add VIDP gateway process-flow to national infrastructure

5 files changed, 47 insertions, 12 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index ff294dc3d..68545e1c2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -100,6 +100,7 @@ public class SSOManager {
 
 		if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
 			Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+			return;
 			
 		}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 3bd827667..95597e0ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -22,7 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.stork2;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -38,6 +37,7 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 import eu.stork.peps.auth.commons.*;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
@@ -67,14 +67,11 @@ public class AuthenticationRequest implements IAction {
 
 
     private VelocityEngine velocityEngine;
-    private IAuthData authData = null;
     private MOASTORKRequest moaStorkRequest = null;
 
 
     public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
 
-        this.authData = authData;
-
         if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) {
 
             this.moaStorkRequest = (MOASTORKRequest) req;
@@ -111,7 +108,10 @@ public class AuthenticationRequest implements IAction {
                // }
 
                 // Get personal attributtes from MOA/IdentityLink
-                moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam));
+                
+                //build STORK attributes from local authentication information
+                if (authData != null)
+                	moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam));
             }
 
             //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -390,6 +390,10 @@ public class AuthenticationRequest implements IAction {
 
     public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
 
+    	//redirect to national PVP IDP infrastructure if special attributes are requested
+    	if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest)
+    		return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req);
+    	    	
 //        // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country
 //        if (req instanceof MOASTORKRequest) {
 //            MOASTORKRequest moastorkRequest = (MOASTORKRequest) req;
@@ -444,7 +448,7 @@ public class AuthenticationRequest implements IAction {
 
     }
 
-    public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) {
+    public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) {
 
         IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
         Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 440121417..57531992d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -23,11 +23,15 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 import eu.stork.peps.auth.commons.*;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
@@ -145,20 +149,23 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
 
             STORKAuthnRequest authnRequest = null;
             STORKAttrQueryRequest attrRequest = null;
-
-
+            
             // check if valid authn request is contained
             try {
                 authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
+                
             } catch (STORKSAMLEngineException ex) {
                 Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+                
             } catch (ClassCastException e) {
                 // we do not have a authnRequest
                 // check if a valid attr request is container
                 try {
                     attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken);
+                    
                 } catch (STORKSAMLEngineException ex) {
                     Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+                    
                 }
             }
 
@@ -176,11 +183,32 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
                 Logger.error("Exception, attributes: " + e.getMessage());
             }
 
-
             STORK2Request.setSTORKAuthnRequest(authnRequest);
             STORK2Request.setSTORKAttrRequest(attrRequest);
-
-
+            
+            //check if OA is instance of VIDP or STORKPVPGateway
+            OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL());
+            if (oaParam == null)
+                throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()});
+            
+            else {
+            	if (oaParam.isSTORKPVPGateway()) {
+            		if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) {
+            			Logger.info("Received request for STORK->PVP gateway. " +
+            					"Forward to PVP portal with entiyID " + oaParam.getSTORKPVPForwardEntity() +
+            					" ..." );
+            			STORK2Request.setRequestedIDP(oaParam.getSTORKPVPForwardEntity());
+            			
+            		} else {
+            			Logger.error("InterfederatedGateway configuration with ID " + STORK2Request.getOAURL() +
+            					" not configure a forward entityID.");
+            			throw new MOAIDException("", null);
+            			
+            		}
+            	}
+            	
+            }
+            
             return STORK2Request;
         } else {
             throw new MOAIDException("stork.14", null);  // TODO Specify message
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 9bfa14a7c..361c6b5ee 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -72,7 +72,8 @@ config.17=Fehler beim initialisieren von Hibernate
 config.18=Keine MOA-ID 2.x Konfiguration gefunden.

 config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.

 config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt

-config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.  

+config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.

+config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert.   

 

 parser.00=Leichter Fehler beim Parsen: {0}

 parser.01=Fehler beim Parsen: {0}

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 3f9cf2f1d..085625972 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -52,6 +52,7 @@ config.18=9199
 config.19=9199
 config.20=9199 
 config.21=9006
+config.22=9008
 
 parser.00=1101
 parser.01=1101