aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2014-03-04 13:23:37 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2014-03-04 17:07:35 +0100
commit4843bccbf840ae93f855ef6548683ee794593915 (patch)
treef9072cc10faa2154e7063cbcd7bc2a81d1c7aed8
parente503775e1b98bb9ff5ed188a5ff574026c022461 (diff)
downloadmoa-id-spss-4843bccbf840ae93f855ef6548683ee794593915.tar.gz
moa-id-spss-4843bccbf840ae93f855ef6548683ee794593915.tar.bz2
moa-id-spss-4843bccbf840ae93f855ef6548683ee794593915.zip
vidp can handle attrquery and authnrequest
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java75
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java16
6 files changed, 169 insertions, 77 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index bd32bfc78..5f46153af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -19,8 +19,6 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
import org.apache.velocity.Template;
@@ -183,15 +181,18 @@ public class AttributeCollector implements IAction {
* @throws MOAIDException the mOAID exception
*/
private void generateSTORKResponse(DataContainer container) throws MOAIDException {
- STORKAuthnResponse authnResponse = container.getResponse();
- STORKAuthnRequest authnRequest = container.getRequest();
+ MOASTORKRequest request = container.getRequest();
+ MOASTORKResponse response = container.getResponse();
try {
//Get SAMLEngine instance
STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
Logger.debug("Starting generation of SAML response");
- authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false);
-
+ if(response.isAuthnResponse())
+ response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
+ else
+ response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
+
//generateSAML Token
Logger.info("SAML response succesfully generated!");
} catch (STORKSAMLEngineException e) {
@@ -200,11 +201,6 @@ public class AttributeCollector implements IAction {
}
Logger.info("STORK SAML Response message succesfully generated ");
- Logger.debug("authn saml plain:" + authnResponse.getTokenSaml());
- Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml()));
- Logger.debug("authn saml encodedx: " + PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()));
-
- container.setResponse(authnResponse);
}
/**
@@ -214,17 +210,23 @@ public class AttributeCollector implements IAction {
* @param container the container
*/
private void generateRedirectResponse(HttpServletResponse httpResp, DataContainer container) {
- STORKAuthnResponse authnResponse = container.getResponse();
- STORKAuthnRequest authnRequest = container.getRequest();
+ MOASTORKResponse authnResponse = container.getResponse();
+ MOASTORKRequest authnRequest = container.getRequest();
// preparing redirection for the client
try {
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
VelocityContext context = new VelocityContext();
-
- context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(authnResponse.getTokenSaml()).getBytes());
- Logger.debug("SAMLResponse original: " + new String(authnResponse.getTokenSaml()).getBytes());
+
+ byte[] blob;
+ if(authnRequest.isAttrRequest())
+ blob = authnResponse.getStorkAttrQueryResponse().getTokenSaml();
+ else
+ blob = authnResponse.getStorkAuthnResponse().getTokenSaml();
+
+ context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob).getBytes());
+ Logger.debug("SAMLResponse original: " + new String(blob).getBytes());
Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());
context.put("action", authnRequest.getAssertionConsumerServiceURL());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 18d0b479e..619935abe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -44,61 +44,55 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Entering MOASTORKRequest");
httpResp.reset();
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+ MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
+
// check if it is attribute query
if (moaStorkRequest.isAttrRequest()) {
Logger.debug("Starting AttrQueryRequest");
- STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
- IPersonalAttributeList personalAttributeList = moaStorkRequest.getStorkAttrQueryRequest().getPersonalAttributeList();
-
- // TODO Check if this instance is eligible to fetch attributes locally, assuming yes
-
- return (new AttributeCollector()).processRequest(req, httpReq, httpResp, moasession);
-
- } else
- // check if we have authentication request
- if (moaStorkRequest.isAuthnRequest()) {
- Logger.debug("Starting AuthenticationRequest");
-
- STORKAuthnResponse authnResponse = new STORKAuthnResponse();
- authnResponse.setCountry(moaStorkRequest.getStorkAuthnRequest().getSpCountry());
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
-
- // Get personal attributtes from MOA/IdentityLink
- authnResponse.setPersonalAttributeList(populateAttributes());
+
+ moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse());
+ }
+ // check if we have authentication request
+ else if (moaStorkRequest.isAuthnRequest()) {
+ Logger.debug("Starting AuthenticationRequest");
- // Prepare extended attributes
- Logger.debug("Preparing data container");
+ moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse());
+ // Get personal attributtes from MOA/IdentityLink
+ moaStorkResponse.setPersonalAttributeList(populateAttributes());
+ }
+
+ moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
- // create fresh container
- DataContainer container = new DataContainer();
+ // Prepare extended attributes
+ Logger.debug("Preparing data container");
- // - fill in the request we extracted above
- container.setRequest(moaStorkRequest.getStorkAuthnRequest());
+ // create fresh container
+ DataContainer container = new DataContainer();
- // - fill in the partial response created above
- container.setResponse(authnResponse);
+ // - fill in the request we extracted above
+ container.setRequest(moaStorkRequest);
- // - memorize the target url were we have to return the result
- container.setTarget(moaStorkRequest.getStorkAuthnRequest().getAssertionConsumerServiceURL());
+ // - fill in the partial response created above
+ container.setResponse(moaStorkResponse);
- container.setRemoteAddress(httpReq.getRemoteAddr());
+ // - memorize the target url were we have to return the result
+ container.setTarget(moaStorkRequest.getAssertionConsumerServiceURL());
+ container.setRemoteAddress(httpReq.getRemoteAddr());
- Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ Logger.debug("Data container prepared");
- }
+ return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
} else {
Logger.error("Could not recognize request.");
throw new MOAIDException("stork.15", null);
}
-
- return null;
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
index a1c40526d..74239318b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/DataContainer.java
@@ -2,10 +2,6 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import java.io.Serializable;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-
-// TODO: Auto-generated Javadoc
/**
* Holds info about an ongoing but yet incomplete stork authnrequest process.
