diff options
| author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-04-17 17:49:50 +0200 | 
|---|---|---|
| committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-04-17 17:49:50 +0200 | 
| commit | 9f7103359b06b3cd7bff6073edf18142c21cef9a (patch) | |
| tree | 6a76e849375e85f245ce00ef6bd5467c68695975 | |
| parent | 864ec32bc1e902615c2af23341f55faeaa81a120 (diff) | |
| download | moa-id-spss-9f7103359b06b3cd7bff6073edf18142c21cef9a.tar.gz moa-id-spss-9f7103359b06b3cd7bff6073edf18142c21cef9a.tar.bz2 moa-id-spss-9f7103359b06b3cd7bff6073edf18142c21cef9a.zip | |
refactoring again
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 170 | 
1 files changed, 84 insertions, 86 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index dc30e4e12..599d0c302 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -19,7 +19,9 @@ import org.apache.velocity.Template;  import org.apache.velocity.VelocityContext;  import org.apache.velocity.app.VelocityEngine;  import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.impl.AudienceRestrictionBuilder; +import org.opensaml.saml2.core.impl.AudienceRestrictionImpl;  import org.w3c.dom.Element;  import org.w3c.dom.NamedNodeMap; @@ -27,7 +29,8 @@ import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import java.io.IOException;  import java.io.StringWriter; -import java.security.NoSuchAlgorithmException; +import java.net.MalformedURLException; +import java.net.URL;  /** @@ -49,12 +52,7 @@ public class AuthenticationRequest implements IAction {          this.moaSession = moasession; -        Logger.info("CPEPS " + AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS("SI").getPepsURL().toString()); - - -        //AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap(). - -        if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) { +        if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) {              this.moaStorkRequest = (MOASTORKRequest) req; @@ -78,20 +76,18 @@ public class AuthenticationRequest implements IAction {                  Logger.debug("Starting AuthenticationRequest");                  moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); -                  STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");                  Logger.debug("Starting generation of SAML response");                  try {                      moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false));                  } catch (STORKSAMLEngineException ex) { -                    // TODO +                    Logger.error("Failed to generate STORK SAML Response", ex); +                    throw new MOAIDException("stork.05", null);                  // TODO                  }                  // Get personal attributtes from MOA/IdentityLink                  moaStorkResponse.setPersonalAttributeList(populateAttributes()); - -              }              //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); @@ -110,60 +106,66 @@ public class AuthenticationRequest implements IAction {              container.setRemoteAddress(httpReq.getRemoteAddr()); - -            STORKAuthnResponse arep = moaStorkResponse.getStorkAuthnResponse(); - - -            arep.setCountry("XX"); -            arep.setInResponseTo("xxxx"); -            arep.setMessage("xxxx"); -            arep.setSamlId("xxxx"); -            arep.setStatusCode("xxxx"); - -            // arep.setNotBefore(new DateTime().withTimeAtStartOfDay()); -            // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay()); - -              Logger.debug("Data container prepared");              return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); -        }  // check if we are getting request for citizen of some other country -        else if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) { - -            // - generate new key -            String artifactId = null; -            try { -                artifactId = new SecureRandomIdentifierGenerator().generateIdentifier(); -            } catch (NoSuchAlgorithmException e) { -                e.printStackTrace(); -            } - +        } +        // check if we are getting request for citizen of some other country +        else if (req instanceof MOASTORKRequest) {              STORKAuthnRequest spAuthnRequest = ((MOASTORKRequest) req).getStorkAuthnRequest(); -            STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); +            STORKAuthnRequest storkAuthnRequest = null; + +            String citizenCountryCode = spAuthnRequest.getCitizenCountryCode(); +            Logger.info("Got authentication request for citizen of " + citizenCountryCode);              try {                  storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone();              } catch (CloneNotSupportedException e) { -                e.printStackTrace(); +                Logger.error("Could not clone AuthnRequest ", e); +                throw new MOAIDException("stork.05", null); // TODO              } -            storkAuthnRequest.setIssuer("VIDP"); -            storkAuthnRequest.setAssertionConsumerServiceURL("https://vm-stork2-vidp:8443/moa-id-auth/stork2/SendPEPSAuthnRequest"); -            storkAuthnRequest.setSamlId(artifactId); -            String publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); -            if (publicURLPrefix == null) -                throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); +            // check if citizen country is configured in the system +            if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { +                Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); +                throw new MOAIDException("stork.05", null); // TODO +            } +            // extracting basic settings and adjusting assertion consumer +            String issuer = null; +            String assertionConsumerURL = null; +            String publicURLPrefix = null; +            String destinationURL = null; -            DataContainer originalRequest = new DataContainer(); -            originalRequest.setRequest((MOASTORKRequest) req); +            try { +                issuer = new URL(AuthConfigurationProvider.getInstance().getPublicURLPrefix()).toString(); +                destinationURL = AuthConfigurationProvider.