aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-13 16:47:05 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-13 16:47:05 +0100
commit1d65e35ef38e8a7405ec25def325080b7da2ab4d (patch)
tree0c6ee21b5cc0064f8b9cafd7b4c644d5ca1b56fc
parent22820de6b6fa074be1d9990766fa631a6f7f5818 (diff)
downloadmoa-id-spss-1d65e35ef38e8a7405ec25def325080b7da2ab4d.tar.gz
moa-id-spss-1d65e35ef38e8a7405ec25def325080b7da2ab4d.tar.bz2
moa-id-spss-1d65e35ef38e8a7405ec25def325080b7da2ab4d.zip
moa learned how to receive eidas node requests
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java9
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java62
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java135
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo1
5 files changed, 208 insertions, 3 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 8f01ca22b..c3cf396b3 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -93,6 +93,10 @@
<from>^/stork2/RetrieveMandate$</from>
<to type="forward">/dispatcher?mod=id_stork2&amp;action=MandateRetrievalRequest&amp;%{query-string}</to>
</rule>
+ <rule match-type="regex">
+ <from>^/eidas/ColleagueRequest$</from>
+ <to type="forward">/dispatcher?mod=eidas&amp;action=AuthenticationRequest&amp;%{query-string}</to>
+ </rule>
<rule match-type="regex">
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index c8df9ca97..6a573d0f2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -57,7 +57,7 @@ public class EidasMetaDataServlet extends HttpServlet {
logger.debug(metaData);
- response.setContentType("text/html");
+ response.setContentType("text/xml");
response.getWriter().print(metaData);
response.flushBuffer();
} catch (Exception e) {
@@ -82,11 +82,14 @@ public class EidasMetaDataServlet extends HttpServlet {
generator.setConfigParams(mcp);
generator.initialize(engine);
mcp.setEntityID(metadata_url);
- mcp.setAssertionConsumerUrl(metadata);
+
generator.addSPRole();
- generator.addIDPRole();
String returnUrl = sp_return_url;
mcp.setAssertionConsumerUrl(returnUrl);
+
+ generator.addIDPRole();
+ mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+
metadata = generator.generateMetadata();
return metadata;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
new file mode 100644
index 000000000..6a13cba60
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -0,0 +1,62 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
+ * @author bsuzic
+ */
+
+public class AuthenticationRequest implements IAction {
+
+ @Override
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getDefaultActionName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
new file mode 100644
index 000000000..01052c698
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -0,0 +1,135 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.stork.peps.auth.commons.*;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.util.HashMap;
+
+/**
+ * Stork 2 Protocol Support
+ *
+ * @author bsuzic
+ */
+public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+
+ public static final String NAME = EIDASProtocol.class.getName();
+ public static final String PATH = "eidas";
+
+ public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
+ }
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ public EIDASProtocol() {
+ super();
+ }
+
+ /*
+ First request step - send it to BKU selection for user authentication. After the user credentials
+ and other info are obtained, in the second step the request will be processed and the user redirected
+ */
+ public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
+ String sessionId, String transactionId) throws MOAIDException {
+
+ Logger.info("received an eIDaS request");
+
+ //get SAML Response and decode it
+ String base64SamlToken = request.getParameter("SAMLRequest");
+ if (MiscUtil.isEmpty(base64SamlToken)) {
+ Logger.warn("No eIDAS SAMLRequest found in http request.");
+ throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
+
+ }
+ byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
+
+ try {
+ //get eIDAS SAML-engine
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+ //validate SAML token
+ EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+
+
+ } catch(Exception e) {
+
+ }
+
+ return null;
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+ return null;
+ }
+
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
+ return false;
+ }
+
+ public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+ return false;
+ }
+}
+
+
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
new file mode 100644
index 000000000..31d15951c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol \ No newline at end of file