of other countries - */ - private SLOInformationInterface handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { - - STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest(); - STORKAuthnRequest storkAuthnRequest = null; - - String citizenCountryCode = spAuthnRequest.getCitizenCountryCode(); - Logger.info("Got authentication request for citizen of " + citizenCountryCode); - - try { - storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone(); - } catch (CloneNotSupportedException e) { - Logger.error("Could not clone AuthnRequest ", e); - throw new MOAIDException("stork.05", null); // TODO - } - - //TODO: in case of Single LogOut -> SLO information has to be stored - // check if citizen country is configured in the system - if (!(AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { - Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); - throw new MOAIDException("stork.05", null); // TODO - } - - // extracting basic settings and adjusting assertion consumer - String issuer = null; - String assertionConsumerURL = null; - String publicURLPrefix = null; - String destinationURL = null; - - try { - issuer = new URL(moaStorkRequest.getAuthURL()).toString(); - destinationURL = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); - publicURLPrefix = moaStorkRequest.getAuthURL(); - assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; - } catch (MalformedURLException ex) { - Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(), ex); - throw new MOAIDException("stork.05", null); // TODO - } catch (Exception ex) { - Logger.error("Problem with PEPS configuration of MOA instance.", ex); - throw new MOAIDException("stork.05", null); // TODO - } - - - // drop if we do not have publicprefix url configured on the instance - if (publicURLPrefix == null) - throw new AuthenticationException("stork.12", new String[]{"PublicURLPrefix"}); - - // adjusting request - storkAuthnRequest.setEIDCrossBorderShare(spAuthnRequest.isEIDCrossBorderShare()); - storkAuthnRequest.setEIDSectorShare(spAuthnRequest.isEIDSectorShare()); - storkAuthnRequest.setEIDCrossSectorShare(spAuthnRequest.isEIDCrossSectorShare()); - storkAuthnRequest.setCitizenCountryCode(spAuthnRequest.getCitizenCountryCode()); - storkAuthnRequest.setIssuer(issuer); - storkAuthnRequest.setAssertionConsumerServiceURL(assertionConsumerURL); - storkAuthnRequest.setDestination(destinationURL); - - // regenerate request - try { - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML request"); - storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest); - - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - // store original request from SP in order to be able to extract it in later iteration/response - DataContainer spRequestContainer = new DataContainer(); - spRequestContainer.setRequest(moastorkRequest); - - try { - AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), spRequestContainer); - Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request with id " + spAuthnRequest.getSamlId()); - } catch (MOADatabaseException e) { - e.printStackTrace(); - } - - // preparing redirection for the client - performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp); - - SLOInformationImpl sloInfo = new SLOInformationImpl(); - sloInfo.setProtocolType(moastorkRequest.requestedModule()); - return sloInfo; - } - - /* - Handles STORKAuthnResponse received from PEPS (return to SP) - */ - private SLOInformationInterface handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { - - STORKAuthnResponse authnResponse = null; - - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance(instanceName); - - try { - authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), remoteAddr); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); - throw new MOAIDException("stork.15", null); // TODO - } - - Logger.debug("Requesting artifactId " + authnResponse.getInResponseTo() + " from store."); - - DataContainer dataContainer = null; - try { - dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class); - } catch (MOADatabaseException e) { - Logger.error("Unable to retrieve datacontainer with reference authentication request. Database exception."); - throw new MOAIDException("stork.15", null); // TODO - } - - // setting new reference request and return url - authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId()); - authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); - //AudienceRestrictionBuilder audienceRestrictionBuilder = new AudienceRestrictionBuilder(); - //AudienceRestriction audienceRestriction = audienceRestrictionBuilder.buildObject(dataContainer.getRequest().getAssertionConsumerServiceURL(), "localname", "nameprefix"); - - //authnResponse.getAssertions().get(0).getConditions().getAudienceRestrictions().add(audienceRestriction); - - Logger.debug("Starting generation of SAML response"); - try { - authnResponse = engine.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, remoteAddr, false); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); // TODO check - } - - Logger.info("SAML response succesfully generated."); - - // preparing redirection for the client - performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp); - - return null; - } - - /* - Perform redirection of the client based on post binding - */ - private void performRedirection(String actionType, String assertionConsumerURL, byte[] tokenSaml, HttpServletResponse httpResp) throws MOAIDException { - Logger.info("Performing redirection, using action type: " + actionType); - - try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); - VelocityContext context = new VelocityContext(); - - context.put(actionType, PEPSUtil.encodeSAMLToken(tokenSaml)); - Logger.debug("Encoded " + actionType + " original: " + new String(tokenSaml)); - - Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL); - context.put("action", assertionConsumerURL); - - Logger.debug("Starting template merge"); - StringWriter writer = new StringWriter(); - - Logger.debug("Doing template merge"); - template.merge(context, writer); - Logger.debug("Template merge done"); - - Logger.debug("Sending html content: " + writer.getBuffer().toString()); - Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); - - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); - - } catch (IOException e) { - Logger.error("Velocity IO error: " + e.getMessage()); - throw new MOAIDException("stork.15", null); // TODO - } catch (Exception e) { - Logger.error("Velocity general error: " + e.getMessage()); - throw new MOAIDException("stork.15", null); // TODO - } - - } - - public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException { - MOASTORKRequest request = container.getRequest(); - MOASTORKResponse response = container.getResponse(); - - Logger.info("generating stork response..."); - - try { - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML response"); - if (response.isAuthnResponse()) - response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); - else - response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); - - - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - // preparing redirection for the client - try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); - VelocityContext context = new VelocityContext(); - - byte[] blob; - if (request.isAttrRequest()) - blob = response.getStorkAttrQueryResponse().getTokenSaml(); - else - blob = response.getStorkAuthnResponse().getTokenSaml(); - - context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); - Logger.debug("SAMLResponse original: " + new String(blob)); - - Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL()); - context.put("action", request.getAssertionConsumerServiceURL()); - Logger.trace("Starting template merge"); - StringWriter writer = new StringWriter(); - - Logger.trace("Doing template merge"); - template.merge(context, writer); - Logger.trace("Template merge done"); - - Logger.trace("Sending html content: " + writer.getBuffer().toString()); - Logger.trace("Sending html content2 : " + new String(writer.getBuffer())); - - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); - - } catch (Exception e) { - Logger.error("Velocity error: " + e.getMessage()); - } - } - - - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - - //redirect to national PVP IDP infrastructure if special attributes are requested - if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest) - return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req); - -// // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country -// if (req instanceof MOASTORKRequest) { -// MOASTORKRequest moastorkRequest = (MOASTORKRequest) req; -// if (moastorkRequest.getStorkAuthnRequest() != null) { -// String citizenCountryCode = moastorkRequest.getStorkAuthnRequest().getCitizenCountryCode(); -// // check if citizen country is configured in the system -// try { -// if (AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode)) { -// return false; -// } -// } catch (MOAIDException e) { -// Logger.error("Could not initialize AuthConfigurationProvider"); -// } -// } -// // authentication is not required if received authentication response -// } else if (req instanceof MOASTORKResponse) { -// return false; -// } - - return true; - } - - - private void iterate(NamedNodeMap attributesList) { - for (int j = 0; j < attributesList.getLength(); j++) { - Logger.debug("--Attribute: " - + attributesList.item(j).getNodeName() + " = " - + attributesList.item(j).getNodeValue()); - } - } - - - // does nothing - public void mandate(IAuthData authData) { - - if (authData.isUseMandate()) { - try { - MISMandate mandate = authData.getMISMandate(); - String owbpk = mandate.getOWbPK(); - byte[] mand = mandate.getMandate(); - String profprep = mandate.getProfRep(); - //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = authData.getMandate(); - - iterate(mndt.getAttributes()); - Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); - } catch (Exception x) { - Logger.debug("There is no mandate used in transaction"); - } - } - - - } - - public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) { - - IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); - Logger.info("Found " + attrLst.size() + " personal attributes in the request."); - - // Define attribute list to be populated - PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest); - - try { - for (PersonalAttribute personalAttribute : attrLst) { - try { - Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); - moaAttributeProvider.populateAttribute(attributeList, personalAttribute); - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage(), e); - } - } - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage(), e); - } - - Logger.trace("AUTHBLOCK " + authData.getAuthBlock()); - Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier()); - - return attributeList; - } - - public String getDefaultActionName() { - return STORKProtocol.AUTHENTICATIONREQUEST; - } - - - private void initVelocityEngine() throws Exception { - velocityEngine = new VelocityEngine(); - velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - velocityEngine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - - velocityEngine.init(); - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java deleted file mode 100644 index 2b7d4e045..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ /dev/null @@ -1,249 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.io.StringWriter; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Map.Entry; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * The ConsentEvaluator assists with fetching user consent on the list of attributes to be sent to the asking S-PEPS. - */ -public class ConsentEvaluator implements IAction { - - /** - * The Constant ARTIFACT_ID. - */ - private static final String ARTIFACT_ID = "artifactId"; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) - */ - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - - // - fetch the container - String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); - DataContainer container; - try { - container = AssertionStorage.getInstance().get(artifactId, DataContainer.class); - req = container.getRequest(); - } catch (MOADatabaseException e) { - Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e); - throw new MOAIDException("stork.17", null); - } - - // evaluate response - for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) { - if(null == httpReq.getParameter(current.getName())) { - current.setStatus(AttributeStatusType.WITHHELD.value()); - current.setValue(new ArrayList()); - current.setComplexValue(new HashMap()); - } - } - - //TODO: CHECK: req.getOAURL() should return the unique OA identifier - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); - - new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam); - - return null; // AssertionId - } - - /** - * Fills the given HttpResponse with the required web page. - * - * @param container the container - * @param authData - * @param response the response - * @param oaParam the oa param - * @return the string - * @throws MOAIDException the mOAID exception - */ - public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException { - //check if we need to collect consent - if(!oaParam.isRequireConsentForStorkAttributes()) { - (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam); - return ""; - } - - // prepare redirect - String newArtifactId; - try { - - // memorize the container again - Logger.debug("prepare putting the container into temporary storage..."); - - // - generate new key - newArtifactId = new SecureRandomIdentifierGenerator().generateIdentifier(); - - // - put container in temporary store. - AssertionStorage.getInstance().put(newArtifactId, container); - - Logger.debug("...successful"); - - } catch (Exception e1) { - // TODO should we return the response as is to the PEPS? - e1.printStackTrace(); - Logger.error("Error putting incomplete Stork response into temporary storage", e1); - throw new MOAIDException("stork.17", null); - } - - // ask for consent - try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html"); - VelocityContext context = new VelocityContext(); - - context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId); - - // assemble table - String table = ""; - for (PersonalAttribute current : container.getRequest().getPersonalAttributeList()) - table += "" + current.getName() + (current.isRequired() ? "" : " (optional)") + "\n"; - - context.put("tablecontent", table); - for(Entry current : oaParam.getFormCustomizaten().entrySet()) - context.put(current.getKey().replace("#", ""), current.getValue()); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); - - } catch (Exception e) { - Logger.error("Velocity error: " + e.getMessage()); - throw new MOAIDException("stork.17", null); - } - - return "12345"; // AssertionId - } - - /** - * generates binary response from given response class and fill the given HttpResponse with a SAML Post Binding template. - * - * @param httpResp the http resp - * @param container the container - * @throws MOAIDException the mOAID exception - */ - public void generateSTORKResponse(HttpServletResponse httpResp, DataContainer container) throws MOAIDException { - MOASTORKRequest request = container.getRequest(); - MOASTORKResponse response = container.getResponse(); - - Logger.info("generating stork response..."); - - try { - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - Logger.debug("Starting generation of SAML response"); - if(response.isAuthnResponse()) - response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false)); - else - response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false)); - - - //generateSAML Token - Logger.info("SAML response succesfully generated!"); - } catch (STORKSAMLEngineException e) { - Logger.error("Failed to generate STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - // preparing redirection for the client - try { - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); - VelocityContext context = new VelocityContext(); - - byte[] blob; - if(request.isAttrRequest()) - blob = response.getStorkAttrQueryResponse().getTokenSaml(); - else - blob = response.getStorkAuthnResponse().getTokenSaml(); - - context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob)); - Logger.debug("SAMLResponse original: " + new String(blob)); - - Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL()); - context.put("action", request.getAssertionConsumerServiceURL()); - Logger.trace("Starting template merge"); - StringWriter writer = new StringWriter(); - - Logger.trace("Doing template merge"); - template.merge(context, writer); - Logger.trace("Template merge done"); - - Logger.trace("Sending html content: " + writer.getBuffer().toString()); - Logger.trace("Sending html content2 : " + new String(writer.getBuffer())); - - httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); - - } catch (Exception e) { - Logger.error("Velocity error: " + e.getMessage()); - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - // this action does not need any authentication. The authentication is already done by the preceding AuthenticationRequest-Action. - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() - */ - public String getDefaultActionName() { - return STORKProtocol.CONSENT_EVALUATOR; - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java deleted file mode 100644 index acbf1678a..