*/
@@ -15,10 +11,10 @@ public class DataContainer implements Serializable {
private static final long serialVersionUID = -8765997480582363012L;
/** The incoming request. */
- private STORKAuthnRequest request;
+ private MOASTORKRequest request;
/** The yet incomplete response. */
- private STORKAuthnResponse response;
+ private MOASTORKResponse response;
/** The target. */
private String target;
@@ -31,17 +27,17 @@ public class DataContainer implements Serializable {
*
* @return the request
*/
- public STORKAuthnRequest getRequest() {
+ public MOASTORKRequest getRequest() {
return request;
}
/**
* Sets the request.
*
- * @param request the new request
+ * @param moaStorkRequest the new request
*/
- public void setRequest(STORKAuthnRequest request) {
- this.request = request;
+ public void setRequest(MOASTORKRequest moaStorkRequest) {
+ this.request = moaStorkRequest;
}
/**
@@ -49,17 +45,17 @@ public class DataContainer implements Serializable {
*
* @return the response
*/
- public STORKAuthnResponse getResponse() {
+ public MOASTORKResponse getResponse() {
return response;
}
/**
* Sets the response.
*
- * @param response the new response
+ * @param moaStorkResponse the new response
*/
- public void setResponse(STORKAuthnResponse response) {
- this.response = response;
+ public void setResponse(MOASTORKResponse moaStorkResponse) {
+ this.response = moaStorkResponse;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 47a86174f..fa7db82c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,7 +1,10 @@
package at.gv.egovernment.moa.id.protocols.stork2;
+import java.io.Serializable;
+
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
@@ -11,8 +14,9 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;
* @author bsuzic
*/
-public class MOASTORKRequest implements IRequest {
- private String requestID;
+public class MOASTORKRequest implements IRequest, Serializable {
+ private static final long serialVersionUID = 4581953368724501376L;
+ private String requestID;
private String target = null;
String module = null;
String action = null;
@@ -102,4 +106,25 @@ public class MOASTORKRequest implements IRequest {
public String getRequestID() {
return this.requestID;
}
+
+ public IPersonalAttributeList getPersonalAttributeList() {
+ if(isAttrRequest())
+ return this.storkAttrQueryRequest.getPersonalAttributeList();
+ else
+ return this.storkAuthnRequest.getPersonalAttributeList();
+ }
+
+ public String getSpCountry() {
+ if(isAttrRequest())
+ return this.storkAttrQueryRequest.getSpCountry();
+ else
+ return this.storkAuthnRequest.getSpCountry();
+ }
+
+ public String getAssertionConsumerServiceURL() {
+ if(isAttrRequest())
+ return this.storkAttrQueryRequest.getAssertionConsumerServiceURL();
+ else
+ return this.storkAuthnRequest.getAssertionConsumerServiceURL();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
new file mode 100644
index 000000000..36f5a80b4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -0,0 +1,75 @@
+package at.gv.egovernment.moa.id.protocols.stork2;
+
+import java.io.Serializable;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+
+/**
+ * Implements MOA request and stores StorkAuthn/Attr-Request related data
+ *
+ * @author bsuzic
+ */
+
+public class MOASTORKResponse implements Serializable {
+ private static final long serialVersionUID = -5798803155055518747L;
+ private STORKAuthnResponse storkAuthnRequest;
+ private STORKAttrQueryResponse storkAttrQueryRequest;
+ private boolean isAttrRequest = false;
+ private boolean isAuthnRequest = false;
+
+ public void setSTORKAuthnResponse(STORKAuthnResponse request) {
+ this.storkAuthnRequest = request;
+ if (request != null) {
+ isAuthnRequest = true;
+ }
+ }
+
+ public void setSTORKAttrResponse(STORKAttrQueryResponse request) {
+ this.storkAttrQueryRequest = request;
+ if (request != null) {
+ isAttrRequest = true;
+ }
+ }
+
+ public boolean isAttrResponse() {
+ return this.isAttrRequest;
+ }
+
+ public boolean isAuthnResponse() {
+ return this.isAuthnRequest;
+ }
+
+
+ public STORKAuthnResponse getStorkAuthnResponse() {
+ return this.storkAuthnRequest;
+ }
+
+ public STORKAttrQueryResponse getStorkAttrQueryResponse() {
+ return this.storkAttrQueryRequest;
+ }
+
+ public IPersonalAttributeList getPersonalAttributeList() {
+ if(isAttrResponse())
+ return this.storkAttrQueryRequest.getPersonalAttributeList();
+ else
+ return this.storkAuthnRequest.getPersonalAttributeList();
+ }
+
+ public void setPersonalAttributeList(PersonalAttributeList populateAttributes) {
+ if(isAttrResponse())
+ this.storkAttrQueryRequest.setPersonalAttributeList(populateAttributes);
+ else
+ this.storkAuthnRequest.setPersonalAttributeList(populateAttributes);
+ }
+
+ public void setCountry(String spCountry) {
+ if(isAttrResponse())
+ this.storkAttrQueryRequest.setCountry(spCountry);
+ else
+ this.storkAuthnRequest.setCountry(spCountry);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index e68b66510..d2f2ff663 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -102,14 +102,14 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken);
} catch (STORKSAMLEngineException ex) {
Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
- }
-
-
- // check if a valid attr request is container
- try {
- attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken);
- } catch (STORKSAMLEngineException ex) {
- Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+ } catch(ClassCastException e) {
+ // we do not have a authnRequest
+ // check if a valid attr request is container
+ try {
+ attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken);
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+ }
}
// if there is no authn or attr request, raise error