aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-03-18 16:02:05 +0100
committerBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-03-18 16:02:05 +0100
commit7f896d543b412062935db895c9a951d64d638b5d (patch)
treea5ca07955792839764e00f3f9edf8acb9ea27424
parentcb7942a2d5f13744b114fd6d4fad49aefdac12f1 (diff)
downloadmoa-id-spss-7f896d543b412062935db895c9a951d64d638b5d.tar.gz
moa-id-spss-7f896d543b412062935db895c9a951d64d638b5d.tar.bz2
moa-id-spss-7f896d543b412062935db895c9a951d64d638b5d.zip
correcting mandate request
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java109
5 files changed, 105 insertions, 25 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 461ff7efc..5ed7739ec 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -69,11 +69,11 @@
<to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/moa-id-auth/SendPEPSAuthnRequest$</from>
+ <from>^/stork2/SendPEPSAuthnRequest$</from>
<to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/moa-id-auth/RetrieveMandate$</from>
+ <from>^/stork2/RetrieveMandate$</from>
<to type="forward">/dispatcher?mod=id_stork2&amp;action=MandateRetrievalRequest&amp;%{query-string}</to>
</rule>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1dfccb6c0..e0f14c41d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -194,7 +194,7 @@ public class AttributeCollector implements IAction {
* @throws MOAIDException
*/
private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException {
- Logger.info("Updating " + source.size() + " attributes...");
+ Logger.info("Updating " + source.size() + " attribute(s)...");
for (PersonalAttribute current : source) {
Logger.debug("treating " + current.getName());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
index a8a9d9677..7fb7a7bc6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java
@@ -41,7 +41,12 @@ public class AttributeProviderFactory {
} else if (shortname.equals("SignedDocAttributeRequestProvider")) {
return new SignedDocAttributeRequestProvider(url, attributes);
} else if (shortname.equals("MandateAttributeRequestProvider")) {
- return new MandateAttributeRequestProvider(url, attributes);
+ try {
+ return new MandateAttributeRequestProvider(url, attributes);
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ return null;
+ }
} else {
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 442fa8a5b..88c0e889d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -66,12 +66,8 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Starting AuthenticationRequest");
moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse());
- // Get personal attributtes from MOA/IdentityLink
- moaStorkResponse.setPersonalAttributeList(populateAttributes());
-
STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
- STORKAuthnResponse authnResponse = new STORKAuthnResponse();
Logger.debug("Starting generation of SAML response");
try {
@@ -80,6 +76,10 @@ public class AuthenticationRequest implements IAction {
// TODO
}
+ // Get personal attributtes from MOA/IdentityLink
+ moaStorkResponse.setPersonalAttributeList(populateAttributes());
+
+
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
index 123999166..d3eded934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
@@ -1,52 +1,127 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.peps.auth.commons.*;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.io.StringWriter;
/**
- * Provides mandate attribute from MIS
- *
+ * Provides mandate attribute from MIS
*/
public class MandateAttributeRequestProvider implements AttributeProvider {
- /** The destination. */
- private Object destination;
+ /**
+ * The destination.
+ */
+ private String destination;
- /** The attributes. */
+ /**
+ * The attributes.
+ */
private String attributes;
- public MandateAttributeRequestProvider(String url, String supportedAttributes) {
+ private String spCountryCode;
+
+ private PersonalAttributeList requestedAttributes;
+
+ public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException {
Logger.setHierarchy("moa.id.protocols.stork2");
- destination = url;
+ destination = aPurl;
attributes = supportedAttributes;
}
- public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
- Logger.info("Acquiring attribute: " + this.getClass().getName());
+ public String getAttrProviderName() {
+ return "MandateAttributeRequestProvider";
+ }
+
+ public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException {
+ Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName());
+ this.spCountryCode = spCountryCode;
+ requestedAttributes = new PersonalAttributeList(1);
+ requestedAttributes.add(attribute);
+
// break if we cannot handle the requested attribute
- if(!attributes.contains(attribute.getName()))
+ if (!attributes.contains(attribute.getName())) {
+ Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName());
throw new UnsupportedAttributeException();
+ }
PersonalAttributeList result = new PersonalAttributeList();
//return result;
+ Logger.info("Thrown external request by: " + getAttrProviderName());
throw new ExternalAttributeRequestRequiredException(this);
}
public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException {
- Logger.info("Redirecting: " + this.getClass().getName());
+ Logger.setHierarchy("moa.id.protocols.stork2");
+
+ String spSector = "Business";
+ String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
+ String spApplication = spInstitution;
+
+ //generate AuthnRquest
+ STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
+ attributeRequest.setDestination(destination);
+ attributeRequest.setAssertionConsumerServiceURL(url);
+ attributeRequest.setIssuer(HTTPUtils.getBaseURL(req));
+ attributeRequest.setQaa(oaParam.getQaaLevel());
+ attributeRequest.setSpInstitution(spInstitution);
+ attributeRequest.setCountry(spCountryCode);
+ attributeRequest.setSpCountry(spCountryCode);
+ attributeRequest.setSpApplication(spApplication);
+ attributeRequest.setSpSector(spSector);
+ attributeRequest.setPersonalAttributeList(requestedAttributes);
+
+ attributeRequest.setCitizenCountryCode("AT");
+
+
+ Logger.info("STORK AttrRequest successfully assembled.");
+
+ STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP");
+ try {
+ attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest);
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Could not sign STORK SAML AttrRequest.", e);
+ throw new MOAIDException("stork.00", null);
+ }
+
+ Logger.info("STORK AttrRequest successfully signed!");
+
+ try {
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm");
+ VelocityContext context = new VelocityContext();
+ context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml()));
+ context.put("action", destination);
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ resp.getOutputStream().write(writer.toString().getBytes());
+ } catch (Exception e) {
+ Logger.error("Error sending STORK SAML AttrRequest.", e);
+ throw new MOAIDException("stork.11", null);
+ }
+ Logger.info("STORK AttrRequest successfully rendered!");
}
public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException {
- Logger.info("Parsing attribute: " + this.getClass().getName());
-
return null; //
}
+
}
+