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/CorporateBodyMandateContainer.java +++ /dev/null @@ -1,115 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.logging.Logger; -import org.xml.sax.InputSource; - -import javax.xml.xpath.XPathExpressionException; -import java.io.StringReader; -/** - * Physical person representing corporate body - * - * @author bsuzic - * Date: 4/29/14, Time: 3:40 PM - */ -public class CorporateBodyMandateContainer extends MandateContainer { - - protected String corpMandatorIdentificationValue = null; - protected String corpMandatorIdentificationType = null; - protected String corpMandatorFullName = null; - - - String localMethods[] = new String[]{"getCorpMandatorIdentificationValue", "getCorpMandatorIdentificationType", "getCorpMandatorFullName", - "getMandateIssuePlace", "getMandateIssueDate", "getMandateIssueTime", "getSimpleMandateContent", "getMandateValidFrom", - "getMandateValidTo", "getPhysicalRepresentativeIdentificationValue", "getPhysicalRepresentativeIdentificationType", "getAnnotation", - "getPhysicalRepresentativeGivenName", "getPhysicalRepresentativeFamilyName", "getPhysicalRepresentativeBirthDate" - }; - - public CorporateBodyMandateContainer(String mandate) throws XPathExpressionException, MOAIDException { - super(mandate); - Logger.debug("Initializing corporate body mandate container."); - - setAnnotation(xPath.evaluate(S2Constants.MANDATE_ANNOTATION_QUERY, new InputSource(new StringReader(mandate)))); - setCorpMandatorFullName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_FULLNAME_QUERY, new InputSource(new StringReader(mandate)))); - setCorpMandatorIdentificationType(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); - setCorpMandatorIdentificationValue(xPath.evaluate(S2Constants.MANDATE_MANDATOR_CORPBODY_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); - setMandateIssueDate(xPath.evaluate(S2Constants.MANDATE_ISSUEDDATE_QUERY, new InputSource(new StringReader(mandate)))); - setMandateIssuePlace(xPath.evaluate(S2Constants.MANDATE_ISSUEDPLACE_QUERY, new InputSource(new StringReader(mandate)))); - setMandateIssueTime(xPath.evaluate(S2Constants.MANDATE_ISSUEDTIME_QUERY, new InputSource(new StringReader(mandate)))); - setMandateValidFrom(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY, new InputSource(new StringReader(mandate)))); - setMandateValidTo(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeBirthDate(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeFamilyName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeGivenName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeIdentificationType(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeIdentificationValue(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); - setSimpleMandateContent(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY, new InputSource(new StringReader(mandate)))); - - // check if all necessary fields are present - Logger.debug("Starting mandate structure validation"); - try { - validateMandateStructure(localMethods); // TODO - } catch (Exception e) { - - if (e instanceof MOAIDException) { - Logger.error("Could not validate mandate structure."); - throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO - } else { - Logger.error("Error during mandate structure validation."); - throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO - } - - } - - } - - public String getCorpMandatorIdentificationValue() { - return corpMandatorIdentificationValue; - } - - public void setCorpMandatorIdentificationValue(String corpMandatorIdentificationValue) { - Logger.debug("Setting corpMandatorIdentificationValue to AT/" + corpMandatorIdentificationValue); - this.corpMandatorIdentificationValue = "AT/" + corpMandatorIdentificationValue; - } - - public String getCorpMandatorIdentificationType() { - return corpMandatorIdentificationType; - } - - public void setCorpMandatorIdentificationType(String corpMandatorIdentificationType) { - this.corpMandatorIdentificationType = corpMandatorIdentificationType; - } - - public String getCorpMandatorFullName() { - return corpMandatorFullName; - } - - public void setCorpMandatorFullName(String corpMandatorFullName) { - this.corpMandatorFullName = corpMandatorFullName; - } - - - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java deleted file mode 100644 index e01a7526a..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java +++ /dev/null @@ -1,100 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.io.Serializable; - -/** - * Holds info about an ongoing but yet incomplete stork authnrequest process. - */ -public class DataContainer implements Serializable { - - /** The Constant serialVersionUID. */ - private static final long serialVersionUID = -8765997480582363012L; - - /** The incoming request. */ - private MOASTORKRequest request; - - /** The yet incomplete response. */ - private MOASTORKResponse response; - - /** The target. */ - private String target; - - /** The remote address. */ - private String remoteAddress; - - /** - * Gets the request. - * - * @return the request - */ - public MOASTORKRequest getRequest() { - return request; - } - - /** - * Sets the request. - * - * @param moaStorkRequest the new request - */ - public void setRequest(MOASTORKRequest moaStorkRequest) { - this.request = moaStorkRequest; - } - - /** - * Gets the response. - * - * @return the response - */ - public MOASTORKResponse getResponse() { - return response; - } - - /** - * Sets the response. - * - * @param moaStorkResponse the new response - */ - public void setResponse(MOASTORKResponse moaStorkResponse) { - this.response = moaStorkResponse; - } - - /** - * Gets the remote address. - * - * @return the remote address - */ - public String getRemoteAddress() { - return remoteAddress; - } - - /** - * Sets the remote address. - * - * @param remoteAddress the new remote address - */ - public void setRemoteAddress(String remoteAddress) { - this.remoteAddress = remoteAddress; - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java deleted file mode 100644 index 096f223d7..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ExternalAttributeRequestRequiredException.java +++ /dev/null @@ -1,53 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider; - -public class ExternalAttributeRequestRequiredException extends Exception { - - /** The Constant serialVersionUID. */ - private static final long serialVersionUID = 5207631348933518908L; - - /** The ap. */ - private AttributeProvider ap; - - /** - * Instantiates a new external attribute request required exception. - * - * @param provider the provider - */ - public ExternalAttributeRequestRequiredException(AttributeProvider provider) { - ap = provider; - } - - /** - * Gets the ap that caused the exception. - * - * @return the ap - */ - public AttributeProvider getAp() { - return ap; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java deleted file mode 100644 index f9f38e2d5..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ /dev/null @@ -1,255 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.data.AuthenticationRole; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType; -import org.joda.time.Period; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.*; - -/** - * @author bsuzic - * Date: 2/19/14, Time: 4:42 PM - * - * @author tlenz - * Date: 23.10.14 - */ -public class MOAAttributeProvider { - private final IAuthData authData; - private static final Map storkAttributeSimpleMapping; - private static final Map storkAttributeFunctionMapping; - private final MOASTORKRequest moastorkRequest; - - // mappings for attribute population methods - // based on mapping of moa authndata and executing functions to extract attributes - static { - Map tempSimpleMap = new HashMap(); - tempSimpleMap.put("givenName", "getGivenName"); - tempSimpleMap.put("surname", "getFamilyName"); - tempSimpleMap.put("MSOrganization", "getPvpAttribute_OU"); - storkAttributeSimpleMapping = Collections.unmodifiableMap(tempSimpleMap); - - Map tempFunctionMap = new HashMap(); - tempFunctionMap.put("eIdentifier", "geteIdentifier"); - tempFunctionMap.put("ECApplicationRole","getECApplicationRole"); - tempFunctionMap.put("dateOfBirth", "getFormatedDateOfBirth"); - tempFunctionMap.put("MSOrganization", "getMSOrganization"); - tempFunctionMap.put("age", "getAge"); - tempFunctionMap.put("isAgeOver", "getIsAgeOver"); - tempFunctionMap.put("citizenQAALevel", "getQAALevel"); - storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); - - } - - public MOAAttributeProvider(IAuthData authData, MOASTORKRequest moastorkRequest) { - this.authData = authData; - this.moastorkRequest = moastorkRequest; - - } - - public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) { - String storkAttribute = requestedAttribute.getName(); - - IPersonalAttributeList storkAttributes = - authData.getGenericData( - AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, - IPersonalAttributeList.class); - - // TODO: check if authData gets populated with stork attributtes during previous steps; it seems it is not - if (null != authData && null != storkAttributes && storkAttributes.containsKey(requestedAttribute.getName())) { - Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]"); - try { - PersonalAttribute tmp = storkAttributes.get(requestedAttribute.getName()); - attributeList.add((PersonalAttribute) tmp.clone()); - } catch(Exception e) { - Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute); - Logger.debug(e); - } - } else if (storkAttributeSimpleMapping.containsKey(storkAttribute)) { - Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]"); - try { - Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute)); - populateAttributeWithMethod(method, authData, attributeList, storkAttribute, requestedAttribute); - } catch (NoSuchMethodException e) { - Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); - Logger.debug(e); - } catch (NullPointerException e) { - Logger.error("Error getting MOA extraction method while getting attribute: " + storkAttribute); - Logger.debug(e); - } - - } else if (storkAttributeFunctionMapping.containsKey(storkAttribute)) { - - Logger.debug("Trying to get value for attribute using function mapping [" + storkAttribute + "]"); - try { - Method method = this.getClass().getDeclaredMethod(storkAttributeFunctionMapping.get(storkAttribute), PersonalAttribute.class); - populateAttributeWithMethod(method, this, attributeList, storkAttribute, requestedAttribute); - } catch (NoSuchMethodException e) { - Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute); - } - } else { - Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined."); - } - } - - private String getAge(PersonalAttribute personalAttribute) { - if (authData.getDateOfBirth() != null) { - Integer age = new Period(authData.getDateOfBirth().getTime(), Calendar.getInstance().getTime().getTime()).getYears(); - return age >= 0 ? age.toString() : null; - } - return null; // WP4 D4.2, Table 12:age, description - considerations - } - - private String getIsAgeOver(PersonalAttribute personalAttribute) - { - try { - if ((authData.getDateOfBirth() != null) && (personalAttribute.getValue() != null) && (personalAttribute.getValue().size() > 0)) { - Integer ageOver = Integer.parseInt(personalAttribute.getValue().get(0)); - Integer age = new Period(authData.getDateOfBirth().getTime(), Calendar.getInstance().getTime().getTime()).getYears(); - return age >= ageOver ? ageOver.toString() : ""; - } - } catch (Exception ex) { - Logger.error("Error encountered when determining isAgeOver"); - Logger.debug(ex); - } - return null; - } - - public String getQAALevel(PersonalAttribute personalAttribute) { - if (authData.getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX)) - return authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()); - else - return null; - } - - - private String geteIdentifier(PersonalAttribute personalAttribute) { - Logger.debug("Using base urn for identification value: " + authData.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry()); - try { - return new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), - moastorkRequest.getStorkAuthnRequest().getSpCountry()); - } catch (BuildException be) { - Logger.error("Stork eid could not be constructed; " + be.getMessage()); - return null; // TODO error - } - } - - private List getECApplicationRole(PersonalAttribute personalAttribute) { - List storkRoles = null; - - if (authData.getAuthenticationRoles() != null - && authData.getAuthenticationRoles().size() > 0) { - - storkRoles = new ArrayList(); - PVPtoSTORKMapper mapper = PVPtoSTORKMapper.getInstance(); - for (AuthenticationRole el : authData.getAuthenticationRoles()) { - String storkRole = mapper.map(el); - if (MiscUtil.isNotEmpty(storkRole)) - storkRoles.add(storkRole); - } - } - return storkRoles; - } - - private String getFormatedDateOfBirth(PersonalAttribute personalAttribute) { - if (authData.getDateOfBirth() != null) { - DateFormat fmt = new SimpleDateFormat("yyyyMMdd"); - return fmt.format(authData.getDateOfBirth()); - } - else - return null; - } - - private void populateAttributeWithMethod(Method method, Object object, PersonalAttributeList attributeList, String storkAttribute, PersonalAttribute requestedAttribute) { - try { - Object attributeValue; - if (storkAttributeSimpleMapping.containsValue(method.getName())) { - attributeValue = method.invoke(object, new Class[]{}); - } else { - attributeValue = method.invoke(object, requestedAttribute); - } - - PersonalAttribute newAttribute = new PersonalAttribute(); - newAttribute.setName(storkAttribute); - newAttribute.setIsRequired(requestedAttribute.isRequired()); - - if (attributeValue != null) { - newAttribute.setStatus(AttributeStatusType.AVAILABLE.value()); - Logger.info("Got attribute value: " + attributeValue); - - if (attributeValue instanceof String) - newAttribute.setValue(new ArrayList(Collections.singletonList((String)attributeValue))); - - else if (attributeValue instanceof List) { - List attributeValueList = (List) attributeValue; - if (attributeValueList.size() > 0 && attributeValueList.get(0) instanceof String) { - newAttribute.setValue((List) attributeValueList); - - } else { - Logger.info("Attribute " + storkAttribute + " is not available."); - newAttribute.setStatus(AttributeStatusType.NOT_AVAILABLE.value()); - - } - - } else { - Logger.error("Receive an unsupported type for attribute " + storkAttribute); - - } - attributeList.add(newAttribute); - - } else { - Logger.info("Attribute " + storkAttribute + " is not available."); - newAttribute.setStatus(AttributeStatusType.NOT_AVAILABLE.value()); - } - - } catch (InvocationTargetException e) { - Logger.error("Invocation target exception while getting attribute: " + storkAttribute); - Logger.debug(e); - } catch (IllegalAccessException e) { - Logger.error("Illegal access exception while getting attribute: " + storkAttribute); - Logger.debug(e); - } catch (NullPointerException e) { - Logger.error("Could not find method: " + storkAttribute); - Logger.debug(e); - } - } - - -} - diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java deleted file mode 100644 index 4e666c21c..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ /dev/null @@ -1,265 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import org.opensaml.saml2.core.Attribute; - -import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; - -/** - * Implements MOA request and stores StorkAuthn/Attr-Request related data. - * - * @author bsuzic - */ -public class MOASTORKRequest extends RequestImpl { - - /** - * @param req - * @throws ConfigurationException - */ - public MOASTORKRequest(HttpServletRequest req) - throws ConfigurationException { - super(req); - } - - public static final List DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( - new String[] { - PVPConstants.BPK_NAME, - PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, - PVPConstants.GIVEN_NAME_NAME, - PVPConstants.PRINCIPAL_NAME_NAME, - PVPConstants.BIRTHDATE_NAME, - PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, - }); - - /** The Constant serialVersionUID. */ - private static final long serialVersionUID = 4581953368724501376L; - - /** The request id. */ - private String requestID; - - /** The stork authn request. */ - private STORKAuthnRequest storkAuthnRequest; - - /** The stork attr query request. */ - private STORKAttrQueryRequest storkAttrQueryRequest; - - - /** - * Sets the sTORK authn request. - * - * @param request the new sTORK authn request - */ - public void setSTORKAuthnRequest(STORKAuthnRequest request) { - this.storkAuthnRequest = request; - } - - /** - * Sets the sTORK attr request. - * - * @param request the new sTORK attr request - */ - public void setSTORKAttrRequest(STORKAttrQueryRequest request) { - this.storkAttrQueryRequest = request; - } - - /** - * Checks if the container holds an AttrQueryRequest - * - * @return true, if is attr request - */ - public boolean isAttrRequest() { - return null != storkAttrQueryRequest; - } - - /** - * Checks if the container holds an AuthnRequest - * - * @return true, if is authn request - */ - public boolean isAuthnRequest() { - return null != storkAuthnRequest; - } - - /** - * Gets the stork authn request. - * - * @return the stork authn request - */ - public STORKAuthnRequest getStorkAuthnRequest() { - return this.storkAuthnRequest; - } - - /** - * Gets the stork attr query request. - * - * @return the stork attr query request - */ - public STORKAttrQueryRequest getStorkAttrQueryRequest() { - return this.storkAttrQueryRequest; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL() - */ - public String getOAURL() { - if (isAuthnRequest()) - return storkAuthnRequest.getAssertionConsumerServiceURL(); - else if (isAttrRequest()) - return storkAttrQueryRequest.getAssertionConsumerServiceURL(); - else { - Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); - return null; - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() - */ - public boolean isPassiv() { - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() - */ - public boolean forceAuth() { - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported() - */ - public boolean isSSOSupported() { - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String) - */ - public void setRequestID(String id) { - this.requestID = id; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID() - */ - public String getRequestID() { - return this.requestID; - } - - /** - * Gets the personal attribute list. - * - * @return the personal attribute list - */ - public IPersonalAttributeList getPersonalAttributeList() { - if(isAttrRequest()) - return this.storkAttrQueryRequest.getPersonalAttributeList(); - else - return this.storkAuthnRequest.getPersonalAttributeList(); - } - - /** - * Gets the sp country. - * - * @return the sp country - */ - public String getSpCountry() { - if(isAttrRequest()) - return this.storkAttrQueryRequest.getSpCountry(); - else - return this.storkAuthnRequest.getSpCountry(); - } - - /** - * Gets the assertion consumer service url. - * - * @return the assertion consumer service url - */ - public String getAssertionConsumerServiceURL() { - if(isAttrRequest()) - return this.storkAttrQueryRequest.getAssertionConsumerServiceURL(); - else - return this.storkAuthnRequest.getAssertionConsumerServiceURL(); - } - - /** - * Gets the citizen country code. - * - * @return the citizen country code - */ - public String getCitizenCountryCode() { - if(isAttrRequest()) - return this.storkAttrQueryRequest.getCitizenCountryCode(); - else - return this.storkAuthnRequest.getCitizenCountryCode(); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public List getRequestedAttributes() { - //TODO: only for testing with MOA-ID as PVP Stammportal - IOAAuthParameters oa; - try { - oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - oa = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oa, this); - - DynamicOAAuthParameters tmp = (DynamicOAAuthParameters) oa; - tmp.setBusinessTarget(Constants.URN_PREFIX_CDID + "+BF"); - - return AttributQueryBuilder.buildSAML2AttributeList(tmp, DEFAULTREQUESTEDATTRFORINTERFEDERATION.iterator()); - - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - return null; - } - - //return new ArrayList(); - - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java deleted file mode 100644 index a233835bf..