aboutsummaryrefslogtreecommitdiff
path: root/id/oa/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-07 09:52:08 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-07 09:52:08 +0100
commit1fe0dfe4e142ddffbd42c8b58ac6163e47d73f7d (patch)
tree054075aaa641711e05cf58c0d6d2fa676119b770 /id/oa/src/main/java/at/gv
parentb69e4ed34b92294e55626a1ab31d2cdfb2a7fb16 (diff)
downloadmoa-id-spss-1fe0dfe4e142ddffbd42c8b58ac6163e47d73f7d.tar.gz
moa-id-spss-1fe0dfe4e142ddffbd42c8b58ac6163e47d73f7d.tar.bz2
moa-id-spss-1fe0dfe4e142ddffbd42c8b58ac6163e47d73f7d.zip
add eIDAS MS Proxy-Service simulator into demo OA
Diffstat (limited to 'id/oa/src/main/java/at/gv')
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java5
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java73
2 files changed, 77 insertions, 1 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index d6c14fd07..07edb250d 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -196,6 +196,11 @@ public class Configuration {
return props.getProperty("general.login.pvp2.sp.requesterId");
}
+ public boolean isEidasProxySimulatorEnabled() {
+ return Boolean.parseBoolean(
+ props.getProperty("general.login.pvp2.sp.eidas.proxy.simulation", "false"));
+ }
+
public boolean setNameIdPolicy() {
return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.nameIDPolicy", "true"));
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4e8e12499..d4c67cfae 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -23,7 +23,9 @@
package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
import java.io.IOException;
+import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
+import java.text.MessageFormat;
import java.util.Map;
import javax.servlet.ServletException;
@@ -34,6 +36,7 @@ import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.app.VelocityEngine;
@@ -45,6 +48,7 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
@@ -60,13 +64,25 @@ import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver;
import at.gv.egovernment.moa.id.demoOA.Configuration;
import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
@@ -215,6 +231,11 @@ public class Authenticate extends HttpServlet {
}
+ if (config.isEidasProxySimulatorEnabled()) {
+ authReq = injectEidasMsProxyAttributes(request, authReq);
+
+ }
+
//sign authentication request
KeyStore keyStore = config.getPVP2KeyStore();
@@ -284,7 +305,57 @@ public class Authenticate extends HttpServlet {
}
}
- /**
+
+ private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq)
+ throws SAXException, IOException, ParserConfigurationException, MarshallingException, UnmarshallingException {
+
+ //build extension from template
+ String xmlTemplate = IOUtils.toString(
+ Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"),
+ StandardCharsets.UTF_8);
+
+ String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, "eidasCountry", "DE");
+ String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high");
+ String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", "test");
+ String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector);
+ log.debug("Formated requested attributes: " + xmlString);
+
+ Document extension = DOMUtils.parseDocument(xmlString, false, null, null);
+
+
+ //marshalle, inject, and unmarshalle request to set extension
+ //TODO: find better solution, be it is good enough for a first simple test
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(authReq);
+ out.marshall(authReq, document);
+
+ Node extElement = document.importNode(extension.getDocumentElement(), true);
+ //document.getDocumentElement().appendChild(extElement);
+ document.getDocumentElement().insertBefore(extElement, document.getChildNodes().item(2));
+
+ Unmarshaller in = org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(document.getDocumentElement());
+ return (AuthnRequest) in.unmarshall(document.getDocumentElement());
+
+ }
+
+
+ private String getParameterOrDefault(HttpServletRequest request, String paramName, String defaultValue) {
+ String reqParam = request.getParameter(paramName);
+ if (MiscUtil.isEmpty(reqParam)) {
+ return defaultValue;
+
+ } else {
+ return reqParam;
+
+ }
+
+ }
+
+
+ /**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
*/