Versions Compared

Old Version 8

changes.mady.by.user Thomas Kilden Nielsen

Saved on

compared with

New Version 9

changes.mady.by.user Thomas Kilden Nielsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
// Her vil STS'en verificere ID kortet.
IDCard idCard = stsRequest.getIDCard();
idCard.validateSignature();
idCard.validateSignatureAndTrust(signingVault);

// I dette eksempel verificeres følgende tre attributter:
Assert.assertEquals("1.0.1", idCard.getVersion());
Assert.assertEquals(AuthenticationLevel.VOCES_TRUSTED_SYSTEM, idCard.getAuthenticationLevel());
Assert.assertEquals("AltIdentifierStr", idCard.getAlternativeIdentifier());

STS Response

Her efter vil en STS bygge et response og først bygges et signeret DGWS ID kort:

Code Block
// Byg DGWS medarbejder ID kort (Niveau 4):
CareProvider careProvider = new CareProvider("medcom:cvrnumber", "20688092", "Lægehuset på bakken");

UserInfo userInfo = new UserInfo("2702681273", "Jens Sundbye", "Poulsen", "jens@email.dk", "overlæge", "7170", "004PT");

UserIDCard idcard = new UserIDCard(factory.createNewUserIDCard("Harmoni/EMS", userInfo, careProvider, new AuthenticationLevel(4), null, null, null, "AltIdentifierStr"), "Issuer");

Dette Identity Token kan nu indlejres i det samlede svar fra STS:

Code Block
// Signing vault
CredentialVault signingVault = new ClasspathCredentialVault(null, "Filnavn på PKCS#12 Medarbejdercertifikat", "Kodeord til Medarbejdercertifikat");

// Opbyg samlet STS response
OIOBSTSAMLAssertionToIDCardResponseDOMBuilder responseBuilder = factory.createOIOBSTSAMLAssertionToIDCardResponseDOMBuilder();
responseBuilder.setAudienceRestriction("http://audience.nspoop.dk/dds");
responseBuilder.setIDCard(idcard);
responseBuilder.setSigningVault(signingVault);
responseBuilder.setContext("context");
responseBuilder.setRelatesTo("relatesTo");

Document consumerStsResponseDocument = responseBuilder.build();

Svaret kan sendes over netværket som XML:

Code Block
// Konverter til XML så det kan sendes over netværket
String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);

Nu vil en anvender kunne modtage det omvekslede DGWS ID kort og hvordan man anvender Seal.Java til at behandle dette svar er beskrevet her: Seal.Java - Guide til anvendere (Consumer) - DGWS ID kort (system og bruger)


Komplet eksempel (incl. opbygning af request  og modtagelse af response)

...

Code Block
collapsetrue
public class TestFactoryFlow extends AbstractUserIDCardTest {{

    private static final String EXPECTED_AUTHORIZATIONCODE = "004PT";
    private static final String EXPECTED_CPR = "2702681273";
    private static final String EXPECTED_CVR = "20688092";
    private static final String EXPECTED_EMAIL = "jens@email.dk";
    private static final String EXPECTED_GIVENNAME = "Jens Sundbye";
    private static final String EXPECTED_ITSYSTEMNAME = "Harmoni/EMS";
    private static final String EXPECTED_OCCUPATION = "overlæge";
    private static final String EXPECTED_ORGANIZATION = "Lægehuset på bakken";
    private static final String EXPECTED_SURNAME = "Poulsen";
    private static final String EXPECTED_USEREDUCATIONCODE = "7170";

    private static final Date notOnOrAfter = d(10);

    @Test
    public void testNewSecurityTokenServicetestBST2SOSI() {

        /**
         * Consumer sender request
         *
         */

        // CredentialVault og Factory
        CredentialVault signingVault = new CredentialVaultTestUtil.getVoces3CredentialVault(ClasspathCredentialVault(null, "Filnavn på PKCS#12 Medarbejdercertifikat", "Kodeord til Medarbejdercertifikat");
        SOSIFactoryCredentialVault factoryholderOfKeyVault = new SOSIFactory(signingVault, new java.util.Properties())ClasspathCredentialVault(null, "Filnavn på PKCS#12 Holder of key certifikat", "Kodeord til Holder of key certifikat");
        OIOSAMLFactory factory = new OIOSAMLFactory();

        //OIO3BSTSAMLAssertionBuilder SystemoiosamlAssertionBuilder ID kort= factory.createOIO3BSTSAMLAssertionBuilder();
        CareProvider careProvider = new CareProvider(SubjectIdentifierTypeValues.CVR_NUMBER, "someID", "someOrgName");
   oiosamlAssertionBuilder.setIssuer("https://oio3bst-issuer.dk");
        oiosamlAssertionBuilder.setNameId("KorsbaekKommune\\MSK");
        oiosamlAssertionBuilder.setAudience("http://audience.nspoop.dk/dds");
        oiosamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
     SystemIDCard systemIDCard = factoryoiosamlAssertionBuilder.createNewSystemIDCardsetCvr("SOSITEST", careProvider, AuthenticationLevel.VOCES_TRUSTED_SYSTEM, null, null, null, "AltIdentifierStr");
20301823");
        oiosamlAssertionBuilder.setOrganizationName("Korsbæk Kommune");
        oiosamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKey.getSystemCredentialPair().getCertificate());
        // Byg STS requestoiosamlAssertionBuilder.setSigningVault(signingVault);
        OIOBSTSAMLAssertion oiosamlAssertion = oiosamlAssertionBuilder.build();