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ /dev/null @@ -1,308 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryResponse; -import eu.stork.peps.auth.commons.STORKAuthnResponse; - -import java.io.Serializable; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import org.opensaml.saml2.core.Attribute; - -/** - * Implements MOA request and stores StorkAuthn/Attr-Request related data. - * - * @author bsuzic - */ -public class MOASTORKResponse extends RequestImpl { - - /** - * @param req - * @throws ConfigurationException - */ - public MOASTORKResponse(HttpServletRequest req) - throws ConfigurationException { - super(req); - } - - /** - * The Constant serialVersionUID. - */ - private static final long serialVersionUID = -5798803155055518747L; - - /** - * The stork authn request. - */ - private STORKAuthnResponse storkAuthnResponse; - - /** - * The stork attr query request. - */ - private STORKAttrQueryResponse storkAttrQueryResponse; - - /** - * The action. - */ - String action = null; - - /** - * The token - */ - private byte[] storkAuthnResponseToken = null; - - /** - * The request id. - */ - private String requestID; - - - /** - * The module. - */ - String module = null; - - /** - * The target. - */ - private String target = null; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() - */ - public String requestedModule() { - return this.module; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() - */ - public String requestedAction() { - return action; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID() - */ - public String getRequestID() { - return this.requestID; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget() - */ - public String getTarget() { - return this.target; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported() - */ - public boolean isSSOSupported() { - return false; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() - */ - public boolean forceAuth() { - return false; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String) - */ - public void setModule(String module) { - this.module = module; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String) - */ - public void setRequestID(String id) { - this.requestID = id; - } - - /** - * Sets the sTORK authn response. - * - * @param request the new sTORK authn response - */ - public void setSTORKAuthnResponse(STORKAuthnResponse request) { - this.storkAuthnResponse = request; - } - - /** - * Sets the sTORK authn response token - * - * @param request the new sTORK authn response token - */ - public void setSTORKAuthnResponseToken(byte[] token) { - this.storkAuthnResponseToken = token; - } - - /** - * Gets the sTORK authn response token . - * - * @param request the new sTORK authn response - */ - public byte[] getSTORKAuthnResponseToken() { - return this.storkAuthnResponseToken; - } - /** - * Sets the sTORK attr response. - * - * @param request the new sTORK attr response - */ - public void setSTORKAttrResponse(STORKAttrQueryResponse request) { - this.storkAttrQueryResponse = request; - } - - /** - * Checks if the container holds an AttrQuery - * - * @return true, if is attr response - */ - public boolean isAttrResponse() { - return null != storkAttrQueryResponse; - } - - /** - * Checks if the container holds an AuthnRequest - * - * @return true, if is authn response - */ - public boolean isAuthnResponse() { - return null != storkAuthnResponse; - } - - - /** - * Gets the AuthnResponse. - * - * @return the stork authn response - */ - public STORKAuthnResponse getStorkAuthnResponse() { - return this.storkAuthnResponse; - } - - /** - * Gets the AttrQueryResponse. - * - * @return the stork attr query response - */ - public STORKAttrQueryResponse getStorkAttrQueryResponse() { - return this.storkAttrQueryResponse; - } - - /** - * Gets the personal attribute list. - * - * @return the personal attribute list - */ - public IPersonalAttributeList getPersonalAttributeList() { - if (isAttrResponse()) - return this.storkAttrQueryResponse.getPersonalAttributeList(); - else - return this.storkAuthnResponse.getPersonalAttributeList(); - } - - /** - * Sets the personal attribute list. - * - * @param populateAttributes the new personal attribute list - */ - public void setPersonalAttributeList(PersonalAttributeList populateAttributes) { - if (isAttrResponse()) - this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes); - else - this.storkAuthnResponse.setPersonalAttributeList(populateAttributes); - } - - /** - * Sets the country. - * - * @param spCountry the new country - */ - public void setCountry(String spCountry) { - if (isAttrResponse()) - this.storkAttrQueryResponse.setCountry(spCountry); - else - this.storkAuthnResponse.setCountry(spCountry); - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL() - */ - public String getOAURL() { - if (isAuthnResponse()) - return storkAuthnResponse.getAudienceRestriction(); - else if (isAttrResponse()) - return storkAttrQueryResponse.getAudienceRestriction(); - else { - Logger.error("There is no authentication or attribute request contained in MOASTORKRequest."); - return null; - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() - */ - public boolean isPassiv() { - return false; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String) - */ - public void setAction(String action) { - this.action = action; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public List getRequestedAttributes() { - // TODO Auto-generated method stub - return null; - } - - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java deleted file mode 100644 index a3fac0f6e..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateContainer.java +++ /dev/null @@ -1,182 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.logging.Logger; - -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.HashMap; - -/** - * @author bsuzic - * Date: 5/5/14, Time: 2:35 PM - */ -public abstract class MandateContainer { - protected String mandateIssuePlace = null; - protected String mandateIssueDate = null; - protected String mandateIssueTime = null; - protected String simpleMandateContent = null; - protected String mandateValidFrom = null; - protected String mandateValidTo = null; - protected String annotation = null; - protected String physicalRepresentativeIdentificationValue = null; - protected String physicalRepresentativeIdentificationType = null; - protected String physicalRepresentativeGivenName = null; - protected String physicalRepresentativeFamilyName = null; - protected String physicalRepresentativeBirthDate = null; - protected XPath xPath = null; - - - public MandateContainer(String mandate) throws XPathExpressionException, MOAIDException { - Logger.debug("Received mandate content for processing: " + mandate); - - xPath = XPathFactory.newInstance().newXPath(); - HashMap prefMap = new HashMap() {{ - put(S2Constants.MANDATE_PREFIX, S2Constants.MANDATE_NS); - put(S2Constants.PERSONDATA_PREFIX, S2Constants.PERSONDATA_NS); - put(S2Constants.XMLDSIG_PREFIX, S2Constants.XMLDSIG_NS); - }}; - - SimpleNamespaceContext namespace = new SimpleNamespaceContext(prefMap); - xPath.setNamespaceContext(namespace); - } - - - public void validateMandateStructure(String localMethods[]) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, MOAIDException { - for (String localMethod : localMethods) { - Method method = this.getClass().getMethod(localMethod); - Object x = method.invoke(this); - if ((x == null) || x.toString().length() == 0) { - throw new MOAIDException("stork.16", new Object[] {localMethod}); // TODO - } - } - Logger.debug("Mandate structure validated"); - } - - - public String getMandateIssuePlace() { - return mandateIssuePlace; - } - - public void setMandateIssuePlace(String mandateIssuePlace) { - this.mandateIssuePlace = mandateIssuePlace; - } - - public String getMandateIssueDate() { - return mandateIssueDate; - } - - public void setMandateIssueDate(String mandateIssueDate) { - this.mandateIssueDate = mandateIssueDate; - } - - public String getMandateIssueTime() { - return mandateIssueTime; - } - - public void setMandateIssueTime(String mandateIssueTime) { - this.mandateIssueTime = mandateIssueTime; - } - - public String getSimpleMandateContent() { - return simpleMandateContent; - } - - public void setSimpleMandateContent(String simpleMandateContent) { - this.simpleMandateContent = simpleMandateContent; - } - - public String getMandateValidFrom() { - return mandateValidFrom; - } - - public void setMandateValidFrom(String mandateValidFrom) { - this.mandateValidFrom = mandateValidFrom; - } - - public String getMandateValidTo() { - return mandateValidTo; - } - - public void setMandateValidTo(String mandateValidTo) { - this.mandateValidTo = mandateValidTo; - } - - public String getPhysicalRepresentativeIdentificationValue() { - return physicalRepresentativeIdentificationValue; - } - - public void setPhysicalRepresentativeIdentificationValue(String physicalRepresentativeIdentificationValue) { - this.physicalRepresentativeIdentificationValue = physicalRepresentativeIdentificationValue; - } - - public String getPhysicalRepresentativeIdentificationType() { - return physicalRepresentativeIdentificationType; - } - - public void setPhysicalRepresentativeIdentificationType(String physicalRepresentativeIdentificationType) { - this.physicalRepresentativeIdentificationType = physicalRepresentativeIdentificationType; - } - - public String getPhysicalRepresentativeGivenName() { - return physicalRepresentativeGivenName; - } - - public void setPhysicalRepresentativeGivenName(String physicalRepresentativeGivenName) { - this.physicalRepresentativeGivenName = physicalRepresentativeGivenName; - } - - public String getPhysicalRepresentativeFamilyName() { - return physicalRepresentativeFamilyName; - } - - public void setPhysicalRepresentativeFamilyName(String physicalRepresentativeFamilyName) { - this.physicalRepresentativeFamilyName = physicalRepresentativeFamilyName; - } - - public String getPhysicalRepresentativeBirthDate() { - return physicalRepresentativeBirthDate; - } - - public void setPhysicalRepresentativeBirthDate(String physicalRepresentativeBirthDate) { - // making it conform to STORK dateOfBirth specifications, removing dash - this.physicalRepresentativeBirthDate = physicalRepresentativeBirthDate.replaceAll("-",""); - } - - public String getAnnotation() { - return annotation; - } - - public void setAnnotation(String annotation) { - this.annotation = annotation; - } - - - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java deleted file mode 100644 index 2351450e4..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ /dev/null @@ -1,602 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryResponse; -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.*; -import org.apache.commons.codec.binary.StringUtils; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.Marshaller; -import javax.xml.datatype.DatatypeConfigurationException; -import javax.xml.datatype.DatatypeFactory; -import javax.xml.datatype.XMLGregorianCalendar; -import javax.xml.namespace.QName; -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.regex.Pattern; - -/** - * Entry point for mandate retrieval. Processes MIS data and transforms into STORK mandate attribute. - * Additionally provides eIdentifier attribute (if requested) in order to enable identity correlation - */ -public class MandateRetrievalRequest implements IAction { - - private IAuthData authData; - private MOASTORKRequest moaStorkRequest; - private IdentityLink representingIdentityLink; - private Integer QAALevel; - private byte[] originalContent; - - public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - Logger.debug("Entering AttributeRequest for MandateProvider"); - httpResp.reset(); - this.representingIdentityLink = authData.getIdentityLink(); - this.QAALevel = translateQAALevel(authData.getQAALevel()); - - // preparing original content and removing sensitive data from it - try { - this.originalContent = authData.getMISMandate().getMandate(); - } catch (Exception e) { - Logger.error("Could not extract mandate"); - Logger.debug(e); - throw new MOAIDException("stork.26", new Object[]{}); - } - String originalMandate = StringUtils.newStringUtf8(authData.getMISMandate().getMandate()).replaceAll(".*?==urn:publicid:gv.at:baseid","");; - Logger.debug("Removing personal identification value and type from original mandate "); - originalContent = StringUtils.getBytesUtf8(originalMandate); - - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(req.getOAURL()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); - - MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq); - STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); - - this.authData = authData; - - if ((req instanceof MOASTORKRequest)) { - this.moaStorkRequest = (MOASTORKRequest) req; - } else { - Logger.error("Internal error - did not receive MOASTORKRequest as expected"); - throw new MOAIDException("stork.27", new Object[]{}); - } - - - if (!(moaStorkRequest.isAttrRequest() || moaStorkRequest.getStorkAttrQueryRequest() == null)) { - Logger.error("Did not receive attribute request as expected"); - throw new MOAIDException("stork.27", new Object[]{}); - } - - MandateContainer mandateContainer = null; - - try { - mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); - } catch (Exception ex) { - try { - mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); - } catch (Exception ex2) { - Logger.error("Could not extract data and create mandate container."); - throw new MOAIDException("stork.27", new Object[]{}); - } - } - - IPersonalAttributeList sourceAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList(); - - IPersonalAttributeList attributeList = new PersonalAttributeList(); - - // according to new mapping, only mandate attribute is directly relevant - for (PersonalAttribute currentAttribute : sourceAttributeList) { - Logger.debug("Evaluating attributes, current attribute: " + currentAttribute.getName()); - if (currentAttribute.getName().equals("mandateContent")) { // deprecated - MandateContentType mandateContent = getMandateContent(mandateContainer, currentAttribute); - attributeList.add(marshallComplexAttribute(currentAttribute, mandateContent)); - } else if (currentAttribute.getName().equals("representative")) { // deprecated - RepresentationPersonType representative = getRepresentative(mandateContainer, currentAttribute); - attributeList.add(marshallComplexAttribute(currentAttribute, representative)); - } else if (currentAttribute.getName().equals("represented")) { - RepresentationPersonType represented = getRepresented(mandateContainer, currentAttribute); - attributeList.add(marshallComplexAttribute(currentAttribute, represented)); - } else if (currentAttribute.getName().equals("mandate")) { - MandateType mandateType = getMandateType(mandateContainer, currentAttribute); - attributeList.add(marshallComplexAttribute(currentAttribute, mandateType)); - } else if (currentAttribute.getName().equals("legalName")) { - String legalName = getLegalName(mandateContainer, currentAttribute); - if (legalName.length() > 0) { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(legalName), AttributeStatusType.AVAILABLE.value())); - } else { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(legalName), AttributeStatusType.NOT_AVAILABLE.value())); - } - } else if (currentAttribute.getName().equals("eLPIdentifier")) { - String eLPIdentifier = geteLPIdentifier(mandateContainer, currentAttribute); - if (eLPIdentifier.length() > 0) { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(eLPIdentifier), AttributeStatusType.AVAILABLE.value())); - } else { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(eLPIdentifier), AttributeStatusType.NOT_AVAILABLE.value())); - } - } else