List of usage examples for java.lang NullPointerException getCause
public synchronized Throwable getCause()
From source file:org.apache.pulsar.broker.admin.impl.PersistentTopicsBase.java
protected void unloadTopic(TopicName topicName, boolean authoritative) { validateSuperUserAccess();//from ww w . j a va 2 s. c o m validateTopicOwnership(topicName, authoritative); try { Topic topic = getTopicReference(topicName); topic.close().get(); log.info("[{}] Successfully unloaded topic {}", clientAppId(), topicName); } catch (NullPointerException e) { log.error("[{}] topic {} not found", clientAppId(), topicName); throw new RestException(Status.NOT_FOUND, "Topic does not exist"); } catch (Exception e) { log.error("[{}] Failed to unload topic {}, {}", clientAppId(), topicName, e.getCause().getMessage(), e); throw new RestException(e.getCause()); } }
From source file:at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet.java
private void handleSAMLResponse(HttpServletRequest request, HttpServletResponse response) { Logger.info("handleSAMLResponse started"); String pendingRequestID = null; try {//from w ww.j a v a 2s. c o m Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message."); Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request)); super.setNoCachingHeadersInHttpRespone(request, response); Logger.trace("No Caching headers set for HTTP response"); //check if https or only http super.checkIfHTTPisAllowed(request.getRequestURL().toString()); Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request //Decodes SAML Response byte[] decSamlToken; try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); Logger.debug("SAMLResponse: " + new String(decSamlToken)); } catch (NullPointerException e) { Logger.error("Unable to retrieve STORK Response", e); throw new MOAIDException("stork.04", null); } //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); STORKAuthnResponse authnResponse = null; try { //validate SAML Token Logger.debug("Starting validation of SAML response"); authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost()); Logger.info("SAML response succesfully verified!"); } catch (STORKSAMLEngineException e) { Logger.error("Failed to verify STORK SAML Response", e); throw new MOAIDException("stork.05", null); } Logger.info("STORK SAML Response message succesfully extracted"); Logger.debug("STORK response: "); Logger.debug(authnResponse.toString()); Logger.debug("Trying to find MOA Session-ID ..."); //String moaSessionID = request.getParameter(PARAM_SESSIONID); //first use SAML2 relayState String moaSessionID = request.getParameter("RelayState"); // escape parameter strings moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); //check if SAML2 relaystate includes a MOA sessionID if (StringUtils.isEmpty(moaSessionID)) { //if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier moaSessionID = authnResponse.getInResponseTo(); moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); if (StringUtils.isEmpty(moaSessionID)) { //No authentication session has been started before Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); Logger.debug("PEPSConnectorURL was: " + request.getRequestURL()); throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); } else Logger.trace( "Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute."); } else //Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter."); Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState."); /*INFO!!!! * SAML message IDs has an different format then MOASessionIDs * This is only a workaround because many PEPS does not support SAML2 relayState or * MOASessionID as AttributConsumerServiceURL GET parameter */ // if (!ParamValidatorUtils.isValidSessionID(moaSessionID)) // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); //load MOASession from database AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID); //change MOASessionID moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Found MOA sessionID: " + moaSessionID); String statusCodeValue = authnResponse.getStatusCode(); if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) { Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue); throw new MOAIDException("stork.06", new Object[] { statusCodeValue }); } Logger.info("Got SAML response with authentication success message."); Logger.debug("MOA session is still valid"); STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest(); if (storkAuthnRequest == null) { Logger.error( "Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); throw new MOAIDException("stork.07", null); } Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); ////////////// incorporate gender from parameters if not in stork response IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); // but first, check if we have a representation case if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList) || STORKResponseProcessor.hasAttribute("representative", attributeList) || STORKResponseProcessor.hasAttribute("represented", attributeList)) { // in a representation case... moaSession.setUseMandate("true"); // and