diff options
author | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2016-01-15 15:24:19 +0100 |
---|---|---|
committer | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2016-01-15 15:24:50 +0100 |
commit | a8a923ddda874437efb87c9fdecfb65dd722fed0 (patch) | |
tree | 25d7a037e289e56fca051bc2da351cd03b0847bb | |
parent | eecc9331869975937ec8c191a769b5939f8c01c1 (diff) | |
download | moa-id-spss-a8a923ddda874437efb87c9fdecfb65dd722fed0.tar.gz moa-id-spss-a8a923ddda874437efb87c9fdecfb65dd722fed0.tar.bz2 moa-id-spss-a8a923ddda874437efb87c9fdecfb65dd722fed0.zip |
moa can do outbound eidas
3 files changed, 192 insertions, 5 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java index 3144d08e8..6adefdb86 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java @@ -22,14 +22,45 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.eidas; +import java.io.StringWriter; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.Map.Entry; + +import iaik.pkcs.pkcs11.objects.Object; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.springframework.format.datetime.DateFormatter; + +import eu.eidas.auth.commons.EIDASAuthnResponse; +import eu.eidas.auth.commons.EIDASStatusCode; +import eu.eidas.auth.commons.EIDASUtil; +import eu.eidas.auth.commons.PersonalAttribute; +import eu.eidas.auth.engine.EIDASSAMLEngine; +import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes; +import eu.eidas.auth.engine.core.eidas.EidasConstants; +import eu.eidas.auth.engine.metadata.MetadataUtil; +import eu.stork.peps.auth.commons.PEPSUtil; + /** * Second request step - after authentication of the user is done and moasession obtained, @@ -42,7 +73,90 @@ public class AuthenticationRequest implements IAction { @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - // TODO Auto-generated method stub + EIDASData eidasRequest; + if(req instanceof EIDASData) + eidasRequest = (EIDASData) req; + else + throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()}); + + + // gather attributes + MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone(); + + for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) { + String newValue = ""; + + switch(current.getKey()) { + case "DateOfBirth": newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break; + case "CurrentFamilyName": newValue = authData.getFamilyName();break; + case "CurrentGivenName": newValue = authData.getGivenName();break; + case "PersonIdentifier": newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), + eidasRequest.getTarget()); break; + } + + if("".equals(newValue)) + current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString()); + else { + current.getValue().getValue().clear(); + current.getValue().getValue().add(newValue); + current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString()); + } + } + + // construct eIDaS response + EIDASAuthnResponse response = new EIDASAuthnResponse(); + response.setPersonalAttributeList(resultingAttributeList); + response.setIssuer("http://localhost:12344/moa-id-auth/eidas/metadata"); + response.setAssuranceLevel(authData.getEIDASQAALevel()); + + String token = null; + try { + EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(); + + // check if we have the destination available, supply it if not + if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) { + String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata( + new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), + engine, + eidasRequest.getEidasRequest()); + eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl); + } + + response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true); + + + token = EIDASUtil.encodeSAMLToken(response.getTokenSaml()); + } catch(Exception e) { + e.printStackTrace(); + } + + // send the response + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); + VelocityContext context = new VelocityContext(); + + context.put("SAMLResponse", token); + Logger.debug("SAMLResponse original: " + token); + + Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()); + context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()); + Logger.trace("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.trace("Doing template merge"); + template.merge(context, writer); + Logger.trace("Template merge done"); + + Logger.trace("Sending html content: " + writer.getBuffer().toString()); + Logger.trace("Sending html content2 : " + new String(writer.getBuffer())); + + httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); + + } catch (Exception e) { + Logger.error("Velocity error: " + e.getMessage()); + } + return null; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 6f9a04e28..0bedf0432 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -4,10 +4,11 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; +import eu.eidas.auth.commons.EIDASAuthnRequest; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.moduls.RequestImpl; -public class EIDASRequest extends RequestImpl { +public class EIDASData extends RequestImpl { /** The Constant serialVersionUID. */ private static final long serialVersionUID = 8765755670214923910L; @@ -15,9 +16,69 @@ public class EIDASRequest extends RequestImpl { /** The attributes requested by the eIDaS. */ private MOAPersonalAttributeList attributes; + /** The incoming eIDaS SAML2 AuthnRequest. */ + private EIDASAuthnRequest authnRequest; + + /** The ip address of the requester. */ + private String remoteIPAddress; + @Override public List<Attribute> getRequestedAttributes() { // TODO Auto-generated method stub return null; } + + /** + * Gets the eidas requested attributes. + * + * @return the requested attributes + */ + public MOAPersonalAttributeList getEidasRequestedAttributes() { + return (MOAPersonalAttributeList) attributes.clone(); + } + + /** + * Sets the eidas requested attributes. + * + * @param personalAttributeList the requested attributes + */ + public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) { + attributes = personalAttributeList; + } + + /** + * Gets the eidas request. + * + * @return the eidas request + */ + public EIDASAuthnRequest getEidasRequest() { + return authnRequest; + } + + /** + * Sets the eidas request. + * + * @param request the new eidas request + */ + public void setEidasRequest(EIDASAuthnRequest request) { + authnRequest = request; + } + + /** + * Gets the remote address. + * + * @return the remote address + */ + public String getRemoteAddress() { + return remoteIPAddress; + } + + /** + * Sets the remote address. + * + * @param remoteIP the new remote address + */ + public void setRemoteAddress(String remoteIP) { + remoteIPAddress = remoteIP; + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 3e2122315..a94e136b4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.eidas; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -101,12 +102,23 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken); // memorize important stuff - EIDASRequest result = new EIDASRequest(); + EIDASData result = new EIDASData(); + + // - memorize remote ip + result.setRemoteAddress(request.getRemoteAddr()); + + // - memorize country code of target country + result.setTarget(samlReq.getCountry()); + // - memorize requested attributes - // TODO memorize requested attributes + result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList())); + // - memorize whole request + samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list + result.setEidasRequest(samlReq); + // - memorize OA url - result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url? + result.setOAURL(samlReq.getIssuer()); // - memorize OA config OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL()); |