if (currentAttribute.getName().equals("type")) { - String type = getCompanyType(mandateContainer, currentAttribute); - if (type.length() > 0) { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(type), AttributeStatusType.AVAILABLE.value())); - } else { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(type), AttributeStatusType.NOT_AVAILABLE.value())); - } - } else if (currentAttribute.getName().equals("status")) { - String status = getCompanyStatus(mandateContainer, currentAttribute); - if (status.length() > 0) { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(status), AttributeStatusType.AVAILABLE.value())); - } else { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(status), AttributeStatusType.NOT_AVAILABLE.value())); - } - } else if (currentAttribute.getName().equals("translatableType")) { - String translatableType = getCompanyTranslatableType(mandateContainer, currentAttribute); - if (translatableType.length() > 0) { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(translatableType), AttributeStatusType.AVAILABLE.value())); - } else { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(translatableType), AttributeStatusType.NOT_AVAILABLE.value())); - } - } - - if (currentAttribute.getName().equals("eIdentifier")) { - attributeList.add(new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), Arrays.asList(geteIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), moaStorkRequest.getStorkAttrQueryRequest().getSpCountry())), AttributeStatusType.AVAILABLE.value())); - Logger.info("Adding eIdentifier for mandate holder using SP country: " + moaStorkRequest.getStorkAttrQueryRequest().getSpCountry()); - } - - } - - -// if (attrResponse.getPersonalAttributeList().size() == 0) { -// Logger.error("AttributeList empty - could not retrieve attributes"); -// throw new MOAIDException("stork.16", new Object[]{}); // TODO MESSAGE -// } - - attrResponse.setPersonalAttributeList(attributeList); - moaStorkResponse.setSTORKAttrResponse(attrResponse); - - Logger.debug("Attributes retrieved: " + moaStorkResponse.getStorkAttrQueryResponse().getPersonalAttributeList().size() + " for SP country " + attrResponse.getCountry()); - - // Prepare extended attributes - Logger.debug("Preparing data container"); - - // create fresh container - DataContainer container = new DataContainer(); - - // - fill in the request we extracted above - container.setRequest(moaStorkRequest); - - // - fill in the partial response created above - container.setResponse(moaStorkResponse); - - container.setRemoteAddress(httpReq.getRemoteAddr()); - - Logger.debug("Data container prepared"); - - // ask for consent if necessary - if (oaParam.isRequireConsentForStorkAttributes()) - new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam); - else - new ConsentEvaluator().generateSTORKResponse(httpResp, container); - - return null; - } - - private Integer translateQAALevel(String qaaLevel) throws MOAIDException { - if (qaaLevel.equals(PVPConstants.STORK_QAA_1_1)) - return 1; - if (qaaLevel.equals(PVPConstants.STORK_QAA_1_2)) - return 2; - if (qaaLevel.equals(PVPConstants.STORK_QAA_1_3)) - return 3; - if (qaaLevel.equals(PVPConstants.STORK_QAA_1_4)) - return 4; - Logger.error("Wrong QAA Number format"); - throw new MOAIDException("stork.28", new Object[]{}); - } - - private String geteLPIdentifier(MandateContainer mandateContainer, PersonalAttribute currentAttribute) throws MOAIDException { - RepresentationPersonType represented = getRepresented(mandateContainer, currentAttribute); - if (mandateContainer instanceof CorporateBodyMandateContainer) { - return represented.getELPIdentifier(); - } else if (currentAttribute.isRequired()) { - Logger.error("Cannot provide eLPIdentifier for natural person."); - throw new MOAIDException("stork.29", new Object[]{currentAttribute.getName()}); - } - return ""; - } - - private String geteIdentifier(String identificationType, String identificationValue, String destinationCountry) throws MOAIDException { - BPKBuilder bpkBuilder = new BPKBuilder(); - try { - return bpkBuilder.buildStorkeIdentifier(identificationType, identificationValue, destinationCountry); - } catch (BuildException be) { - Logger.error("Could not build STORK eIdentifier while generating mandate assertion."); - throw new MOAIDException("stork.29", new Object[]{}); - } - } - - private PersonalAttribute marshallComplexAttribute(PersonalAttribute currentAttribute, Object obj) { // TODO refactor - StringWriter stringWriter = new StringWriter(); - try { - if (obj instanceof MandateContentType) { - final Marshaller marshaller = JAXBContext.newInstance(MandateContentType.class).createMarshaller(); - marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); - marshaller.marshal(new JAXBElement(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), MandateContentType.class, null, (MandateContentType) obj), stringWriter); - } else if (obj instanceof MandateType) { - final Marshaller marshaller = JAXBContext.newInstance(MandateType.class).createMarshaller(); - marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); - marshaller.marshal(new JAXBElement(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), MandateType.class, null, (MandateType) obj), stringWriter); - } else if (obj instanceof RepresentationPersonType) { - final Marshaller marshaller = JAXBContext.newInstance(RepresentationPersonType.class).createMarshaller(); - marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); - marshaller.marshal(new JAXBElement(new QName("urn:eu:stork:names:tc:STORK:1.0:assertion", currentAttribute.getName()), RepresentationPersonType.class, null, (RepresentationPersonType) obj), stringWriter); - } - - } catch (Exception ex) { - Logger.error("Could not marshall atrribute: " + currentAttribute.getName() + ", " + ex.getMessage()); - return new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), new ArrayList(), AttributeStatusType.NOT_AVAILABLE.value()); - } - ArrayList value = new ArrayList(); - value.add(stringWriter.toString()); - - PersonalAttribute personalAttribute = new PersonalAttribute(currentAttribute.getName(), currentAttribute.isRequired(), value, AttributeStatusType.AVAILABLE.value()); - return personalAttribute; - } - - - private String mapPowersType(MandateContainer mandateContainer) { - Logger.debug("Analyzing mandate of type: " + mandateContainer.getAnnotation() + "."); - // using if for java 6 compatibility if necessary - if (mandateContainer.getAnnotation().equals("ELGABilateral")) { - return "6"; // Health Powers - } else if (mandateContainer.getAnnotation().equals("ERsB")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Gesetzliche Vollmacht auf Basis Ergäzungsregister für sonstige Betroffene")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Gesetzliche Vollmacht auf Basis Ergänzungsregister für sonstige Betroffene")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().contains("Gesetzliche Vollmacht auf Basis Erg")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("GeneralvollmachtBilateral")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().contains("Gesetzliche Vollmacht auf Basis Firmenbuch")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("ERsBMitPostvollmacht")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("ZVR")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("ZVRMitPostvollmacht")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("EVB")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Einzelvertretungsbefugnis")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Prokura")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Notar")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Organwalter")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Rechtsanwalt")) { - return "0"; // General Powers - } else if (mandateContainer.getAnnotation().equals("Ziviltechniker")) { - return "0"; // General Powers - } - Logger.debug("Returning other type of mandate"); - return "9"; - } - - private MandateType getMandateType(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - MandateType mandateType = new MandateType(); - RepresentationPersonType representative = getRepresentative(mandateContainer, sourceAttribute); - RepresentationPersonType represented = getRepresented(mandateContainer, sourceAttribute); - MandateContentType mandateContent = getMandateContent(mandateContainer, sourceAttribute); - mandateType.setRepresentative(representative); - mandateType.setRepresented(represented); - mandateType.getMandateContent().add(mandateContent); - Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); - return mandateType; - } - - private String getLegalName(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - RepresentationPersonType represented = getRepresented(mandateContainer, sourceAttribute); - if (mandateContainer instanceof CorporateBodyMandateContainer) { - represented.getLegalName(); - //return represented.getName(); - } else if (sourceAttribute.isRequired()) { - Logger.error("Cannot provide legalName for natural person."); - throw new MOAIDException("stork.19", new Object[]{sourceAttribute.getName()}); - } - return ""; - } - - - private String getLegalIdentificationType(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - if (mandateContainer instanceof CorporateBodyMandateContainer) { - return ((CorporateBodyMandateContainer) mandateContainer).getCorpMandatorIdentificationType(); - } else if (sourceAttribute.isRequired()) { - Logger.error("Cannot provide type for natural person."); - throw new MOAIDException("stork.19", new Object[]{sourceAttribute.getName()}); // TODO - } - return ""; - } - - private String getCompanyStatus(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - String legalName = getLegalName(mandateContainer, sourceAttribute); - if (legalName.contains("in Liquidation") || legalName.contains("in Liqu.")) { - return "L"; // liqudation - } - return "R"; - } - - private String getCompanyType(String legalName, String legalIdentificationType, PersonalAttribute sourceAttrivbute) throws MOAIDException { - // compile patterns for different organisation types - // sources: USP, WKO, LexAndTax - - // gmbh patterns - ArrayList gmbhPatterns = new ArrayList(); - gmbhPatterns.add(Pattern.compile(".+ GmbH(( in Liquidation)|( in Liqu.)){0,1}$")); - gmbhPatterns.add(Pattern.compile(".+ GesmbH$")); - gmbhPatterns.add(Pattern.compile(".+ Gesellschaft mit beschränkter Haftung$")); - gmbhPatterns.add(Pattern.compile(".+ Ges\\.m\\.b\\.H\\.$")); - gmbhPatterns.add(Pattern.compile(".+ G\\.m\\.b\\.H\\.$")); - gmbhPatterns.add(Pattern.compile(".+ Handelsges\\.m\\.b\\.H\\.$")); - gmbhPatterns.add(Pattern.compile(".+ Gesellschaft m\\.b\\.H\\.$")); - - // ag patterns - ArrayList agPatterns = new ArrayList(); - agPatterns.add(Pattern.compile(".+ AG$")); - agPatterns.add(Pattern.compile(".+ Aktiengesellschaft$")); - - // og patterns - ArrayList ogPatterns = new ArrayList(); - ogPatterns.add(Pattern.compile(".+ OG$")); - ogPatterns.add(Pattern.compile(".+ OHG$")); - ogPatterns.add(Pattern.compile(".+ offene Gesellschaft$")); - - // kg patterns - ArrayList kgPatterns = new ArrayList(); - kgPatterns.add(Pattern.compile(".+ KG$")); - kgPatterns.add(Pattern.compile(".+ Kommanditgesellschaft$")); - - // eu patterns - ArrayList euPatterns = new ArrayList(); - euPatterns.add(Pattern.compile(".+ eingetragene Unternehmerin$")); - euPatterns.add(Pattern.compile(".+ eingetragener Unternehmer$")); - euPatterns.add(Pattern.compile(".+ e\\.U\\.$")); - - - // company patterns - HashMap> companyPatterns = new HashMap>(); - companyPatterns.put("GmbH", gmbhPatterns); - companyPatterns.put("AG", agPatterns); - companyPatterns.put("OG", ogPatterns); - companyPatterns.put("KG", kgPatterns); - companyPatterns.put("e.U.", euPatterns); - - // iterate over different types of companies and check if the name ending matches - if (S2Constants.IDENTIFICATION_TYPE_COMPANY.equals(legalIdentificationType)) { - for (String companyType : companyPatterns.keySet()) { - for (Pattern pattern : companyPatterns.get(companyType)) { - if (pattern.matcher(legalName).matches()) { - return companyType; - } - } - } - } - - // check if the subject is association - if (S2Constants.IDENTIFICATION_TYPE_ASSOCIATION.equals(legalIdentificationType)) { - return "Verein"; - } - - // check if the subject falls under category of others - if (S2Constants.IDENTIFICATION_TYPE_OTHERS.equals(legalIdentificationType)) { - return "ERsB"; - } - - return ""; - } - - private String getCompanyType(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - // retrieve the registered subject name and identification type - String legalName = getLegalName(mandateContainer, sourceAttribute); - String legalIdentificationType = getLegalIdentificationType(mandateContainer, sourceAttribute); - return getCompanyType(legalName, legalIdentificationType, sourceAttribute); - } - - private String getCompanyTranslatableType(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - // retrieve first the company type - String companyType = getCompanyType(mandateContainer, sourceAttribute); - - // translate company type based on the section 5.6 in STORK 2 D4.11 - if (companyType.length() == 0) { - return ""; - } else if (companyType.equals("GmbH")) { - return "G"; - } else if (companyType.equals("AG")) { - return "A"; - } else if (companyType.equals("OG")) { - return "O"; - } else if (companyType.equals("KG")) { - return "K"; - } else { - return ""; - } - } - - - private String getRepresentedStorkeIdentifier(MandateContainer mandateContainer) throws MOAIDException { - - if (!(mandateContainer instanceof PhyPersonMandateContainer)) { - Logger.error("Physical person mandate container missing"); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - PhyPersonMandateContainer phyPersonMandateContainer = (PhyPersonMandateContainer) mandateContainer; - - if (!phyPersonMandateContainer.getPhyPersMandatorIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - Logger.error("Identification type of represented person from MIS is not correct"); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - if (phyPersonMandateContainer.getPhyPersMandatorIdentificationValue().length() != 24) { - Logger.error("Identification value of represented person from MIS is not correct"); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - if ((this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry() == null) || (this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry().length() == 0)) { - Logger.error("Error accessing SP country code"); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - return geteIdentifier(phyPersonMandateContainer.getPhyPersMandatorIdentificationType(), phyPersonMandateContainer.getPhyPersMandatorIdentificationValue(), this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry()); - } - - private String getRepresentingStorkeIdentifier(MandateContainer mandateContainer) throws MOAIDException { - if ((this.representingIdentityLink == null)) { - Logger.error("Error accessing identityLink while fetching mandate attribute"); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - if ((this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry() == null) || (this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry().length() == 0)) { - Logger.error("Error accessing SP country code"); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - if (!this.representingIdentityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - Logger.error("Incorrect identity link (local): identification type is not correct! Got: " + this.representingIdentityLink.getIdentificationType()); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - if (!mandateContainer.getPhysicalRepresentativeIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - Logger.error("Incorrect identity link (MIS): identification type is not correct! Got: " + this.representingIdentityLink.getIdentificationType() + " (representingIdentityLink) and " + mandateContainer.getPhysicalRepresentativeIdentificationType() + " (mandateContainer.phyRepresentative)"); - Logger.debug("mandatecontainervalue: " + mandateContainer.getPhysicalRepresentativeIdentificationValue() + ", representingidentitylinkvalue: " + this.representingIdentityLink.getIdentificationValue()); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - if (!mandateContainer.getPhysicalRepresentativeIdentificationValue().equals(this.representingIdentityLink.getIdentificationValue())) { - Logger.error("Identification values from MIS and local service are not equal!"); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - BPKBuilder bpkBuilder = new BPKBuilder(); - try { - return bpkBuilder.buildStorkeIdentifier(this.representingIdentityLink, this.moaStorkRequest.getStorkAttrQueryRequest().getSpCountry()); - } catch (BuildException be) { - Logger.error("Could not build STORK eIdentifier while generating mandate assertion."); - throw new MOAIDException("stork.20", new Object[]{}); // TODO - } - - } - - private RepresentationPersonType getRepresentative(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - RepresentationPersonType representative = new RepresentationPersonType(); - - representative.setEIdentifier(getRepresentingStorkeIdentifier(mandateContainer)); - representative.setGivenName(mandateContainer.getPhysicalRepresentativeGivenName()); - representative.setSurname(mandateContainer.getPhysicalRepresentativeFamilyName()); - representative.setDateOfBirth(mandateContainer.getPhysicalRepresentativeBirthDate()); - - Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); - return representative; - } - - private RepresentationPersonType getRepresented(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - RepresentationPersonType represented = new RepresentationPersonType(); - - if (mandateContainer instanceof