check if we have the gender value PersonalAttribute gender = attributeList.get("gender"); if (null == gender) { String gendervalue = (String) request.getParameter("gender"); if (null != gendervalue) { gender = new PersonalAttribute(); gender.setName("gender"); ArrayList<String> tmp = new ArrayList<String>(); tmp.add(gendervalue); gender.setValue(tmp); authnResponse.getPersonalAttributeList().add(gender); } } } ////////////////////////////////////////////////////////////////////////// Logger.debug("Starting extraction of signedDoc attribute"); //extract signed doc element and citizen signature String citizenSignature = null; try { PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc"); String signatureInfo = null; if (signedDoc != null) { signatureInfo = signedDoc.getValue().get(0); //should not occur } else { //store SAMLResponse moaSession.setSAMLResponse(request.getParameter("SAMLResponse")); //store authnResponse //moaSession.setAuthnResponse(authnResponse);//not serializable moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList()); String authnContextClassRef = null; try { authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0) .getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(); } catch (Throwable e) { Logger.warn( "STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); } moaSession.setAuthnContextClassRef(authnContextClassRef); moaSession.setReturnURL(request.getRequestURL()); //load signedDoc String signRequest = moaSession.getSignedDoc(); //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); //set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID //signRequest String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); String acsURL = issuerValue + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; String url = acsURL + "?moaSessionID=" + newMOASessionID; //redirect to OASIS module and sign there boolean found = false; try { List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs(); Logger.info("Found AttributeProviderPlugins:" + aps.size()); for (AttributeProviderPlugin ap : aps) { Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes()); if (ap.getAttributes().equalsIgnoreCase("signedDoc")) { // FIXME[tlenz]: A servlet's class field is not thread safe. oasisDssWebFormURL = ap.getUrl(); found = true; Logger.info("Loaded signedDoc attribute provider url from config:" + oasisDssWebFormURL); break; } } } catch (Exception e) { e.printStackTrace(); Logger.error("Loading the signedDoc attribute provider url from config failed"); } if (!found) { Logger.error("Failed to load the signedDoc attribute provider url from config"); } performRedirect(url, request, response, signRequest); return; } SignResponse dssSignResponse = (SignResponse) ApiUtils .unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse); // memorize signature into authblock moaSession.setAuthBlock(citizenSignature); X509Certificate cert = getSignerCertificate(citizenSignature); moaSession.setSignerCertificate(cert); moaSession.setForeigner(true); } catch (Throwable e) { Logger.error("Could not extract citizen signature from C-PEPS", e); throw new MOAIDException("stork.09", null); } try { SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext() .getAuthnContextClassRef().getAuthnContextClassRef(), citizenSignature); } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from // stork. If we do not, we cannot register the person in the ERnP - we have to have the // gender for the represented person. So here comes the dirty hack. if (e.getCause() instanceof STORKException && e.getCause().getMessage().equals("gender not found in response")) { try { Logger.trace("Initialize VelocityEngine..."); VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); VelocityContext context = new VelocityContext(); context.put("SAMLResponse", request.getParameter("SAMLResponse")); context.put("action", request.getRequestURL()); StringWriter writer = new StringWriter(); template.merge(context, writer); response.getOutputStream().write(writer.toString().getBytes("UTF-8")); } catch (Exception e1) { Logger.error("Error sending gender retrival form.", e1); // httpSession.invalidate(); throw new MOAIDException("stork.10", null); } return; } Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); } Logger.debug("Add full STORK AuthnResponse to MOA session"); moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));//TODO ask Florian/Thomas authnResponse? //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); //redirect String redirectURL = null; redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); redirectURL = response.encodeRedirectURL(redirectURL); response.setContentType("text/html"); response.setStatus(302); response.addHeader("Location", redirectURL); Logger.info("REDIRECT TO: " + redirectURL); } catch (AuthenticationException e) { handleError(null, e, request, response, pendingRequestID); } catch (MOAIDException e) { handleError(null, e, request, response, pendingRequestID); } catch (Exception e) { Logger.error("PEPSConnector has an interal Error.", e); } finally { ConfigurationDBUtils.closeSession(); } }