        SecurityTokenRequestOIOBSTSAMLAssertionToIDCardRequestDOMBuilder consumerStsRequestrequestBuilder = factory.createNewSecurityTokenRequestcreateOIOBSTSAMLAssertionToIDCardRequestDOMBuilder();
        requestBuilder.setAudience("http://audience.nspoop.dk/dds");
   consumerStsRequest.setIDCard(systemIDCard);

        requestBuilder.setITSystemName("Korsbæk Kommunes IT systemer");
        requestBuilder.setSubjectNameID("Mads_Skjern");
        requestBuilder.setSigningVault(signingVault);
     // Endelig STS request requestBuilder.setOIOBSTSAMLAssertion(oiosamlAssertion);

        Document consumerStsRequestDocument = consumerStsRequestrequestBuilder.serialize2DOMDocumentbuild();

        /**
         * Send request over netværk
         */
        String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);
        consumerStsRequestDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsRequestXml, false);

        /**
         *  STS modtager request
         */
        SecurityTokenRequestOIOBSTSAMLAssertionToIDCardRequest stsRequest = factory.deserializeSecurityTokenRequest(consumerStsRequestXmlcreateOIOBSTSAMLAssertionToIDCardRequestModelBuilder().build(consumerStsRequestDocument);

        // Her vil STS'en verificere ID kortet. I dette eksempel verificeres følgende tre attributter:
        IDCardOIOBSTSAMLAssertion idCardoiobstsamlAssertion = stsRequest.getIDCardgetOIOBSTSAMLAssertion();
        Assert.assertEquals("1OIO-SAML-3.0.1", idCardoiobstsamlAssertion.getVersiongetSpecVersion());
        Assert.assertEquals(AuthenticationLevel.VOCES_TRUSTED_SYSTEM"20301823", idCardoiobstsamlAssertion.getAuthenticationLevelgetCvrNumberIdentifier());
        Assert.assertEquals("AltIdentifierStrhttp://audience.nspoop.dk/dds", idCardoiobstsamlAssertion.getAlternativeIdentifiergetAudienceRestriction());

        /**
         *  STS bygger response
         */
         SecurityTokenResponse stsResponseUserIDCard uidc = createUserIDCard(signingVault);

        OIOBSTSAMLAssertionToIDCardResponseDOMBuilder responseBuilder = factory.createNewSecurityTokenResponse(stsRequest.createOIOBSTSAMLAssertionToIDCardResponseDOMBuilder();
        responseBuilder.setAudienceRestriction("http://audience.nspoop.dk/dds");
        stsResponseresponseBuilder.setIDCard(idCarduidc);
        responseBuilder.setSigningVault(signingVault);
        responseBuilder.setContext("context");
     Document consumerStsResponseDocument = XmlUtilresponseBuilder.createEmptyDocumentsetRelatesTo("relatesTo");

        Document consumerStsResponseDocument stsResponse= responseBuilder.serialize2DOMDocumentbuild(consumerStsResponseDocument);

        /**
         *  Send response over netværk
         */
        String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
        consumerStsResponseDocument = XmlUtil.readXml(new java.util.Properties(), consumerStsResponseXml, false);

        /**
         *  Consumer modtager response
         */
        SecurityTokenResponseOIOBSTSAMLAssertionToIDCardResponse consumerStsResponse = factory.createOIOBSTSAMLAssertionToIDCardResponseModelBuilder().deserializeSecurityTokenResponsebuild(consumerStsResponseXmlconsumerStsResponseDocument);

        //IDCard VerifyidCardResponse ID card= consumerStsResponse.getIDCard();
        IDCard idCardResponse = consumerStsResponse.getIDCard();

Assert.assertEquals("1.0.1", idCardResponse.getVersion());
        Assert.assertEquals(AuthenticationLevel.MOCES_TRUSTED_USER, idCardResponse.getAuthenticationLevel());
        if (!systemIDCard.isValidInTime()Assert.assertEquals("hans@dampf.dk", idCardResponse.getAlternativeIdentifier());
    }

    private UserIDCard createUserIDCard(CredentialVault signingVault) {
        SOSIFactory factory = new SOSIFactory(signingVault, new   throwjava.util.Properties());

        CareProvider careProvider = new RuntimeException("Invalid DGWS Token");
CareProvider(NameSpaces.NS_MEDCOM + ":cvrnumber", EXPECTED_CVR, EXPECTED_ORGANIZATION);
        UserInfo userInfo =  }

new UserInfo(EXPECTED_CPR, EXPECTED_GIVENNAME, EXPECTED_SURNAME, EXPECTED_EMAIL, EXPECTED_OCCUPATION, EXPECTED_USEREDUCATIONCODE, EXPECTED_AUTHORIZATIONCODE);
        UserIDCard idcard = Assertfactory.assertEquals("1.0.1", idCardResponse.getVersion()createNewUserIDCard(EXPECTED_ITSYSTEMNAME, userInfo, careProvider, AuthenticationLevel.MOCES_TRUSTED_USER, null, null, null, "hans@dampf.dk");
        return new UserIDCard(idcard, "newIssuer");
    }

    private static Date d(int minutesFromNow) {
        long l = minutesFromNow * 60L * 1000L;
        return d(l);
    }

    private  Assert.assertEquals(AuthenticationLevel.VOCES_TRUSTED_SYSTEM, idCardResponse.getAuthenticationLevel()static Date d(long milliSecondsFromNow) {
        Calendar now = Calendar.getInstance();
        Assertnow.assertEquals("AltIdentifierStr", idCardResponse.getAlternativeIdentifier()set(Calendar.MILLISECOND, 0);

        return new Date(now.getTimeInMillis() + milliSecondsFromNow);
    }
}