CorporateBodyMandateContainer) { - CorporateBodyMandateContainer corporateBodyMandateContainer = (CorporateBodyMandateContainer) mandateContainer; - represented.setELPIdentifier(corporateBodyMandateContainer.getCorpMandatorIdentificationValue()); - represented.setLegalName(corporateBodyMandateContainer.getCorpMandatorFullName()); - represented.setTextRegisteredAddress(null); - represented.setCanonicalRegisteredAddress(new CanonicalAddressType()); - represented.setLegalForm(getCompanyType(corporateBodyMandateContainer.corpMandatorFullName, corporateBodyMandateContainer.corpMandatorIdentificationType, sourceAttribute)); - } else if (mandateContainer instanceof PhyPersonMandateContainer) { - PhyPersonMandateContainer phyPersonMandateContainer = (PhyPersonMandateContainer) mandateContainer; - represented.setEIdentifier(getRepresentedStorkeIdentifier(mandateContainer)); - represented.setGivenName(phyPersonMandateContainer.getPhyPersMandatorGivenName()); - represented.setSurname(phyPersonMandateContainer.getPhyPersMandatorFamilyName()); - represented.setDateOfBirth(phyPersonMandateContainer.getPhyPersMandatorBirthDate()); - } - - Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); - - return represented; - } - - - private MandateContentType getMandateContent(MandateContainer mandateContainer, PersonalAttribute sourceAttribute) throws MOAIDException { - MandateContentType mandateContent = new MandateContentType(); - try { - XMLGregorianCalendar validFrom = DatatypeFactory.newInstance().newXMLGregorianCalendar(mandateContainer.getMandateValidFrom()); - XMLGregorianCalendar validTo = DatatypeFactory.newInstance().newXMLGregorianCalendar(mandateContainer.getMandateValidTo()); - TimeRestrictionType timeRestriction = new TimeRestrictionType(); - timeRestriction.setValidFrom(validFrom); - timeRestriction.setValidTo(validTo); - mandateContent.setTimeRestriction(timeRestriction); - } catch (DatatypeConfigurationException dte) { - Logger.error("Error converting date from mandate: " + mandateContainer.getMandateValidFrom() + ", " + mandateContainer.getMandateValidTo()); - throw new MOAIDException("stork.20", new Object[]{}); - } - mandateContent.setAQAA(this.QAALevel); - mandateContent.setOriginalMandate(originalContent); - mandateContent.setOriginalMandateType("application/xml"); - TransactionLimitRestrictionType transactionLimit = new TransactionLimitRestrictionType(); - mandateContent.setTransactionLimit(transactionLimit); - mandateContent.setIsJoint(""); - mandateContent.setIsChained(false); - mandateContent.setTypeOfPower(mapPowersType(mandateContainer)); // TODO check - Logger.debug("Complex attribute extracted: " + sourceAttribute.getName()); - return mandateContent; - } - - public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { - return true; - } - - public String getDefaultActionName() { - return STORKProtocol.MANDATERETRIEVALREQUEST; - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java deleted file mode 100644 index c715b65eb..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/PhyPersonMandateContainer.java +++ /dev/null @@ -1,132 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.logging.Logger; -import org.xml.sax.InputSource; - -import javax.xml.xpath.XPathExpressionException; -import java.io.StringReader; - -/** - * Physical person representing physical person - * @author bsuzic - * Date: 4/30/14, Time: 11:29 AM - */ -public class PhyPersonMandateContainer extends MandateContainer { - - private String phyPersMandatorIdentificationValue = null; - private String phyPersMandatorIdentificationType = null; - private String phyPersMandatorGivenName = null; - private String phyPersMandatorFamilyName = null; - private String phyPersMandatorBirthDate = null; - - String localMethods[] = new String[]{"getPhyPersMandatorGivenName", "getPhyPersMandatorFamilyName", "getPhyPersMandatorBirthDate", "getPhyPersMandatorIdentificationValue", - "getPhyPersMandatorIdentificationType", "getMandateIssuePlace", "getMandateIssueDate", "getMandateIssueTime", "getSimpleMandateContent", "getMandateValidFrom", - "getMandateValidTo", "getPhysicalRepresentativeIdentificationValue", "getPhysicalRepresentativeIdentificationType", "getAnnotation", - "getPhysicalRepresentativeGivenName", "getPhysicalRepresentativeFamilyName", "getPhysicalRepresentativeBirthDate" - }; - - - public PhyPersonMandateContainer(String mandate) throws XPathExpressionException, MOAIDException { - super(mandate); - - setAnnotation(xPath.evaluate(S2Constants.MANDATE_ANNOTATION_QUERY, new InputSource(new StringReader(mandate)))); - setPhyPersMandatorIdentificationType(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); - setPhyPersMandatorIdentificationValue(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); - setPhyPersMandatorGivenName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate)))); - setPhyPersMandatorFamilyName(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate)))); - setPhyPersMandatorBirthDate(xPath.evaluate(S2Constants.MANDATE_MANDATOR_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate)))); - setMandateIssueDate(xPath.evaluate(S2Constants.MANDATE_ISSUEDDATE_QUERY, new InputSource(new StringReader(mandate)))); - setMandateIssuePlace(xPath.evaluate(S2Constants.MANDATE_ISSUEDPLACE_QUERY, new InputSource(new StringReader(mandate)))); - setMandateIssueTime(xPath.evaluate(S2Constants.MANDATE_ISSUEDTIME_QUERY, new InputSource(new StringReader(mandate)))); - setMandateValidFrom(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY, new InputSource(new StringReader(mandate)))); - setMandateValidTo(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeBirthDate(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeFamilyName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeGivenName(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeIdentificationType(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY, new InputSource(new StringReader(mandate)))); - setPhysicalRepresentativeIdentificationValue(xPath.evaluate(S2Constants.MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY, new InputSource(new StringReader(mandate)))); - setSimpleMandateContent(xPath.evaluate(S2Constants.MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY, new InputSource(new StringReader(mandate)))); - - // check if all necessary fields are present - Logger.debug("Starting mandate structure validation"); - try { - validateMandateStructure(localMethods); // TODO - } catch (Exception e) { - if (e instanceof MOAIDException) { - Logger.error("Could not validate mandate structure."); - throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO - } else { - Logger.error("Error during mandate structure validation."); - throw new MOAIDException("stork.16", new Object[] {e.getMessage()}); // TODO - } - - } - } - - - - public String getPhyPersMandatorGivenName() { - return phyPersMandatorGivenName; - } - - public void setPhyPersMandatorGivenName(String phyPersMandatorGivenName) { - this.phyPersMandatorGivenName = phyPersMandatorGivenName; - } - - public String getPhyPersMandatorFamilyName() { - return phyPersMandatorFamilyName; - } - - public void setPhyPersMandatorFamilyName(String phyPersMandatorFamilyName) { - this.phyPersMandatorFamilyName = phyPersMandatorFamilyName; - } - - public String getPhyPersMandatorBirthDate() { - return phyPersMandatorBirthDate; - } - - public void setPhyPersMandatorBirthDate(String phyPersMandatorBirthDate) { - // making it conform to STORK dateOfBirth specifications, removing dash - this.phyPersMandatorBirthDate = phyPersMandatorBirthDate.replaceAll("-",""); - } - - public String getPhyPersMandatorIdentificationValue() { - return phyPersMandatorIdentificationValue; - } - - public void setPhyPersMandatorIdentificationValue(String phyPersMandatorIdentificationValue) { - this.phyPersMandatorIdentificationValue = phyPersMandatorIdentificationValue; - } - - public String getPhyPersMandatorIdentificationType() { - return phyPersMandatorIdentificationType; - } - - public void setPhyPersMandatorIdentificationType(String phyPersMandatorIdentificationType) { - this.phyPersMandatorIdentificationType = phyPersMandatorIdentificationType; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java deleted file mode 100644 index a560bdaff..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/S2Constants.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -/** - * @author bsuzic - * Date: 4/29/14, Time: 5:34 PM - */ -public interface S2Constants { - public static final String MANDATE_PREFIX = "mandate"; - public static final String PERSONDATA_PREFIX = "persondata"; - public static final String XMLDSIG_PREFIX = "xmldsig"; - - public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; - public static final String PERSONDATA_NS = "http://reference.e-government.gv.at/namespace/persondata/20020228#"; - public static final String XMLDSIG_NS = "http://www.w3.org/2000/09/xmldsig#"; - - public static final String MANDATE_ANNOTATION_QUERY = "/mandate:Mandate/mandate:Annotation/text()"; - public static final String MANDATE_REPRESENTATIVE_PHYPERS_IDVALUE_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Identification/persondata:Value/text()"; - public static final String MANDATE_REPRESENTATIVE_PHYPERS_IDTYPE_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Identification/persondata:Type/text()"; - public static final String MANDATE_REPRESENTATIVE_PHYPERS_GIVENNAME_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Name/persondata:GivenName/text()"; - public static final String MANDATE_REPRESENTATIVE_PHYPERS_FAMILYNAME_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:Name/persondata:FamilyName/text()"; - public static final String MANDATE_REPRESENTATIVE_PHYPERS_DATEOFBIRTH_QUERY = "/mandate:Mandate/mandate:Representative/persondata:PhysicalPerson/persondata:DateOfBirth/text()"; - public static final String MANDATE_MANDATOR_CORPBODY_IDVALUE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:Identification/persondata:Value/text()"; - public static final String MANDATE_MANDATOR_CORPBODY_IDTYPE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:Identification/persondata:Type/text()"; - public static final String MANDATE_MANDATOR_CORPBODY_FULLNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:CorporateBody/persondata:FullName/text()"; - public static final String MANDATE_ISSUEDPLACE_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Place/text()"; - public static final String MANDATE_ISSUEDDATE_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Date/text()"; - public static final String MANDATE_ISSUEDTIME_QUERY = "/mandate:Mandate/mandate:Issued/mandate:Time/text()"; - public static final String MANDATE_SIMPLEMANDATECONTENT_TXTDESC_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TextualDescription/text()"; - public static final String MANDATE_SIMPLEMANDATECONTENT_VALIDFROM_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TimeConstraint/mandate:ValidFrom/text()"; - public static final String MANDATE_SIMPLEMANDATECONTENT_VALIDTO_QUERY = "/mandate:Mandate/mandate:SimpleMandateContent/mandate:TimeConstraint/mandate:ValidTo/text()"; - - public static final String MANDATE_MANDATOR_PHYPERS_IDVALUE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Identification/persondata:Value/text()"; - public static final String MANDATE_MANDATOR_PHYPERS_IDTYPE_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Identification/persondata:Type/text()"; - public static final String MANDATE_MANDATOR_PHYPERS_GIVENNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Name/persondata:GivenName/text()"; - public static final String MANDATE_MANDATOR_PHYPERS_FAMILYNAME_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:Name/persondata:FamilyName/text()"; - public static final String MANDATE_MANDATOR_PHYPERS_DATEOFBIRTH_QUERY = "/mandate:Mandate/mandate:Mandator/persondata:PhysicalPerson/persondata:DateOfBirth/text()"; - - public static final String IDENTIFICATION_TYPE_COMPANY = "urn:publicid:gv.at:baseid+XFN"; - public static final String IDENTIFICATION_TYPE_ASSOCIATION = "urn:publicid:gv.at:baseid+XZVR"; - public static final String IDENTIFICATION_TYPE_OTHERS = "urn:publicid:gv.at:baseid+XERSB"; - - - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java deleted file mode 100644 index 123d32af4..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKPVPUtilits.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.util.Arrays; -import java.util.List; - -/** - * @author tlenz - * - */ -public class STORKPVPUtilits { - - public static final List attributesRequirePVPAuthentication = - Arrays.asList("ECApplicationRole", "MSOrganization"); - - - - public static boolean performAuthenticationOnNationalIDP(MOASTORKRequest moastorkRequest) { - for (String el : attributesRequirePVPAuthentication) { - if (moastorkRequest.getPersonalAttributeList().containsKey(el)) { - return true; - - } - } - return false; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java deleted file mode 100644 index c4f9658e4..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ /dev/null @@ -1,233 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.HashMap; - -/** - * Stork 2 Protocol Support - * - * @author bsuzic - */ -public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo { - - public static final String NAME = STORKProtocol.class.getName(); - public static final String PATH = "id_stork2"; - - public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; - public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; - public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest"; - public static final String CONSENT_EVALUATOR = "ConsentEvaluator"; - - private static HashMap actions = new HashMap(); - - static { - actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); - actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); - actions.put(CONSENT_EVALUATOR, new ConsentEvaluator()); - actions.put(MANDATERETRIEVALREQUEST, new MandateRetrievalRequest()); - } - - public String getName() { - return NAME; - } - - public String getPath() { - return PATH; - } - - public IAction getAction(String action) { - return actions.get(action); - } - - public STORKProtocol() { - super(); - } - - /* - First request step - send it to BKU selection for user authentication. After the user credentials - and other info are obtained, in the second step the request will be processed and the user redirected - */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action, - String sessionId, String transactionId) throws MOAIDException { - Logger.info("Starting preprocessing for Stork2 protocol"); - Logger.debug("Request method: " + request.getMethod()); - Logger.debug("Request content length: " + request.getContentLength()); - Logger.debug("Initiating action: " + action); - - MOASTORKRequest STORK2Request = new MOASTORKRequest(request); - MOASTORKResponse STORK2Response = new MOASTORKResponse(request); - - - if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) - return STORK2Request; - - - if (request.getParameter("SAMLResponse") != null) { // TODO check attribute collector - //extract STORK Response from HTTP Request - byte[] decSamlToken; - try { - decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); - } catch (NullPointerException e) { - if (request.getRemoteHost().contains("129.27.142")) { - Logger.warn("Availability check by " + request.getRemoteHost() + " on URI: " + request.getRequestURI()); - } else { - Logger.error("Unable to retrieve STORK Request for host: " + request.getRemoteHost() + " and URI: " + request.getRequestURI(), e); - } - throw new MOAIDException("stork.04", null); - } - - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - - STORKAuthnResponse authnResponse = null; - - - // check if valid authn request is contained - try { - authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, request.getRemoteAddr()); - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage()); - } - - STORK2Response.setSTORKAuthnResponseToken(decSamlToken); - - return STORK2Response; - - } else if (request.getParameter("SAMLRequest") != null) { - - //extract STORK Response from HTTP Request - byte[] decSamlToken; - try { - decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest")); - } catch (NullPointerException e) { - if (request.getRemoteHost().contains("129.27.142")) { - Logger.warn("Availability check by " + request.getRemoteHost() + " on URI: " + request.getRequestURI()); - } else { - Logger.error("Unable to retrieve STORK Request for host: " + request.getRemoteHost() + " and URI: " + request.getRequestURI(), e); - } - throw new MOAIDException("stork.04", null); - } - - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - - STORKAuthnRequest authnRequest = null; - STORKAttrQueryRequest attrRequest = null; - - // check if valid authn request is contained - try { - authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); - - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); - - } catch (ClassCastException e) { - // we do not have a authnRequest - // check if a valid attr request is container - try { - attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); - - } catch (STORKSAMLEngineException ex) { - Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); - - } - } - - // if there is no authn or attr request, raise error - if ((authnRequest == null) && (attrRequest == null)) { - Logger.error("There is no authentication or attribute request contained."); - throw new MOAIDException("stork.14", null); - } - // list attributes in the request - try { - for (PersonalAttribute personalAttribute : authnRequest.getPersonalAttributeList()) { - Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired()); - } - } catch (Exception e) { - Logger.error("Exception, attributes: " + e.getMessage()); - } - - STORK2Request.setSTORKAuthnRequest(authnRequest); - STORK2Request.setSTORKAttrRequest(attrRequest); - - //check if OA is instance of VIDP or STORKPVPGateway - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); - if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); - - else { - STORK2Request.setOnlineApplicationConfiguration(oaParam); - if (oaParam.isSTORKPVPGateway()) { - if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) { - Logger.info("Received request for STORK->PVP gateway. " + - "Forward to PVP portal with entiyID " + oaParam.getSTORKPVPForwardEntity() + - " ..." ); - STORK2Request.setRequestedIDP(oaParam.getSTORKPVPForwardEntity()); - - } else { - Logger.error("InterfederatedGateway configuration with ID " + STORK2Request.getOAURL() + - " not configure a forward entityID."); - throw new MOAIDException("", null); - - } - } - - } - - return STORK2Request; - } else { - throw new MOAIDException("stork.14", null); // TODO Specify message - } - } - - public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { - return null; - } - - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { - return false; - } - - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - return false; - } -} - - diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java deleted file mode 100644 index 2c2df3e54..