url fix, attribute comparison fix, samlengine profile fix

author: Florian Reimair <florian.reimair@iaik.tugraz.at> 2014-02-28 12:03:28 +0100
committer: Florian Reimair <florian.reimair@iaik.tugraz.at> 2014-02-28 12:05:18 +0100
commit: a04189917f59dcc532e088ad366da67e31f62ffd (patch)
tree: a19292ab71e89487ca2923d83da7886e4378ae96
parent: 9e830fb8f4aa758f0855ab422d398fa8bb0db32d (diff)
download: moa-id-spss-a04189917f59dcc532e088ad366da67e31f62ffd.tar.gz
moa-id-spss-a04189917f59dcc532e088ad366da67e31f62ffd.tar.bz2
moa-id-spss-a04189917f59dcc532e088ad366da67e31f62ffd.zip
2 files changed, 143 insertions, 53 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index b7fa37757..7801f9a54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -91,59 +91,149 @@ public class AttributeCollector implements IAction {
      * @throws MOAIDException 
      */
     public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
-    	// check if there are attributes we need to fetch
-    	IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
-    	IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
-    	List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
-    	for(PersonalAttribute current : requestAttributeList)
-    		if(!responseAttributeList.containsKey(current))
-    			missingAttributes.add(current);
-    	
-    	try {
-	    	// for each attribute still missing
-	    	for(PersonalAttribute currentAttribute : missingAttributes) {
-	    	// - check if we can find a suitable AttributeProvider Plugin
-				for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
-					try {
-						// - hand over control to the suitable plugin
-						IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
-
-						// - add the aquired attribute to the container
-						for(PersonalAttribute current : aquiredAttributes)
-							container.getResponse().getPersonalAttributeList().add(current);
-					} catch(UnsupportedAttributeException e) {
-						// ok, try the next attributeprovider
-					} catch(MOAIDException e) {
-						// the current plugin had an error. Try the next one.
-						// TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop
-					}
-	
-	    		}
-	    	}
-		} catch (ExternalAttributeRequestRequiredException e) {
-			// the attribute request is ongoing and requires an external service.
-			try {
-				// memorize the container again
-				// - generate new key
-				String newArtifactId = new SecureRandomIdentifierGenerator()
-						.generateIdentifier();
-
-				// - put container in temporary store.
-				AssertionStorage.getInstance().put(newArtifactId, container);
-
-				// add container-key to redirect embedded within the return URL
-				e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
-			} catch (Exception e1) {
-				// TODO should we return the response as is to the PEPS?
-				Logger.error("Error putting incomplete Stork response into temporary storage", e);
-				throw new MOAIDException("stork.11", null);
-			}
+        // check if there are attributes we need to fetch
+        this.httpResp = response;
+        this.container = container;
+
+        IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
+        IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
+        List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
+        for (PersonalAttribute current : requestAttributeList)
+            if (!responseAttributeList.containsKey(current.getName()))
+                missingAttributes.add(current);
+
+        // Try to get all missing attributes
+        try {
+            // for each attribute still missing
+            for (PersonalAttribute currentAttribute : missingAttributes) {
+                // - check if we can find a suitable AttributeProvider Plugin
+                for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) {
+                    try {
+                        // - hand over control to the suitable plugin
+                        IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession);
+
+                        // - add the aquired attribute to the container
+                        for (PersonalAttribute current : aquiredAttributes)
+                            container.getResponse().getPersonalAttributeList().add(current);
+                    } catch (UnsupportedAttributeException e) {
+                        // ok, try the next attributeprovider
+                    } catch (MOAIDException e) {
+                        // the current plugin had an error. Try the next one.
+                        // TODO we might want to add the non-fetchable attribute as "NotAvailable" to prevent an infinite loop
+                    }
+
+                }
+            }
+
+            // build response
+            generateSTORKResponse();
+
+            // set new http response
+            generateRedirectResponse();
+            response = httpResp;
+
+            return "12345"; // AssertionId
+
+        } catch (ExternalAttributeRequestRequiredException e) {
+            // the attribute request is ongoing and requires an external service.
+            try {
+                // memorize the container again
+                // - generate new key
+                String newArtifactId = new SecureRandomIdentifierGenerator()
+                        .generateIdentifier();
+                // - put container in temporary store.
+                AssertionStorage.getInstance().put(newArtifactId, container);
+
+                // add container-key to redirect embedded within the return URL
+                e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/dispatcher?mod=id_stork2&action=AttributeCollector&" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
+
+
+            } catch (Exception e1) {
+                // TODO should we return the response as is to the PEPS?
+                Logger.error("Error putting incomplete Stork response into temporary storage", e);
+                throw new MOAIDException("stork.11", null);
+            }
+
+            return "12345"; // TODO what to do here?
+        }
 