From source file:at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet.java
/** * Handles the reception of a STORK response message * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) *///w w w .j a va 2s.c om protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String pendingRequestID = null; try { Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message."); Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request)); super.setNoCachingHeadersInHttpRespone(request, response); Logger.trace("No Caching headers set for HTTP response"); //check if https or only http super.checkIfHTTPisAllowed(request.getRequestURL().toString()); Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); //extract STORK Response from HTTP Request //Decodes SAML Response byte[] decSamlToken; try { decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse")); Logger.debug("SAMLResponse: " + new String(decSamlToken)); } catch (NullPointerException e) { Logger.error("Unable to retrieve STORK Response", e); throw new MOAIDException("stork.04", null); } //Get SAMLEngine instance STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing"); STORKAuthnResponse authnResponse = null; try { //validate SAML Token Logger.debug("Starting validation of SAML response"); authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost()); Logger.info("SAML response succesfully verified!"); } catch (STORKSAMLEngineException e) { Logger.error("Failed to verify STORK SAML Response", e); throw new MOAIDException("stork.05", null); } Logger.info("STORK SAML Response message succesfully extracted"); Logger.debug("STORK response: "); Logger.debug(authnResponse.toString()); Logger.debug("Trying to find MOA Session-ID ..."); //String moaSessionID = request.getParameter(PARAM_SESSIONID); //first use SAML2 relayState String moaSessionID = request.getParameter("RelayState"); // escape parameter strings moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); //check if SAML2 relaystate includes a MOA sessionID if (StringUtils.isEmpty(moaSessionID)) { //if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier moaSessionID = authnResponse.getInResponseTo(); moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID); if (StringUtils.isEmpty(moaSessionID)) { //No authentication session has been started before Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); Logger.debug("PEPSConnectorURL was: " + request.getRequestURL()); throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); } else Logger.trace( "Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute."); } else //Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter."); Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState."); /*INFO!!!! * SAML message IDs has an different format then MOASessionIDs * This is only a workaround because many PEPS does not support SAML2 relayState or * MOASessionID as AttributConsumerServiceURL GET parameter */ // if (!ParamValidatorUtils.isValidSessionID(moaSessionID)) // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); //load MOASession from database AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID); //change MOASessionID moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Found MOA sessionID: " + moaSessionID); String statusCodeValue = authnResponse.getStatusCode(); if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) { Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue); throw new MOAIDException("stork.06", new Object[] { statusCodeValue }); } Logger.info("Got SAML response with authentication success message."); Logger.debug("MOA session is still valid"); STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest(); if (storkAuthnRequest == null) { Logger.error( "Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); throw new MOAIDException("stork.07", null); } OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); //================== Check QAA level start ==================== int reqQaa = -1; int authQaa = -1; String authQaaStr = null; try { reqQaa = storkAuthnRequest.getQaa(); //TODO: found better solution, but QAA Level in response could be not supported yet try { authQaaStr = authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext() .getAuthnContextClassRef().getAuthnContextClassRef(); moaSession.setQAALevel(authQaaStr); } catch (Throwable e) { Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel(); } if (authQaaStr != null)//Check value only if set { authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length())); // authQaa = Integer.valueOf(authQaaStr); if (reqQaa > authQaa) { Logger.warn("Requested QAA level does not match to authenticated QAA level"); throw new MOAIDException("stork.21", new Object[] { reqQaa, authQaa }); } } } catch (MOAIDException e) { throw e; } catch (Exception e) { if (Logger.isDebugEnabled()) Logger.warn("STORK QAA Level evaluation error", e); else Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" + e.getMessage() + ")"); throw new MOAIDException("stork.21", new