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SimpleNamespaceContext.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.stork2; - -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map.Entry; -import java.util.Set; - -import javax.xml.namespace.NamespaceContext; - -/** - * @author tlenz - * - */ -public class SimpleNamespaceContext implements NamespaceContext { - - HashMap prefMap = null; - /** - * @param prefMap - */ - SimpleNamespaceContext(HashMap prefMap) { - this.prefMap = prefMap; - } - - /* (non-Javadoc) - * @see javax.xml.namespace.NamespaceContext#getNamespaceURI(java.lang.String) - */ - @Override - public String getNamespaceURI(String prefix) { - if (prefMap.containsKey(prefix)) - return prefMap.get(prefix); - else - return null; - } - - /* (non-Javadoc) - * @see javax.xml.namespace.NamespaceContext#getPrefix(java.lang.String) - */ - @Override - public String getPrefix(String namespaceURI) { - if (prefMap.containsValue(namespaceURI)) { - Set> set = prefMap.entrySet(); - for (Entry el : set) { - if (el.getValue().equals(namespaceURI)) - return el.getKey(); - - } - } - - return null; - } - - /* (non-Javadoc) - * @see javax.xml.namespace.NamespaceContext#getPrefixes(java.lang.String) - */ - @Override - public Iterator getPrefixes(String namespaceURI) { - // TODO Auto-generated method stub - return null; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java deleted file mode 100644 index 31b9c9c0a..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/UnsupportedAttributeException.java +++ /dev/null @@ -1,29 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2; - -public class UnsupportedAttributeException extends Exception { - - private static final long serialVersionUID = -7720066381435378111L; - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java deleted file mode 100644 index aaf13a779..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/AttributeProvider.java +++ /dev/null @@ -1,139 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; -import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; -import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; - -/** - * An {@link AttributeProvider} can fetch a set of stork attributes. It might complete the query within one method call, - * but might also need to redirect to another webservice to accomplish its task. - */ -public abstract class AttributeProvider implements Comparable{ - - protected String attributes; - - public AttributeProvider(String attributes){ - this.attributes = attributes; - } - - /** - * Acquire the specified attribute. Returns {@code null} when attribute retrieval is in progress, but requires for - * for redirecting the user to an external service. Use {@link AttributeProvider#parse(HttpServletRequest)} to parse - * the response. - * - * @param currentProviderConfiguredAttributes the list of attributes to be acquired - * @param moastorkRequest the sp county code - * @param authData the moasession - * @return the personal attribute - * @throws UnsupportedAttributeException the unsupported attribute exception - * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done - * @throws MOAIDException the mOAID exception - */ - protected abstract IPersonalAttributeList acquire(PersonalAttribute currentProviderConfiguredAttributes, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; - - public IPersonalAttributeList acquire(List attributes, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - if (attributes.size() == 1) { - return acquire(attributes.get(0), moastorkRequest, authData); - } else { - throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider - - } - } - - /** - * Perform redirect. - * - * @param url the return URL ending with ?artifactId=... - * @param req the request we got from the S-PEPS and for which we have to ask our APs - * @param resp the response to the preceding request - * @param oaParam the oa param - * @throws MOAIDException the mOAID exception - */ - public abstract void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException; - - /** - * Parses the response we got from the external attribute provider. - * - * @param httpReq the http req - * @return a list of attributes - * @throws UnsupportedAttributeException if the provider cannot find anything familiar in the provided httpReq - * @throws MOAIDException if something went wrong - */ - public abstract IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; - - /** - * Returns the list of supported attributes - * - * @return a list of attributes - * @throws MOAIDException if something went wrong - */ - public List getSupportedAttributeNames() throws MOAIDException { - ArrayList supportedAttributeNames = new ArrayList(); - for (String attributeName : this.attributes.split(",")) { - supportedAttributeNames.add(attributeName); - } - return supportedAttributeNames; - } - - - /** - * Returns the sequence priority of this attribute provider. - * Providers with small numbers are requested first. - * - * @return a sequence priority of this provider - */ - public abstract int getPriority(); - - /** - * Compare the sequence priority of two attribute providers - * @param o attribute provider - * @return 0 if priority is equal - * @return -1 if priority if this is higher then from o - * @return +1 if priority if o is higher then from this - */ - @Override - public int compareTo(AttributeProvider o) { - if (this.getPriority() == o.getPriority()) - return 0; - - if (this.getPriority() < o.getPriority()) - return -1; - - else - return +1; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java deleted file mode 100644 index bd1576020..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/EHvdAttributeProviderPlugin.java +++ /dev/null @@ -1,254 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; - -import java.io.StringWriter; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.Marshaller; -import javax.xml.soap.MessageFactory; -import javax.xml.soap.SOAPBody; -import javax.xml.soap.SOAPConnection; -import javax.xml.soap.SOAPConnectionFactory; -import javax.xml.soap.SOAPElement; -import javax.xml.soap.SOAPEnvelope; -import javax.xml.soap.SOAPMessage; -import javax.xml.soap.SOAPPart; - -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; -import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; -import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType; -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.IsHealthCareProfessionalType; -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.ObjectFactory; - -/** - * Fetches the attribute IsHealthcareProfessional from the BAGDAD SOAP service - */ -public class EHvdAttributeProviderPlugin extends AttributeProvider { - - /** The destination. */ - private Object destination; - - /** - * Instantiates a new e hvd attribute provider plugin. - * - * @param url the service url - * @param supportedAttributes - */ - public EHvdAttributeProviderPlugin(String url, String supportedAttributes) { - super(supportedAttributes); - destination = url; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) - */ - @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) - throws UnsupportedAttributeException, - ExternalAttributeRequestRequiredException, MOAIDException { - - // break when we cannot handle the requested attribute - if(!attributes.contains(attribute.getName())) - throw new UnsupportedAttributeException(); - - try { - Logger.debug("initializing SOAP connections..."); - // create SOAP connection - SOAPConnection soapConnection = SOAPConnectionFactory.newInstance().createConnection(); - - // assemble SOAP request - MessageFactory messageFactory = MessageFactory.newInstance(); - SOAPMessage requestMessage = messageFactory.createMessage(); - SOAPPart requestPart = requestMessage.getSOAPPart(); - - // (soap 1.1 relevant part. could not find a solution to use soap 1.2 in time. - requestMessage.getMimeHeaders().setHeader("SOAPAction", "http://gesundheit.gv.at/BAGDAD/DataAccessService/IsHealthcareProfessional"); - - /* - Construct SOAP Request Message: - - - - string - - - - - see https://stork.ehealth.gv.at/GDAService.asmx?op=IsHealthcareProfessional - */ - - // SOAP Envelope - SOAPEnvelope envelope = requestPart.getEnvelope(); - - // SOAP Body - SOAPBody requestBody = envelope.getBody(); - SOAPElement requestBodyElem = requestBody.addChildElement("IsHealthcareProfessional"); - requestBodyElem.addAttribute(envelope.createName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService"); - - SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); - - //TODO: CHECK: IdentificationValue containts wbPK if MOA-ID is used as VIDP - requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(authData.getIdentificationValue(), "GH")); - - requestMessage.saveChanges(); - - // perform SOAP call - Logger.debug("call..."); - SOAPMessage responseMessage = soapConnection.call(requestMessage, destination); - - // parse SOAP response - - /* - - - - - boolean - string - boolean - string - string - string - - - - - - see https://stork.ehealth.gv.at/GDAService.asmx?op=IsHealthcareProfessional - */ - Logger.debug("call successful. Parse..."); - SOAPBody responseBody = responseMessage.getSOAPBody(); - - // iterate through tree - SOAPElement responseElement = (SOAPElement) responseBody.getChildElements().next(); - SOAPElement resultElement = (SOAPElement) responseElement.getChildElements().next(); - - // collect all info in a map - Iterator it = resultElement.getChildElements(); - Map collection = new HashMap(); - while (it.hasNext()) { - SOAPElement current = (SOAPElement) it.next(); - - collection.put(current.getNodeName(), current.getTextContent()); - } - - // check if there is anything valid in the map - if (collection.isEmpty() || collection.size() != 6) { - Logger.warn("eHVD returned an unexpected count of values. Expected 6 got " + collection.size()); - throw new IndexOutOfBoundsException("response attributes not like specified"); - } - - // - fetch request validity - if (collection.get("RequestOK").equals("false")) { - Logger.warn("eHVD reported an invalid request. The error message is: " + collection.get("Message")); - throw new Exception("eHVD reported an invalid request"); - } - - PersonalAttribute acquiredAttribute = null; - - if (collection.get("IsHealthcareProfessional").equals("false") || !collection.get("Type").equals("Medical doctor")) { - // the citizen is no HCP - acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, new ArrayList(), AttributeStatusType.NOT_AVAILABLE.value()); - } else { - // go on and parse the data - IsHealthCareProfessionalType result = new IsHealthCareProfessionalType(); - - // TODO: we do not have any list of possible values yet. Fix as soon as we get some. -// if (collection.get("Type").equals("Medical doctor")) - result.setTypeOfHCP("physician"); - - result.setNameOfOrganisation(collection.get("NameOfOrganisation")); - //result.setTypeOfOrganisation("Unknown"); // TODO used in previous version, check what to do with this - - result.setAQAA(4); - - final Marshaller m = JAXBContext.newInstance(IsHealthCareProfessionalType.class).createMarshaller(); - m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); - - StringWriter stringWriter = new StringWriter(); - m.marshal(new ObjectFactory().createIsHealthCareProfessional(result), stringWriter); - - ArrayList value = new ArrayList(); - value.add(stringWriter.toString()); - - acquiredAttribute = new PersonalAttribute("isHealthCareProfessional", false, value, AttributeStatusType.AVAILABLE.value()); - } - - // pack and return the result - PersonalAttributeList result = new PersonalAttributeList(); - result.add(acquiredAttribute); - - // add stork id for verification - ArrayList value = new ArrayList(); - value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), moastorkRequest.getSpCountry())); - result.add(new PersonalAttribute("eIdentifier", false, value, AttributeStatusType.AVAILABLE.value())); - - return result; - } catch (Exception e) { - throw new MOAIDException("stork.13", new Object[] { e }); - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) - */ - public void performRedirect(String url, - HttpServletRequest req, HttpServletResponse resp, - OAAuthParameter oaParam) throws MOAIDException { - // there is no redirect required - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) - */ - public IPersonalAttributeList parse(HttpServletRequest httpReq) - throws UnsupportedAttributeException, MOAIDException { - // there is no redirect required, so we throw an exception when someone asks us to parse a response - throw new UnsupportedAttributeException(); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() - */ - @Override - public int getPriority() { - return 99; - } - -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java deleted file mode 100644 index f671f0807..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java +++ /dev/null @@ -1,231 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; - -import java.io.StringWriter; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; -import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; -import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -/** - * Provides mandate attribute from MIS - */ -public class MandateAttributeRequestProvider extends AttributeProvider { - /** - * The destination. - */ - private String destination; - - private String spCountryCode; - - private PersonalAttributeList requestedAttributes; - - public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { - super(supportedAttributes); - destination = aPurl; - - } - - public String getAttrProviderName() { - return "MandateAttributeRequestProvider"; - } - - // TODO check if used - @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); - this.spCountryCode = moastorkRequest.getSpCountry(); - requestedAttributes = new PersonalAttributeList(1); - requestedAttributes.add(attribute); - - // break if we cannot handle the requested attribute - if (!attributes.contains(attribute.getName())) { - Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); - throw new UnsupportedAttributeException(); - } - - // check if there is eIdentifier included and add if necessary -// if (!requestedAttributes.containsKey("eIdentifier")) { -// PersonalAttribute eIdentifier = new PersonalAttribute(); - // eIdentifier.setName("eIdentifier"); -// eIdentifier.setIsRequired(true); -// requestedAttributes.add(eIdentifier); -// } - - Logger.info("Thrown external request by: " + getAttrProviderName()); - throw new ExternalAttributeRequestRequiredException(this); - } - - @Override - public IPersonalAttributeList acquire(List attributes, MOASTORKRequest moastorkRequest, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - Logger.info("Acquiring " + attributes.size() + " attributes, by: " + getAttrProviderName()); - this.spCountryCode = moastorkRequest.getSpCountry(); - requestedAttributes = new PersonalAttributeList(attributes.size()); - - for (PersonalAttribute personalAttribute : attributes) { - // break if we cannot handle the requested attribute - if (!this.attributes.contains(personalAttribute.getName())) { - Logger.info("Attribute " + personalAttribute.getName() + " not supported by the provider: " + getAttrProviderName()); - throw new UnsupportedAttributeException(); - } - requestedAttributes.add(personalAttribute); - } - - // continue with other attribute providers if there are no attributes current provider is able to handle - if (requestedAttributes.size() == 0) { - Logger.info("Attribute(s) " + attributes.toString() + " not supported by the provider: " + getAttrProviderName()); - throw new UnsupportedAttributeException(); - } - - - - Logger.info("Thrown external request by: " + getAttrProviderName()); - throw new ExternalAttributeRequestRequiredException(this); - } - - - - - public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - - String spSector = "Business"; - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - - if ((spCountryCode == null) || (spCountryCode.length()<2)) { - spCountryCode = oaParam.getTarget(); - Logger.info("Setting spcountry target: " + oaParam.getTarget()); - Logger.info("idlink ident " + oaParam.getIdentityLinkDomainIdentifier()); - Logger.info("idlink type " + oaParam.getIdentityLinkDomainIdentifierType()); - Logger.info("Setting spcountry target friendly : " + oaParam.getTargetFriendlyName()); - Logger.info("Oatype : " + oaParam.getOaType()); - Logger.info("puburl : " + oaParam.getPublicURLPrefix()); - if ("STORK".equals(oaParam.getIdentityLinkDomainIdentifierType())) { - - spCountryCode = oaParam.getIdentityLinkDomainIdentifier().substring(oaParam.getIdentityLinkDomainIdentifier().length()-2); - Logger.info("Set to " +spCountryCode); - } - - } - - // TODO ensure that other providers request eidentifier - // check if there is eIdentifier included and add if necessary - if (!requestedAttributes.containsKey("eIdentifier")) { - PersonalAttribute eIdentifier = new PersonalAttribute(); - eIdentifier.setName("eIdentifier"); - eIdentifier.setIsRequired(true); - requestedAttributes.add(eIdentifier); - } - - //generate AttrQueryRequest - STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); - attributeRequest.setDestination(destination); - attributeRequest.setAssertionConsumerServiceURL(url); - attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); - attributeRequest.setQaa(oaParam.getQaaLevel()); - attributeRequest.setSpInstitution(spInstitution); - attributeRequest.setCountry(spCountryCode); - attributeRequest.setSpCountry(spCountryCode); - attributeRequest.setSpApplication(spApplication); - attributeRequest.setSpSector(spSector); - attributeRequest.setPersonalAttributeList(requestedAttributes); - - attributeRequest.setCitizenCountryCode("AT"); - attributeRequest.setQaa(oaParam.getQaaLevel()); - - if (attributeRequest.getQaa() == 0 ) { - attributeRequest.setQaa(4); // workaround - } - - - - Logger.info("STORK AttrRequest successfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); - try { - - attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AttrRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AttrRequest successfully signed!"); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e) { - Logger.error("Error sending STORK SAML AttrRequest.", e); - throw new MOAIDException("stork.11", null); - } - Logger.info("STORK AttrRequest successfully rendered!"); - - } - - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { - return null; // - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() - */ - @Override - public int getPriority() { - return 99; - } -} - diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java deleted file mode 100644 index 7f06c604b..