/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import java.io.InputStream; import java.text.SimpleDateFormat; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; /** * @author tlenz * */ @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Autowired private AuthConfiguration moaAuthConfig; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ //get eIDAS attributes from MOA-Session AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); IIdentityLink identityLink = null; //connect SZR-Gateway //TODO: implement SZR-Gateway communication!!!! if(true) { // create fake IdL // - fetch IdL template from resources InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); Element idlTemplate = DOMUtils.parseXmlValidating(s); identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); // replace data Element idlassertion = identityLink.getSamlAssertion(); // - set fake baseID; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); Object eIdentifier = eIDASAttributes.getFirstValue( SAMLEngineUtils.getMapOfAllAvailableAttributes().get( Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); if (eIdentifier == null || !(eIdentifier instanceof String)) throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); prIdentification.getFirstChild().setNodeValue((String) eIdentifier); //build personal identifier which looks like a baseID // String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); // Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID); // prIdentification.getFirstChild().setNodeValue(fakeBaseID); // - set last name Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); Object familyName = eIDASAttributes.getFirstValue( SAMLEngineUtils.getMapOfAllAvailableAttributes().get( Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); if (familyName == null || !(familyName instanceof String)) throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); prFamilyName.getFirstChild().setNodeValue((String) familyName); // - set first name Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); Object givenName = eIDASAttributes.getFirstValue( SAMLEngineUtils.getMapOfAllAvailableAttributes().get( Constants.eIDAS_ATTR_CURRENTGIVENNAME)); if (givenName == null || !(givenName instanceof String)) throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); prGivenName.getFirstChild().setNodeValue((String) givenName); // - set date of birth Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); Object dateOfBirth = eIDASAttributes.getFirstValue( SAMLEngineUtils.getMapOfAllAvailableAttributes().get( Constants.eIDAS_ATTR_DATEOFBIRTH)); if (dateOfBirth == null || !(dateOfBirth instanceof DateTime)) throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate()); prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth); identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), moaAuthConfig.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { //contact SZR Gateway Logger.debug("Starting connecting SZR Gateway"); //TODO:!!!!!! } Logger.debug("SZR communication was successfull"); if (identityLink == null) { Logger.error("SZR Gateway did not return an identity link."); throw new MOAIDException("stork.10", null); } revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); moaSession.setForeigner(true); moaSession.setIdentityLink(identityLink); moaSession.setBkuURL("Not applicable (eIDASAuthentication)"); //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); } catch (eIDASAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); } catch (MOAIDException | MOADatabaseException e) { throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); } catch (Exception e) { Logger.error("IdentityLink generation for foreign person FAILED.", e); throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); } } }