From 550177c54ce258715177a28f2d2d78812bf745fd Mon Sep 17 00:00:00 2001
From: Andreas Reiter <andreas.reiter@iaik.tugraz.at>
Date: Thu, 27 Feb 2014 18:31:06 +0100
Subject: Added signeddoc attribute provider plugin

---
 .../moa/id/auth/AuthenticationServer.java          |   2 +-
 .../id/protocols/stork2/AttributeCollector.java    |   2 +
 .../stork2/DemoNoRedirectAttributeProvider.java    |   3 -
 .../stork2/DemoRedirectAttributeProvider.java      |   3 -
 .../stork2/EHvdAttributeProviderPlugin.java        |   3 -
 .../stork2/SignedDocAttributeRequestProvider.java  | 129 +++++++++++++++++++++
 .../templates/oasis_dss_webform_binding.vm         |  36 ++++++
 id/server/mw-messages-api/.classpath               |   5 -
 .../stork/peps/auth/engine/core/impl/SignSW.java   |  20 ++--
 9 files changed, 178 insertions(+), 25 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
 create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm

(limited to 'id')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ce5aa15c3..6f6d9611a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -125,7 +125,7 @@ import at.gv.util.xsd.srzgw.MISType;
 import at.gv.util.xsd.srzgw.MISType.Filters;
 import eu.stork.oasisdss.api.AdditionalProfiles;
 import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
 import eu.stork.oasisdss.api.Profiles;
 import eu.stork.oasisdss.api.QualityLevels;
 import eu.stork.oasisdss.api.SignatureTypes;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 57c68e94c..288e71f58 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -133,6 +133,8 @@ public class AttributeCollector implements IAction {
                         // - add the aquired attribute to the container
                         for (PersonalAttribute current : aquiredAttributes)
                             container.getResponse().getPersonalAttributeList().add(current);
+                        //TODO: return after first AP 
+                        
                     } catch (UnsupportedAttributeException e) {
                         // ok, try the next attributeprovider
                     } catch (MOAIDException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
index 669a9389b..9c0869d97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoNoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
 	 */
-	@Override
 	public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
 			throws UnsupportedAttributeException {
 		PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
@@ -31,7 +30,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
 	 */
-	@Override
 	public IPersonalAttributeList parse(HttpServletRequest httpReq) {
 		// TODO Auto-generated method stub
 		return null;
@@ -40,7 +38,6 @@ public class DemoNoRedirectAttributeProvider implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	@Override
 	public void performRedirect(String url, String citizenCountyCode,
 			HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
 		// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
index 2f6b69075..26fc00406 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DemoRedirectAttributeProvider.java
@@ -20,7 +20,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String)
 	 */
-	@Override
 	public IPersonalAttributeList acquire(PersonalAttribute attributeName, AuthenticationSession moasession)
 			throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException {
 		throw new ExternalAttributeRequestRequiredException(this);
@@ -29,7 +28,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
 	 */
-	@Override
 	public IPersonalAttributeList parse(HttpServletRequest httpReq) {
 		PersonalAttributeList requestedAttributes = new PersonalAttributeList(1);
 		requestedAttributes.add(new PersonalAttribute("sepp", true, new ArrayList<String>(), ""));
@@ -39,7 +37,6 @@ public class DemoRedirectAttributeProvider implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	@Override
 	public void performRedirect(String url, String citizenCountyCode,
 			HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) {
 		// we should not get here
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
index 8b96e0d10..758b70f2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java
@@ -55,7 +55,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute)
 	 */
-	@Override
 	public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession)
 			throws UnsupportedAttributeException,
 			ExternalAttributeRequestRequiredException, MOAIDException {
@@ -203,7 +202,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.config.auth.OAAuthParameter)
 	 */
-	@Override
 	public void performRedirect(String url, String citizenCountyCode,
 			HttpServletRequest req, HttpServletResponse resp,
 			OAAuthParameter oaParam) throws MOAIDException {
@@ -213,7 +211,6 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax.servlet.http.HttpServletRequest)
 	 */
-	@Override
 	public IPersonalAttributeList parse(HttpServletRequest httpReq)
 			throws UnsupportedAttributeException, MOAIDException {
 		// there is no redirect required, so we throw an exception when someone asks us to parse a response
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
new file mode 100644
index 000000000..e7cd87e85
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java
