From 8449c5ab138f0b7a1760cb5f2aa6db2eb9d0b22e Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 19:04:02 +0100 Subject: added stork signature client api - untested --- id/server/idserverlib/pom.xml | 5 +++ .../moa/id/auth/AuthenticationServer.java | 36 ++++++++++++++------ .../moa/id/auth/servlet/PEPSConnectorServlet.java | 39 ++++++++++++---------- 3 files changed, 53 insertions(+), 27 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 8a9cdd51f..245348d09 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -37,6 +37,11 @@ SamlEngine 1.1.0 + + eu.stork + oasis-dss-api + 1.0.0-SNAPSHOT + MOA.id.server moa-id-commons diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ec1762cbf..decf166c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -58,6 +58,7 @@ import org.opensaml.common.IdentifierGenerator; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; +import org.w3c.dom.DOMException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -137,6 +138,11 @@ import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.ApiUtilsException; +import eu.stork.oasisdss.profile.DocumentType; +import eu.stork.oasisdss.profile.InputDocuments; +import eu.stork.oasisdss.profile.SignRequest; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -1882,7 +1888,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { PersonalAttribute newAttribute = new PersonalAttribute(); newAttribute.setName("signedDoc"); List value = new ArrayList(); - value.add(generateDssSignRequest(Base64.encodeBytes(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession).getBytes()), "application/xhtml+xml")); + value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession), "application/xhtml+xml")); newAttribute.setValue(value); attributeList.add(newAttribute); @@ -1978,18 +1984,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentifierGenerator idGenerator; try { idGenerator = new SecureRandomIdentifierGenerator(); - - return "" + - "" + - "" + - "" + text + "" + - "" + - "" + - ""; + + DocumentType doc = new DocumentType(); + doc.setBase64XML(Base64.encodeBytes(text.getBytes()).getBytes()); + + SignRequest request = new SignRequest(); + request.setInputDocuments(ApiUtils.createInputDocuments(doc)); + + request.setRequestID(idGenerator.generateIdentifier()); + + return ApiUtils.marshalToDocument(request).getTextContent(); } catch (NoSuchAlgorithmException e) { Logger.error("Cannot generate id", e); throw new RuntimeException(e); + } catch (ApiUtilsException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (DOMException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); + } catch (ParserConfigurationException e) { + Logger.error("Could not create SignRequest", e); + throw new RuntimeException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index a1d38d488..3129c9e31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -10,6 +10,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.xml.transform.stream.StreamSource; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; @@ -30,11 +31,15 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.oasisdss.api.ApiUtils; +import eu.stork.oasisdss.api.LightweightSourceResolver; +import eu.stork.oasisdss.profile.SignResponse; import eu.stork.peps.auth.commons.PEPSUtil; import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.commons.STORKAuthnRequest; @@ -144,23 +149,6 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - Logger.debug("Starting extraction of signedDoc attribute"); - //extract signed doc element and citizen signature - Element citizenSignature = null; - try { - - Assertion storkAssertion = authnResponse.getAssertions().get(0); - citizenSignature = STORKResponseProcessor.extractCitizenSignature(storkAssertion); - moaSession.setAuthBlock(DOMUtils.serializeNode(citizenSignature)); - moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(citizenSignature)); - - } catch (Exception e) { - Logger.error("Could not extract citizen signature from C-PEPS", e); - throw new MOAIDException("stork.09", null); - } - Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); - Logger.debug("Citizen signature will be verified by SZR Gateway!"); - ////////////// incorporate gender from parameters if not in stork response PersonalAttribute gender = authnResponse.getPersonalAttributeList().get("gender"); @@ -179,6 +167,23 @@ public class PEPSConnectorServlet extends AuthServlet { ////////////////////////////////////////////////////////////////////////// + Logger.debug("Starting extraction of signedDoc attribute"); + //extract signed doc element and citizen signature + String citizenSignature = null; + try { + citizenSignature = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); + moaSession.setAuthBlock(citizenSignature); + + // FIXME untested + Element sepp = (Element) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(citizenSignature))); + moaSession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(sepp)); + + } catch (Exception e) { + Logger.error("Could not extract citizen signature from C-PEPS", e); + throw new MOAIDException("stork.09", null); + } + Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); + Logger.debug("Citizen signature will be verified by SZR Gateway!"); Logger.debug("Starting connecting SZR Gateway"); //contact SZR Gateway -- cgit v1.2.3