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString(); +                publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); +                assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest"; +            } catch (MalformedURLException ex) { +                Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix(), ex); +                throw new MOAIDException("stork.05", null); // TODO +            } catch (Exception ex) { +                Logger.error("Problem with PEPS configuration of MOA instance.", ex); +                throw new MOAIDException("stork.05", null); // TODO +            } -            // preparing redirection for the client +            // drop if we do not have publicprefix url configured on the instance +            if (publicURLPrefix == null) +                throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); -            //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest(); +            // adjusting request +            storkAuthnRequest.setEIDCrossBorderShare(spAuthnRequest.isEIDCrossBorderShare()); +            storkAuthnRequest.setEIDSectorShare(spAuthnRequest.isEIDSectorShare()); +            storkAuthnRequest.setEIDCrossSectorShare(spAuthnRequest.isEIDCrossSectorShare()); +            storkAuthnRequest.setCitizenCountryCode(spAuthnRequest.getCitizenCountryCode()); +            storkAuthnRequest.setIssuer(issuer); +            storkAuthnRequest.setAssertionConsumerServiceURL(assertionConsumerURL); +            storkAuthnRequest.setDestination(destinationURL); +            // regenerate request              try {                  //Get SAMLEngine instance                  STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); @@ -177,49 +179,26 @@ public class AuthenticationRequest implements IAction {                  throw new MOAIDException("stork.05", null);              } +            // store original request from SP in order to be able to extract it in later iteration/response +            DataContainer spRequestContainer = new DataContainer(); +            spRequestContainer.setRequest((MOASTORKRequest) req); -            // store original request from sp in order to be able to extract it in later iteration/response              try { -                AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest); -                Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request"); +                AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), spRequestContainer); +                Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request with id " + spAuthnRequest.getSamlId());              } catch (MOADatabaseException e) {                  e.printStackTrace();              } -            byte[] blob; -            try { - -                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); -                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); -                VelocityContext context = new VelocityContext(); -                blob = storkAuthnRequest.getTokenSaml(); - -                context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob)); -                Logger.debug("SAMLRequest original: " + new String(blob)); - -                Logger.debug("Putting url as action: " + "https://peps-test.mju.gov.si/PEPS/ColleagueRequest"); -                context.put("action", "https://peps-test.mju.gov.si/PEPS/ColleagueRequest"); -                Logger.debug("Starting template merge"); -                StringWriter writer = new StringWriter(); - -                Logger.debug("Doing template merge"); -                template.merge(context, writer); -                Logger.debug("Template merge done"); - -                Logger.debug("Sending html content: " + writer.getBuffer().toString()); -                Logger.debug("Sending html content2  : " + new String(writer.getBuffer())); - -                httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes()); - -            } catch (Exception e) { -                Logger.error("Velocity error: " + e.getMessage()); -            } +            // preparing redirection for the client +            performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp);              return "xxxx";// TODO -        } else if ((req instanceof MOASTORKResponse)) { -            // Check if we got the response from PEPS -            // If so then process it and forward to SP +        } +        // Check if we got the response from PEPS +        // If so then process it and forward to SP +        else if ((req instanceof MOASTORKResponse)) {              return handleMOAStorkResponse("VIDP", (MOASTORKResponse) req, httpReq.getRemoteAddr(), httpResp);          } else {              Logger.error("Could not recognize request."); @@ -227,6 +206,11 @@ public class AuthenticationRequest implements IAction {          }      } + +    private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) { + +    } +      /*      Handles STORKAuthnResponse received from PEPS (return to SP)       */ @@ -257,6 +241,10 @@ public class AuthenticationRequest implements IAction {          // setting new reference request and return url          authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId());          authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL()); +        //AudienceRestrictionBuilder audienceRestrictionBuilder = new AudienceRestrictionBuilder(); +        //AudienceRestriction audienceRestriction = audienceRestrictionBuilder.buildObject(dataContainer.getRequest().getAssertionConsumerServiceURL(), "localname", "nameprefix"); + +        //authnResponse.getAssertions().get(0).getConditions().getAudienceRestrictions().add(audienceRestriction);          Logger.debug("Starting generation of SAML response");          try { @@ -372,11 +360,21 @@ public class AuthenticationRequest implements IAction {      public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { +        // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country          if (req instanceof MOASTORKRequest) { -            if (((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) { -                return false; - +            MOASTORKRequest moastorkRequest = (MOASTORKRequest) req; +            if (moastorkRequest.getStorkAuthnRequest() != null) { +                String citizenCountryCode = moastorkRequest.getStorkAuthnRequest().getCitizenCountryCode(); +                // check if citizen country is configured in the system +                try { +                    if (AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode)) { +                        return false; +                    } +                } catch (MOAIDException e) { +                    Logger.error("Could not initialize AuthConfigurationProvider"); +                }              } +            // authentication is not required if received authentication response          } else if (req instanceof MOASTORKResponse) {              return false;          } | 
