From 12c3c34ea26ff20e39c9b67f698e9c8b99ef11ee Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Mar 2015 15:38:31 +0100 Subject: STORK PEPS-conform logging --- .../auth/modules/stork/tasks/PepsConnectorTask.java | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 59f54f957..d233f88c4 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -6,8 +6,10 @@ import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; import java.net.URL; +import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; +import java.util.Date; import java.util.List; import java.util.Properties; @@ -170,6 +172,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("STORK response: "); Logger.debug(authnResponse.toString()); + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS receives response from C-PEPS#orig_msg_id id2 (in response to)#orig_msg_id id1 (in response to)#status#msghash#msg_id id3# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS receives response from C-PEPS#" + + authnResponse.getInResponseTo() + "#NA#" + authnResponse.getMessage() + "#_hash_#" + authnResponse.getSamlId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } + Logger.debug("Trying to find MOA Session-ID ..."); // String moaSessionID = request.getParameter(PARAM_SESSIONID); // first use SAML2 relayState @@ -549,6 +560,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // stork did the authentication step moaSession.setAuthenticated(true); + // do PEPS-conform logging for easier evaluation + try { + // 2015-03-12 16:44:27.144#S-PEPS generates response to SP#orig_msg_id id1 (in response to)#status#msghash#msg_id id4# + Logger.info(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(new Date()) + "#S-PEPS generates response to SP#" + + "#" + moaSession.getProcessInstanceId() + "#" + authnResponse.getMessage() + "#_hash_#" + moaSession.getProcessInstanceId() + "#"); + } catch (Exception e1) { + Logger.info("STORK PEPS conform logging failed because of: " + e1.getMessage()); + } + // TODO: found better solution, but QAA Level in STORK response is not be supported yet // try { // -- cgit v1.2.3 From 9ac6c3342ba7afdd75838230d13ceda70614cedc Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Mar 2015 16:03:33 +0100 Subject: added fakeidl no-signature option config --- .../moa/id/auth/modules/stork/tasks/PepsConnectorTask.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index d233f88c4..3d787f371 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -326,9 +326,13 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // //////////////////////////////////////////////////////////////////////// + AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); + String citizenSignature = null; + if(config.isStorkFakeIdLActive() && config.getStorkNoSignatureCountries().contains(storkAuthnRequest.getCitizenCountryCode()) && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { + Logger.debug("signedDoc extraction skipped due to configuration"); + } else { Logger.debug("Starting extraction of signedDoc attribute"); // extract signed doc element and citizen signature - String citizenSignature = null; try { if (authnResponse.getPersonalAttributeList().get("signedDoc") == null @@ -409,6 +413,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.error("Could not extract citizen signature from C-PEPS", e); throw new MOAIDException("stork.09", null); } + } Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); @@ -441,7 +446,6 @@ public class PepsConnectorTask extends AbstractAuthServletTask { IdentityLink identityLink = null; executionContext.put("identityLinkAvailable", false); try { - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); if(config.isStorkFakeIdLActive() && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { // create fake IdL // - fetch IdL template from resources -- cgit v1.2.3 From c0613b08431899c6d97affc570a237b81dfcda80 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Mar 2015 16:04:09 +0100 Subject: fixed date format issue with fakeIdL creation --- .../egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 3d787f371..6e0bd19ff 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -30,6 +30,7 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.opensaml.saml2.core.StatusCode; +import org.springframework.format.datetime.DateFormatter; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -482,6 +483,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { if(!STORKResponseProcessor.hasAttribute("dateOfBirth", attributeList)) throw new STORKException("dateOfBirth is missing"); String dateOfBirth = STORKResponseProcessor.getAttributeValue("dateOfBirth", attributeList, false); + dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth)); prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth); identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); -- cgit v1.2.3