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; - -import java.io.StringWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; -import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; -import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAttrQueryResponse; -import eu.stork.peps.auth.commons.STORKAuthnRequest; -import eu.stork.peps.auth.commons.STORKAuthnResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -/** - * @author tlenz - * - */ -public class PVPAuthenticationProvider extends AttributeProvider { - - private String destination = null; - private MOASTORKRequest moastorkRequest = null; - - /** - * @param attributes - * @param attributes2 - */ - public PVPAuthenticationProvider(String url, String attributes) { - super(attributes); - this.destination = url; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData) - */ - @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, - MOASTORKRequest moastorkRequest, IAuthData authData) - throws UnsupportedAttributeException, - ExternalAttributeRequestRequiredException, MOAIDException { - - this.moastorkRequest = moastorkRequest; - // break if we cannot handle the requested attribute - if (!getSupportedAttributeNames().contains(attribute.getName())) { - Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); - throw new UnsupportedAttributeException(); - - } - - Logger.info("Thrown external request by: " + getAttrProviderName()); - throw new ExternalAttributeRequestRequiredException(this); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#performRedirect(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter) - */ - @Override - public void performRedirect(String url, HttpServletRequest req, - HttpServletResponse resp, OAAuthParameter oaParam) - throws MOAIDException { - - String spSector = "Business"; - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - String spCountryCode = moastorkRequest.getSpCountry(); - - if ((spCountryCode == null) || (spCountryCode.length()<2)) { - spCountryCode = oaParam.getTarget(); - Logger.info("Setting spcountry target: " + oaParam.getTarget()); - Logger.info("idlink ident " + oaParam.getIdentityLinkDomainIdentifier()); - Logger.info("idlink type " + oaParam.getIdentityLinkDomainIdentifierType()); - Logger.info("Setting spcountry target friendly : " + oaParam.getTargetFriendlyName()); - Logger.info("Oatype : " + oaParam.getOaType()); - Logger.info("puburl : " + oaParam.getPublicURLPrefix()); - if ("STORK".equals(oaParam.getIdentityLinkDomainIdentifierType())) { - - spCountryCode = oaParam.getIdentityLinkDomainIdentifier().substring(oaParam.getIdentityLinkDomainIdentifier().length()-2); - Logger.info("Set to " +spCountryCode); - } - - } - - //generate AttrQueryRequest - STORKAuthnRequest authRequest = new STORKAuthnRequest(); - authRequest.setDestination(destination); - authRequest.setAssertionConsumerServiceURL(url); - authRequest.setIssuer(HTTPUtils.getBaseURL(req)); - authRequest.setQaa(oaParam.getQaaLevel()); - authRequest.setSpInstitution(spInstitution); - authRequest.setCountry(spCountryCode); - authRequest.setSpCountry(spCountryCode); - authRequest.setSpApplication(spApplication); - authRequest.setProviderName(spApplication); - authRequest.setSpSector(spSector); - authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList()); - - authRequest.setCitizenCountryCode("AT"); - //authRequest.setQaa(oaParam.getQaaLevel()); - authRequest.setQaa(moastorkRequest.getStorkAuthnRequest().getQaa()); - - - - - Logger.info("STORK AttrRequest successfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); - try { - - authRequest = samlEngine.generateSTORKAuthnRequest(authRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AttrRequest.", e); - throw new MOAIDException("stork.00", null); - } - - Logger.info("STORK AttrRequest successfully signed!"); - - //validate AuthnRequest - try { - samlEngine.validateSTORKAuthnRequest(authRequest.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - Logger.error("STORK SAML AuthnRequest not valid.", e); - throw new MOAIDException("stork.01", null); - } - - Logger.debug("STORK AuthnRequest successfully internally validated."); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authRequest.getTokenSaml())); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } catch (Exception e) { - Logger.error("Error sending STORK SAML AttrRequest.", e); - throw new MOAIDException("stork.11", null); - - } - Logger.info("STORK AttrRequest successfully rendered!"); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) - */ - @Override - public IPersonalAttributeList parse(HttpServletRequest httpReq) - throws UnsupportedAttributeException, MOAIDException { - - throw new UnsupportedAttributeException(); - -// Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request"); -// //extract STORK Response from HTTP Request -// //Decodes SAML Response -// byte[] decSamlToken; -// try { -// decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); -// } catch(NullPointerException e) { -// throw new UnsupportedAttributeException(); -// } -// -// //Get SAMLEngine instance -// STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); -// -// STORKAuthnResponse authnResponse = null; -// try { -// //validate SAML Token -// Logger.debug("Starting validation of SAML response"); -// authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) httpReq.getRemoteHost()); -// Logger.info("SAML response successfully verified!"); -// -// }catch(STORKSAMLEngineException e){ -// Logger.error("Failed to verify STORK SAML Response", e); -// throw new MOAIDException("stork.05", null); -// } -// -// return authnResponse.getPersonalAttributeList(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() - */ - @Override - public int getPriority() { - return 1; - } - - public String getAttrProviderName() { - return this.getClass().getName(); - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java deleted file mode 100644 index def89d0d9..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java +++ /dev/null @@ -1,688 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.StringWriter; -import java.io.UnsupportedEncodingException; -import java.net.URL; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.activation.DataSource; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.namespace.QName; -import javax.xml.transform.Source; -import javax.xml.transform.stream.StreamSource; -import javax.xml.ws.Service; -import javax.xml.ws.soap.SOAPBinding; -import javax.xml.ws.BindingProvider; - -import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.NotImplementedException; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; -import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; -import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import eu.stork.oasisdss.api.ApiUtils; -import eu.stork.oasisdss.api.LightweightSourceResolver; -import eu.stork.oasisdss.api.ResultMajor; -import eu.stork.oasisdss.api.exceptions.ApiUtilsException; -import eu.stork.oasisdss.profile.AnyType; -import eu.stork.oasisdss.profile.Base64Data; -import eu.stork.oasisdss.profile.DocumentType; -import eu.stork.oasisdss.profile.DocumentWithSignature; -import eu.stork.oasisdss.profile.IncludeObject; -import eu.stork.oasisdss.profile.SignRequest; -import eu.stork.oasisdss.profile.SignResponse; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import eu.stork.documentservice.DocumentService; -/** - * Forwards a signedDoc attribute request to the oasis-dss service instance - */ -public class SignedDocAttributeRequestProvider extends AttributeProvider { - - private String dtlUrl = null; - private PersonalAttribute requestedAttribute; - - /** - * The URL of the service listening for the oasis dss webform post request - */ - private String oasisDssWebFormURL; - - /** - * Instantiates a new signed doc attribute request provider. - * - * @param oasisDssWebFormURL - * the AP location - * @param attributes - */ - public SignedDocAttributeRequestProvider(String oasisDssWebFormURL, String attributes) { - super(attributes); - this.oasisDssWebFormURL = oasisDssWebFormURL; - - try { - AuthConfiguration authConfigurationProvider = AuthConfigurationProviderFactory.getInstance(); - dtlUrl = authConfigurationProvider.getDocumentServiceUrl(); - Logger.info ("SignedDocAttributeRequestProvider, using dtlUrl:"+dtlUrl); - } catch (Exception e) { - dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService"; - e.printStackTrace(); - Logger.error("Loading documentservice url failed, using default value:"+dtlUrl); - } - -// Properties props = new Properties(); -// try { -// props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties")); -// dtlUrl = props.getProperty("docservice.url"); -// } catch (IOException e) { -// dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService"; -// Logger.error("Loading DTL config failed, using default value:"+dtlUrl); -// e.printStackTrace(); -// } - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java - * .lang.String) - */ - @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) throws UnsupportedAttributeException, - ExternalAttributeRequestRequiredException { - if(!attributes.contains(attribute.getName())) { - throw new UnsupportedAttributeException(); - } - - requestedAttribute = attribute; - try - { - String tmp = requestedAttribute.getValue().get(0); - }catch(Exception e) - { - Logger.info("SignedDocAttributeProvide failed:"+e.toString()); - throw new UnsupportedAttributeException(); - } - - throw new ExternalAttributeRequestRequiredException(this); - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax - * .servlet.http.HttpServletRequest) - */ - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { - Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request"); - - try { - String base64 = httpReq.getParameter("signresponse"); - Logger.debug("signresponse url: " + httpReq.getRequestURI().toString()); - Logger.debug("signresponse querystring: " + httpReq.getQueryString()); - Logger.debug("signresponse method: " + httpReq.getMethod()); - Logger.debug("signresponse content type: " + httpReq.getContentType()); - Logger.debug("signresponse parameter:"+base64); - String signResponseString = new String(Base64Utils.decode(base64, false), "UTF8"); - Logger.debug("RECEIVED signresponse:"+signResponseString); - //create SignResponse object - Source response = new StreamSource(new java.io.StringReader(signResponseString)); - SignResponse signResponse = ApiUtils.unmarshal(response, SignResponse.class); - //Check if Signing was successfully or not - - if(!signResponse.getResult().getResultMajor().equals(ResultMajor.RESULT_MAJOR_SUCCESS)) - { - //Pass unmodifed or unmarshal & marshal?? - InputStream istr = ApiUtils.marshalToInputStream(signResponse); - StringWriter writer = new StringWriter(); - IOUtils.copy(istr, writer, "UTF-8"); - signResponseString = writer.toString(); - Logger.info("SignResponse with error (unmodified):"+signResponseString); - istr.close(); - } - else - { - //extract doc from signresponse - DataSource dataSource = LightweightSourceResolver.getDataSource(signResponse); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - IOUtils.copy(dataSource.getInputStream(), baos); - byte[] data = baos.toByteArray(); - baos.close(); - - //update doc in DTL - String docId, dssId = ""; - docId = signResponse.getDocUI(); - //For reference dssId equals docId - dssId = docId; - if (dssId != null && data!=null) - { - boolean success = false; - try{ - success = updateDocumentInDtl(data, docId, signResponseString); - }catch(Exception e){//No document service used? - Logger.info("No document service used?"); - e.printStackTrace(); - success = false; - } - if(success) - { - // set the url in the SignResponse - DocumentWithSignature documentWithSignature = new DocumentWithSignature(); - DocumentType value = new DocumentType(); - if(dtlUrl.endsWith("?wsdl")) - { - String tmp = dtlUrl.replace("?wsdl", ""); - Logger.debug("DocumentUrl ends with ? wsdl, using "+tmp+" instead."); - value.setDocumentURL(tmp); - } - else - { - value.setDocumentURL(dtlUrl); - } - documentWithSignature.setDocument(value); - if(signResponse.getOptionalOutputs()!=null) - { - //signResponse.getOptionalOutputs().getAny().add(documentWithSignature); - for(Object o :signResponse.getOptionalOutputs().getAny()) - { - if(o instanceof DocumentWithSignature) - { - signResponse.getOptionalOutputs().getAny().remove(o); - signResponse.getOptionalOutputs().getAny().add(documentWithSignature); - break; - } - } - } - else - { - AnyType anytype = new AnyType(); - anytype.getAny().add(documentWithSignature); - signResponse.setOptionalOutputs(anytype ); - } - - // System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl); - InputStream istr = ApiUtils.marshalToInputStream(signResponse); - StringWriter writer = new StringWriter(); - IOUtils.copy(istr, writer, "UTF-8"); - signResponseString = writer.toString(); - Logger.info("SignResponse overwritten:"+signResponseString); - istr.close(); - } - else - { - //No document service used? - // do nothing.... - //TODO temporary fix because document is deleted after fetching => SP can't download Doc - //Add doc to Signresponse - - DocumentWithSignature documentWithSignature = new DocumentWithSignature(); - DocumentType value = new DocumentType(); - if(signResponse.getProfile().toLowerCase().contains("xades")) - { - value.setBase64XML(data); - } - else - { - Base64Data base64data = new Base64Data(); - base64data.setValue(data); - base64data.setMimeType(dataSource.getContentType()); - value.setBase64Data(base64data); - } - documentWithSignature.setDocument(value); - if(signResponse.getOptionalOutputs()!=null) - { - //signResponse.getOptionalOutputs().getAny().add(documentWithSignature); - for(Object o :signResponse.getOptionalOutputs().getAny()) - { - if(o instanceof DocumentWithSignature) - { - signResponse.getOptionalOutputs().getAny().remove(o); - signResponse.getOptionalOutputs().getAny().add(documentWithSignature); - break; - } - } - } - else - { - AnyType anytype = new AnyType(); - anytype.getAny().add(documentWithSignature); - signResponse.setOptionalOutputs(anytype ); - } - - // System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl); - InputStream istr = ApiUtils.marshalToInputStream(signResponse); - StringWriter writer = new StringWriter(); - IOUtils.copy(istr, writer, "UTF-8"); - signResponseString = writer.toString(); - Logger.info("SignResponse overwritten:"+signResponseString); - istr.close(); - } - } - else - throw new Exception("No DSS id found."); - } - - //alter signresponse - //done - List values = new ArrayList(); - values.add(signResponseString); - - Logger.debug("Assembling signedDoc attribute"); - PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, - AttributeStatusType.AVAILABLE.value()); - - // pack and return the result - PersonalAttributeList result = new PersonalAttributeList(); - result.add(signedDocAttribute); - return result; - } catch (UnsupportedEncodingException e) { - Logger.error("Failed to assemble signedDoc attribute"); - throw new MOAIDException("stork.05", null); - } catch (ApiUtilsException e) { - e.printStackTrace(); - Logger.error("Failed to assemble signedDoc attribute"); - throw new MOAIDException("stork.05", null); - } catch (IOException e) { - e.printStackTrace(); - Logger.error("Failed to assemble signedDoc attribute"); - throw new MOAIDException("stork.05", null); - } catch (Exception e) { - e.printStackTrace(); - Logger.error("Failed to assemble signedDoc attribute"); - //throw new MOAIDException("stork.05", null); - throw new UnsupportedAttributeException(); - } - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect - * (java.lang.String) - */ - public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) - throws MOAIDException { - - try { - Logger.trace("Initialize VelocityEngine..."); - Logger.info("performRedirect url:"+url); - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm"); - VelocityContext context = new VelocityContext(); - - //Parse SignRequest - String signRequestString = requestedAttribute.getValue().get(0); - Logger.debug("performRedirect, signrequest:"+signRequestString); - Source signDoc = new StreamSource(new java.io.StringReader(signRequestString)); - SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class); - try{ - //search for DTL link - String dtlURL = getDtlUrlFromRequest(signRequest); - String docId = signRequest.getDocUI(); - - if(dtlURL!