Object[] { reqQaa, authQaa }); } //================== Check QAA level end ==================== Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); ////////////// incorporate gender from parameters if not in stork response IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); // but first, check if we have a representation case if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList) || STORKResponseProcessor.hasAttribute("representative", attributeList) || STORKResponseProcessor.hasAttribute("represented", attributeList)) { // in a representation case... moaSession.setUseMandate("true"); // and check if we have the gender value PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if there is no representation case? if (null == gender) { String gendervalue = (String) request.getParameter("gender"); if (null != gendervalue) { gender = new PersonalAttribute(); gender.setName("gender"); ArrayList<String> tmp = new ArrayList<String>(); tmp.add(gendervalue); gender.setValue(tmp); authnResponse.getPersonalAttributeList().add(gender); } } } ////////////////////////////////////////////////////////////////////////// Logger.debug("Starting extraction of signedDoc attribute"); //extract signed doc element and citizen signature String citizenSignature = null; try { String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING Logger.debug("signatureInfo:" + signatureInfo); SignResponse dssSignResponse = (SignResponse) ApiUtils .unmarshal(new StreamSource(new java.io.StringReader(signatureInfo))); // fetch signed doc DataSource ds = null; try { ds = LightweightSourceResolver.getDataSource(dssSignResponse); } catch (Exception e) { e.printStackTrace(); } if (ds == null) { //Normal DocumentServices return a http-page, but the SI DocumentService returns HTTP error 500 //which results in an exception and ds==null //try to load document from documentservice citizenSignature = loadDocumentFromDocumentService(dssSignResponse); //throw new ApiUtilsException("No datasource found in response"); } else { InputStream incoming = ds.getInputStream(); citizenSignature = IOUtils.toString(incoming); incoming.close(); Logger.debug("citizenSignature:" + citizenSignature); if (isDocumentServiceUsed(citizenSignature) == true) { citizenSignature = loadDocumentFromDocumentService(dssSignResponse); // Logger.debug("Loading document from DocumentService."); // String url = getDtlUrlFromResponse(dssSignResponse); // //get Transferrequest // String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url); // //Load document from DocumentService // byte[] data = getDocumentFromDtl(transferRequest, url); // citizenSignature = new String(data, "UTF-8"); // Logger.debug("Overridung citizenSignature with:"+citizenSignature); } } JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName()); SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller() .unmarshal(IOUtils.toInputStream(citizenSignature))).getValue(); // memorize signature into authblock moaSession.setAuthBlock(citizenSignature); // extract certificate for (Object current : root.getKeyInfo().getContent()) if (((JAXBElement<?>) current).getValue() instanceof X509DataType) { for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue() .getX509IssuerSerialOrX509SKIOrX509SubjectName()) { JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data); if (casted.getName().getLocalPart().equals("X509Certificate")) { moaSession.setSignerCertificate( new X509Certificate(((String) casted.getValue()).getBytes("UTF-8"))); break; } } } } catch (Throwable e) { Logger.error("Could not extract citizen signature from C-PEPS", e); throw new MOAIDException("stork.09", null); } Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)"); Logger.debug("Citizen signature will be verified by SZR Gateway!"); Logger.debug("fetching OAParameters from database"); // //read configuration paramters of OA // AuthenticationSession moasession; // try { // moasession = AuthenticationSessionStoreage.getSession(moaSessionID); // } catch (MOADatabaseException e2) { // Logger.error("could not retrieve moa session"); // throw new AuthenticationException("auth.01", null); // } // OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); // if (oaParam == null) // throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); // retrieve target //TODO: check in case of SSO!!! String targetType = null; if (oaParam.getBusinessService()) { String id = oaParam.getIdentityLinkDomainIdentifier(); if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) targetType = id; else targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier(); } else { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); } IdentityLink identityLink = null; try { AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); if (config.isStorkFakeIdLActive() && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { // create fake IdL // - fetch IdL template from resources InputStream s = PEPSConnectorServlet.class .getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); Element idlTemplate = DOMUtils.parseXmlValidating(s); identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); // replace data Element idlassertion = identityLink.getSamlAssertion(); // - set bpk/wpbk; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); if (!STORKResponseProcessor.hasAttribute("eIdentifier", attributeList)) throw new STORKException("eIdentifier is missing"); String eIdentifier = STORKResponseProcessor.getAttributeValue("eIdentifier", attributeList, false); prIdentification.getFirstChild().setNodeValue(eIdentifier); // - set last name Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); if (!STORKResponseProcessor.hasAttribute("surname", attributeList)) throw new STORKException("surname is missing"); String familyName = STORKResponseProcessor.getAttributeValue("surname", attributeList, false); prFamilyName.getFirstChild().setNodeValue(familyName); // - set first name Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); if (!STORKResponseProcessor.hasAttribute("givenName", attributeList)) throw new STORKException("givenName is missing"); String givenName = STORKResponseProcessor.getAttributeValue("givenName", attributeList, false); prGivenName.getFirstChild().setNodeValue(givenName); // - set date of birth Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); if (!STORKResponseProcessor.hasAttribute("dateOfBirth", attributeList)) throw new STORKException("dateOfBirth is missing"); String dateOfBirth = STORKResponseProcessor.getAttributeValue("dateOfBirth", attributeList, false); prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth); identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); Element resignedilAssertion = identitylinkresigner.resignIdentityLink( identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { //contact SZR Gateway Logger.debug("Starting connecting SZR Gateway"); identityLink = STORKResponseProcessor.connectToSZRGateway( authnResponse.getPersonalAttributeList(), oaParam.getFriendlyName(), targetType, null, oaParam.getMandateProfiles(), citizenSignature); } } catch (STORKException e) { // this is really nasty but we work against the system here. We are supposed to get the gender attribute from // stork. If we do not, we cannot register the person in the ERnP - we have to have the // gender for the represented person. So here comes the dirty hack. if (e.getCause() instanceof STORKException && e.getCause().getMessage().equals("gender not found in response")) { try { Logger.trace("Initialize VelocityEngine..."); VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html"); VelocityContext context = new VelocityContext(); context.put("SAMLResponse", request.getParameter("SAMLResponse")); context.put("action", request.getRequestURL()); StringWriter writer = new StringWriter(); template.merge(context, writer); response.getOutputStream().write(writer.toString().getBytes("UTF-8")); } catch (Exception e1) { Logger.error("Error sending gender retrival form.", e1); // httpSession.invalidate(); throw new MOAIDException("stork.10", null); } return; } Logger.error("Error connecting SZR Gateway", e); throw new MOAIDException("stork.10", null); } Logger.debug("SZR communication was successfull"); if (identityLink == null) { Logger.error("SZR Gateway did not return an identity link."); throw new MOAIDException("stork.10", null); } moaSession.setForeigner(true); Logger.info("Received Identity Link from SZR Gateway"); moaSession.setIdentityLink(identityLink); Logger.debug("Adding addtional STORK attributes to MOA session"); moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList()); Logger.debug("Add full STORK AuthnResponse to MOA session"); moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse")); //We don't have BKUURL, setting from null to "Not applicable" moaSession.setBkuURL("Not applicable (STORK Authentication)"); // free for single use moaSession.setAuthenticatedUsed(false); // stork did the authentication step moaSession.setAuthenticated(true); // //TODO: found better solution, but QAA Level in response could be not supported yet // try { // // moaSession.setQAALevel(authnResponse.getAssertions().get(0). // getAuthnStatements().get(0).getAuthnContext(). // getAuthnContextClassRef().getAuthnContextClassRef()); // // } catch (Throwable e) { // Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); // moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); // // } //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); //redirect String redirectURL = null; redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); redirectURL = response.encodeRedirectURL(redirectURL); // response.setContentType("text/html"); // response.setStatus(302); // response.addHeader("Location", redirectURL); response.sendRedirect(redirectURL); Logger.info("REDIRECT TO: " + redirectURL); } catch (AuthenticationException e) { handleError(null, e, request, response, pendingRequestID); } catch (MOAIDException e) { handleError(null, e, request, response, pendingRequestID); } catch (Exception e) { Logger.error("PEPSConnector has an interal Error.", e); } finally { ConfigurationDBUtils.closeSession(); } }