@@ -0,0 +1,129 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * Forwards a signedDoc attribute request to the oasis-dss service instance
+ */
+public class SignedDocAttributeRequestProvider implements AttributeProvider {
+
+	private PersonalAttribute requestedAttribute;
+
+	/**
+	 * The URL of the service listening for the oasis dss webform post request
+	 */
+	private String oasisDssWebFormURL;
+
+	/**
+	 * Instantiates a new signed doc attribute request provider.
+	 * 
+	 * @param oasisDssWebFormURL
+	 *            the AP location
+	 */
+	public SignedDocAttributeRequestProvider(String oasisDssWebFormURL) {
+		this.oasisDssWebFormURL = oasisDssWebFormURL;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java
+	 * .lang.String)
+	 */
+	public IPersonalAttributeList acquire(PersonalAttribute attribute, AuthenticationSession moasession) throws UnsupportedAttributeException,
+			ExternalAttributeRequestRequiredException {
+		requestedAttribute = attribute;
+
+		throw new ExternalAttributeRequestRequiredException(this);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#parse(javax
+	 * .servlet.http.HttpServletRequest)
+	 */
+	public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException {
+		Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request");
+
+
+		STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+		try {
+			String signResponse = new String(Base64.decodeBase64(httpReq.getParameter("signresponse")), "UTF8");
+			List<String> values = new ArrayList<String>();
+			values.add(signResponse);
+
+			Logger.debug("Assembling signedDoc attribute");
+			PersonalAttribute signedDocAttribute = new PersonalAttribute(requestedAttribute.getName(), requestedAttribute.isRequired(), values,
+					"Available");
+
+			// pack and return the result
+			PersonalAttributeList result = new PersonalAttributeList();
+			result.add(signedDocAttribute);
+			return result;
+		} catch (UnsupportedEncodingException e) {
+			Logger.error("Failed to assemble signedDoc attribute");
+			throw new MOAIDException("stork.05", null);
+		}
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#performRedirect
+	 * (java.lang.String)
+	 */
+	public void performRedirect(String url, String citizenCountryCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam)
+			throws MOAIDException {
+
+		try {
+			Logger.trace("Initialize VelocityEngine...");
+
+			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+			Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
+			VelocityContext context = new VelocityContext();
+			context.put("signrequest", Base64.encodeBase64String(requestedAttribute.getValue().get(0).getBytes("UTF8")));
+			context.put("action", oasisDssWebFormURL);
+
+			StringWriter writer = new StringWriter();
+			template.merge(context, writer);
+
+			resp.getOutputStream().write(writer.toString().getBytes());
+		} catch (Exception e) {
+			Logger.error("Error sending STORK SAML AttrRequest.", e);
+			throw new MOAIDException("stork.11", null);
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm
new file mode 100644
index 000000000..7fcc1bb36
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm
@@ -0,0 +1,36 @@
+##
+## Velocity Template for OASIS WEBFORM BINDING
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## signresponse - String - the Base64 encoded SAML Request
+## verifyresponse - String - the Base64 encoded SAML Response
+## clienturl - String - URL where the USer gets redirected after the signature process
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>
+                #if($signrequest)<input type="hidden" name="signrequest" value="${signrequest}"/>#end
+                
+                #if($verifyrequest)<input type="hidden" name="verifyrequest" value="${verifyrequest}"/>#end
+                #if($clienturl)<input type="hidden" name="clienturl" value="${clienturl}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        
+    </body>
+</html>
\ No newline at end of file
diff --git a/id/server/mw-messages-api/.classpath b/id/server/mw-messages-api/.classpath
index 8b5a9fa96..c15838fd0 100644
--- a/id/server/mw-messages-api/.classpath
+++ b/id/server/mw-messages-api/.classpath
@@ -6,11 +6,6 @@
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
 	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
 		<attributes>
 			<attribute name="optional" value="true"/>
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index 4554a9586..6652560bd 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -426,16 +426,16 @@ public class SignSW implements SAMLEngineSignI {
 	    final BasicX509Credential entityX509Cred = new BasicX509Credential();
 	    entityX509Cred.setEntityCertificate(cert);	    
 	    
-	    try {
-			cert.checkValidity();
-		} 
-	    catch (CertificateExpiredException exp) {
-			throw new SAMLEngineException("Certificate expired.");
-		}
-		catch (CertificateNotYetValidException exp) {
-			throw new SAMLEngineException("Certificate not yet valid.");
-		}		
-		
+//	    try {
+//			cert.checkValidity();
+//		} 
+//	    catch (CertificateExpiredException exp) {
+//			throw new SAMLEngineException("Certificate expired.");
+//		}
+//		catch (CertificateNotYetValidException exp) {
+//			throw new SAMLEngineException("Certificate not yet valid.");
+//		}		
+//		
 		boolean trusted = false;
 		
 		for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();) 
-- 
cgit v1.2.3