-			return "12345"; // TODO what to do here?
-		}
-    	// build response
-    	// done
-    	return "12345"; // AssertionId
+
+    }
+
+
+    private void generateSTORKResponse() throws MOAIDException {
+        STORKAuthnResponse authnResponse = container.getResponse();
+        STORKAuthnRequest authnRequest = container.getRequest();
+
+        try {
+            //Get SAMLEngine instance
+            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+            Logger.debug("Starting generation of SAML response");
+            authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false);
+
+            //generateSAML Token
+            Logger.info("SAML response succesfully generated!");
+        } catch (STORKSAMLEngineException e) {
+            Logger.error("Failed to generate STORK SAML Response", e);
+            throw new MOAIDException("stork.05", null);
+        }
+
+        Logger.info("STORK SAML Response message succesfully generated ");
+        String statusCodeValue = authnResponse.getStatusCode();
+
+        try {
+            Logger.debug("authn saml plain:" + authnResponse.getTokenSaml());
+            Logger.debug("authn saml string:" + new String(authnResponse.getTokenSaml())); // works
+            Logger.debug("authn saml encodedx: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+
+        container.setResponse(authnResponse);
+
+    }
+
+
+    private void generateRedirectResponse() {
+        STORKAuthnResponse authnResponse = container.getResponse();
+        STORKAuthnRequest authnRequest = container.getRequest();
+
+
+        // preparing redirection for the client
+
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+
+            context.put("SAMLResponse", new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+            Logger.debug("SAMLResponse original: " + new String(org.bouncycastle.util.encoders.Base64.encode(IOUtils.toString(authnResponse.getTokenSaml()).getBytes())));
+
+            Logger.debug("Putting assertion consumer url as action: " + authnRequest.getAssertionConsumerServiceURL());
+            context.put("action", authnRequest.getAssertionConsumerServiceURL());
+            Logger.debug("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.debug("Doing template merge");
+            template.merge(context, writer);
+            Logger.debug("Template merge done");
+
+            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+            Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
+
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+
+        //HttpSession httpSession = this.httpResp.getSession();
+        //httpSession.setAttribute("STORKSessionID", "12345");
+        //Logger.info("Status code again: " + authnResponse.getStatusCode());
+
+        //return "12345"; // AssertionId
     }
 
     /* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 318a8fc9c..01f0079ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -137,7 +137,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         }
 
         //Get SAMLEngine instance
-        STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
+        STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
 
         STORKAuthnRequest authnRequest = null;
         Logger.error("decsamltoken" +decSamlToken.toString());
author	Florian Reimair <florian.reimair@iaik.tugraz.at>	2014-02-28 12:03:28 +0100
committer	Florian Reimair <florian.reimair@iaik.tugraz.at>	2014-02-28 12:05:18 +0100
commit	a04189917f59dcc532e088ad366da67e31f62ffd (patch)
tree	a19292ab71e89487ca2923d83da7886e4378ae96
parent	9e830fb8f4aa758f0855ab422d398fa8bb0db32d (diff)
download	moa-id-spss-a04189917f59dcc532e088ad366da67e31f62ffd.tar.gz moa-id-spss-a04189917f59dcc532e088ad366da67e31f62ffd.tar.bz2 moa-id-spss-a04189917f59dcc532e088ad366da67e31f62ffd.zip