=null) - { - String docRequest = getDocTransferRequest(docId, dtlURL);//dtlUrl - - byte[] data = getDocumentFromDtl(docRequest, dtlURL);//dtlUrl - - //load doc from DTL - Logger.debug("data:"+data+" "+data.length); - try{ - Logger.trace("data:"+new String(data,"UTF-8")); - }catch(Exception e) - { - Logger.trace("data: creating String failed:"+e); - } - String mime = getDocumentMimeFromDtl(docId, dtlURL);//dtlUrl - Logger.debug("mime:"+mime); - - //add doc as base64* to signrequest => post doc to oasis - try{ - List includeObjects = ApiUtils.findNamedElement( - signRequest.getOptionalInputs(), "IncludeObject", - IncludeObject.class); - signRequest.getOptionalInputs().getAny().removeAll(includeObjects); - - String documentId = null; - Object objDoc = signRequest.getInputDocuments().getDocumentOrTransformedDataOrDocumentHash().get(0); - if (objDoc != null && objDoc instanceof DocumentType) - { - DocumentType document = (DocumentType)objDoc; - documentId = document.getID(); - } - DocumentType document = new DocumentType(); - if(documentId != null) - document.setID(documentId); - if(signRequest.getProfile().toLowerCase().contains("xades")) - { - document.setBase64XML(data); - } - else - { - Base64Data b64data = new Base64Data(); - b64data.setValue(data); - b64data.setMimeType(mime); - document.setBase64Data(b64data); - } - - signRequest.setInputDocuments(ApiUtils.createInputDocuments(document)); - //override old signRequestString - - InputStream istr = ApiUtils.marshalToInputStream(signRequest); - StringWriter writer = new StringWriter(); - IOUtils.copy(istr, writer, "UTF-8"); - signRequestString = writer.toString(); - Logger.info("Signrequest overwritten"); - Logger.debug("Signrequest overwritten:"+signRequestString); - istr.close(); - } catch (Exception e) { - e.printStackTrace(); - throw new Exception("Could not marshall sign request", e); - } - } - else//Do not modify signRequest, document is already included - { - - } - }catch(Exception e) - { - Logger.info("No documentservice used?"); - e.printStackTrace(); - } - - context.put("signrequest", Base64Utils.encode(signRequestString.getBytes("UTF8"))); - context.put("clienturl", url); - context.put("action", oasisDssWebFormURL); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e) { - Logger.error("Error sending DSS signrequest.", e); - throw new MOAIDException("stork.11", null); - } - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames() - */ - @Override - public List getSupportedAttributeNames() throws MOAIDException { - ArrayList supportedAttributeNames = new ArrayList(); - for (String attributeName : this.attributes.split(",")) { - supportedAttributeNames.add(attributeName); - } - return supportedAttributeNames; - } - - - //From DTLPEPSUTIL - - /** - * Get DTL uril from the oasis sign request - * @param signRequest The signature request - * @return The URL of DTL service - * @throws SimpleException - */ - private String getDtlUrlFromRequest(SignRequest signRequest) throws Exception - { - if (signRequest == null) - throw new Exception("Signature request is empty"); - else - { - try - { - Object objDoc = signRequest.getInputDocuments().getDocumentOrTransformedDataOrDocumentHash().get(0); - if (objDoc instanceof DocumentType) - { - DocumentType document = (DocumentType)objDoc; - if (document.getDocumentURL() != null) - return document.getDocumentURL(); - else - return null;//throw new Exception("No document url found"); - } - else - throw new Exception("No input document found"); - } - catch (Exception ex) - { - throw new Exception("Unable to parse xml.", ex); - } - } - } - - /** - * Get document from DTL - * @param transferRequest The transfer request (attribute query) - * @param eDtlUrl The DTL url of external DTL - * @return the document data - * @throws SimpleException - */ - private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception - { - URL url = null; - try - { - Logger.debug("getDocumentFromDtl:"+dtlUrl); - url = new URL(dtlUrl); - QName qname = new QName("http://stork.eu", - "DocumentService"); - - Service service = Service.create(url, qname); - DocumentService docservice = service.getPort(DocumentService.class); - - BindingProvider bp = (BindingProvider) docservice; - SOAPBinding binding = (SOAPBinding) bp.getBinding(); - binding.setMTOMEnabled(true); - - if (eDtlUrl.equalsIgnoreCase(dtlUrl)) - return docservice.getDocument(transferRequest, ""); - else - return docservice.getDocument(transferRequest, eDtlUrl); - } - catch (Exception e) - { - e.printStackTrace(); - throw new Exception("Error in getDocumentFromDtl", e); - } - } - - /** - * Get a document transfer request (attribute query) - * @param docId - * @return - * @throws SimpleException - */ - private String getDocTransferRequest(String docId, String destinationUrl) throws Exception - { - String spCountry = docId.substring(0, docId.indexOf("/")); - final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - STORKAttrQueryRequest req = new STORKAttrQueryRequest(); - req.setAssertionConsumerServiceURL(dtlUrl); - req.setDestination(destinationUrl); - req.setSpCountry(spCountry); - req.setQaa(3);//TODO - PersonalAttributeList pal = new PersonalAttributeList(); - PersonalAttribute attr = new PersonalAttribute(); - attr.setName("docRequest"); - attr.setIsRequired(true); - attr.setValue(Arrays.asList(docId)); - pal.add(attr); - req.setPersonalAttributeList(pal); - - STORKAttrQueryRequest req1; - try { - req1 = engine.generateSTORKAttrQueryRequest(req); - return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml()); - } catch (STORKSAMLEngineException e) { - e.printStackTrace(); - throw new Exception("Error in doc request attribute query generation", e); - } - } - - /** - * Get mime type of document from DTL - * @param docId The document id - * @param dtlUrl The url of dtl - * @return The mime type - */ - private String getDocumentMimeFromDtl(String docId, String eDtlUrl) throws Exception - { - URL url = null; - try - { - url = new URL(dtlUrl); - QName qname = new QName("http://stork.eu", - "DocumentService"); - - Service service = Service.create(url, qname); - DocumentService docservice = service.getPort(DocumentService.class); - - BindingProvider bp = (BindingProvider) docservice; - SOAPBinding binding = (SOAPBinding) bp.getBinding(); - binding.setMTOMEnabled(true); - - if (eDtlUrl.equalsIgnoreCase(dtlUrl)) - return docservice.getDocumentMime(docId, ""); - else - return docservice.getDocumentMime(docId, eDtlUrl); - } - catch (Exception e) - { - e.printStackTrace(); - throw new Exception("Error in getDocumentFromDtl", e); - } - } - - /** - * Add document to DTL service - * @param docData the document data - * @param mime the mime type of data - * @param signRequest the sign request - * @return the document id - * @throws SimpleException - */ - private String addDocumentToDtl(byte[] docData, String mime, String signRequest, String destCountry, String spId) throws Exception - { - throw new NotImplementedException(); -// URL url = null; -// String docID = null; -// try -// { -// url = new URL(dtlUrl); -// QName qname = new QName("http://stork.eu", -// "DocumentService"); -// -// Service service = Service.create(url, qname); -// DocumentService docservice = service.getPort(DocumentService.class); -// -// BindingProvider bp = (BindingProvider) docservice; -// SOAPBinding binding = (SOAPBinding) bp.getBinding(); -// binding.setMTOMEnabled(true); -// -// docID = docservice.addDocument(docData, signRequest, destCountry, spId, mime, ""); -// } -// catch (Exception e) -// { -// e.printStackTrace(); -// throw new Exception("Error in addDocumentToDtl", e); -// } -// -// return docID; - } - - /** - * Update document in DTL - * @param docData The docment data - * @param docId The document ID - * @param signResponse The signature response - * @return True if successful - * @throws SimpleException - */ - private boolean updateDocumentInDtl(byte[] docData, String docId, String signResponse) throws Exception - { - boolean success = false; - URL url = null; - try - { - url = new URL(dtlUrl); - QName qname = new QName("http://stork.eu", - "DocumentService"); - - Service service = Service.create(url, qname); - DocumentService docservice = service.getPort(DocumentService.class); - - BindingProvider bp = (BindingProvider) docservice; - SOAPBinding binding = (SOAPBinding) bp.getBinding(); - binding.setMTOMEnabled(true); - - success = docservice.updateDocument(docId, signResponse, docData); - } - catch (Exception e) - { - e.printStackTrace(); - throw new Exception("Error in updateDocumentInDtl", e); - } - - return success; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() - */ - @Override - public int getPriority() { - return 99; - } -} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java deleted file mode 100644 index 5ee0e380e..000000000 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java +++ /dev/null @@ -1,193 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.stork2.attributeproviders; - -import java.io.StringWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.stork2.ExternalAttributeRequestRequiredException; -import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest; -import at.gv.egovernment.moa.id.protocols.stork2.UnsupportedAttributeException; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PEPSUtil; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAttrQueryRequest; -import eu.stork.peps.auth.commons.STORKAttrQueryResponse; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; - -/** - * creates a STORK attribute request for a configurable set of attributes - */ -public class StorkAttributeRequestProvider extends AttributeProvider { - - private PersonalAttributeList requestedAttributes; - - /** The destination. */ - private String destination; - - /** The sp country code. */ - private String spCountryCode; - - /** - * Instantiates a new stork attribute request provider. - * - * @param apUrl the AP location - * @param supportedAttributes the supported attributes as csv - */ - public StorkAttributeRequestProvider(String apUrl, String supportedAttributes) { - super(supportedAttributes); - destination = apUrl; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) - */ - @Override - protected IPersonalAttributeList acquire(PersonalAttribute attribute, MOASTORKRequest moastorkRequest, IAuthData authData) - throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { - - if (!attributes.contains(attribute.getName())) - throw new UnsupportedAttributeException(); - - this.spCountryCode = moastorkRequest.getSpCountry(); - - requestedAttributes = new PersonalAttributeList(1); - requestedAttributes.add(attribute); - throw new ExternalAttributeRequestRequiredException(this); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest) - */ - public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException { - - Logger.info(this.getClass().getSimpleName() + " tries to extract SAMLResponse out of HTTP Request"); - - //extract STORK Response from HTTP Request - //Decodes SAML Response - byte[] decSamlToken; - try { - decSamlToken = PEPSUtil.decodeSAMLToken(httpReq.getParameter("SAMLResponse")); - } catch(NullPointerException e) { - throw new UnsupportedAttributeException(); - } - - //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - - STORKAttrQueryResponse attrResponse = null; - try { - //validate SAML Token - Logger.debug("Starting validation of SAML response"); - attrResponse = engine.validateSTORKAttrQueryResponse(decSamlToken, (String) httpReq.getRemoteHost()); - Logger.info("SAML response successfully verified!"); - }catch(STORKSAMLEngineException e){ - Logger.error("Failed to verify STORK SAML Response", e); - throw new MOAIDException("stork.05", null); - } - - return attrResponse.getPersonalAttributeList(); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String) - */ - public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - - String spSector = "Business"; - String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); - String spApplication = spInstitution; - - //generate AuthnRquest - STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); - attributeRequest.setDestination(destination); - attributeRequest.setAssertionConsumerServiceURL(url); - attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); - attributeRequest.setQaa(oaParam.getQaaLevel()); - attributeRequest.setSpInstitution(spInstitution); - attributeRequest.setCountry(spCountryCode); - attributeRequest.setSpCountry(spCountryCode); - attributeRequest.setSpApplication(spApplication); - attributeRequest.setSpSector(spSector); - attributeRequest.setPersonalAttributeList(requestedAttributes); - - attributeRequest.setCitizenCountryCode("AT"); - - - Logger.debug("STORK AttrRequest successfully assembled."); - - STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); - try { - attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); - } catch (STORKSAMLEngineException e) { - Logger.error("Could not sign STORK SAML AttrRequest.", e); - throw new MOAIDException("stork.00", null); - } - Logger.info("Using citizen country code: " + attributeRequest.getCitizenCountryCode()); - Logger.info("STORK AttrRequest successfully signed!"); - - try { - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); - VelocityContext context = new VelocityContext(); - context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); - context.put("action", destination); - - StringWriter writer = new StringWriter(); - template.merge(context, writer); - - resp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - } catch (Exception e) { - Logger.error("Error sending STORK SAML AttrRequest.", e); - throw new MOAIDException("stork.11", null); - } - Logger.info("STORK AttrRequest successfully rendered!"); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.stork2.attributeproviders.AttributeProvider#getPriority() - */ - @Override - public int getPriority() { - return 99; - } - -} - diff --git a/id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo b/id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo deleted file mode 100644 index 5d7af87d5..000000000 --- a/id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo +++ /dev/null @@ -1 +0,0 @@ -at.gv.egovernment.moa.id.protocols.stork2.STORKProtocol \ No newline at end of file diff --git a/id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder deleted file mode 100644 index 540802dce..000000000 --- a/id/server/modules/module-stork/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ /dev/null @@ -1,14 +0,0 @@ -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKAdoptedFamilyNameAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKAgeAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKCanonicalResidenceAddressAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKCountryCodeOfBirthAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKFiscalNumberAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKGenderAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKInhertedFamilyNameAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKIsAgeOverAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKMaritalStatusAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKNationalityCodeAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKPseudonymAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKResidencePermitAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKTextResidenceAddressAttributBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.STORKTitleAttributBuilder \ No newline at end of file diff --git a/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml b/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml deleted file mode 100644 index 2e924bdd0..000000000 --- a/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - diff --git a/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml b/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml deleted file mode 100644 index 60989e638..000000000 --- a/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/id/server/modules/module-stork/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/id/server/modules/module-stork/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml deleted file mode 100644 index 09084a34f..000000000 --- a/id/server/modules/module-stork/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml +++ /dev/null @@ -1,51 +0,0 @@ - - - - - urn:oasis:names:tc:SAML:1.0:cm:sender-vouches - - wJO/bvDJjUysG0yARn7I6w==urn:publicid:gv.at:baseidXXXRúùdXXXVàn Nisteĺrooy1969-02-13 - - - - 4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/ -t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm -P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg -gaM2EyuB1HxH8/+Mfqa4UgeqIH65AQAB - - - - - - - - not(ancestor-or-self::pr:Identification) - - - - - KEQEPY2O3Z3IRaISSSoRZVPzsHE= - - - - gzGhjH1kdmPcPbgen0xojNIoJLk= - - - - 06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q== - MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4= - - - - - - not(ancestor-or-self::dsig:Signature) - - - - 8e7RjLnA4Mgltq5ruIJzheKGxu0= - - - - - \ No newline at end of file -- cgit v1.2.3