Merge branch 'development_preview' into 'master'

Development preview

See merge request egiz/moa-idspss!2

3 files changed, 78 insertions, 15 deletions

diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index ebf7dd439..1522121d2 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -4,7 +4,7 @@
     <parent>
   		<groupId>MOA</groupId>
     	<artifactId>id</artifactId>
-    	<version>4.1.4</version>
+    	<version>4.1.5</version>
   	</parent>
     
     <modelVersion>4.0.0</modelVersion>
@@ -17,19 +17,6 @@
     <properties>
         <repositoryPath>${basedir}/../../repository</repositoryPath>
     </properties>
-
-		<repositories>
-			<repository>
-				<id>shibboleth.internet2.edu</id>
-				<name>Internet2</name>
-				<url>https://apps.egiz.gv.at/shibboleth_nexus/</url>
-			</repository>
-            <repository>
-                <id>IAIK Local</id>
-                <name>iaik/libs</name>
-                <url>https://apps.egiz.gv.at/maven/</url>
-            </repository>
-		</repositories>
     
     <build>
         <finalName>oa</finalName>
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index d6c14fd07..07edb250d 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -196,6 +196,11 @@ public class Configuration {
 		return props.getProperty("general.login.pvp2.sp.requesterId");
 	}
 	
+  public boolean isEidasProxySimulatorEnabled() {
+    return Boolean.parseBoolean(
+        props.getProperty("general.login.pvp2.sp.eidas.proxy.simulation", "false"));
+	}
+	
 	public boolean setNameIdPolicy() {
 			return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.nameIDPolicy", "true"));
 	}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4e8e12499..d4c67cfae 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -23,7 +23,9 @@
 package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.security.KeyStore;
+import java.text.MessageFormat;
 import java.util.Map;
 
 import javax.servlet.ServletException;
@@ -34,6 +36,7 @@ import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
+import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.app.VelocityEngine;
@@ -45,6 +48,7 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
 import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml2.common.Extensions;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.AuthnRequest;
@@ -60,13 +64,25 @@ import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
 import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
 import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.schema.XSAny;
 import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver;
 import at.gv.egovernment.moa.id.demoOA.Configuration;
 import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
@@ -215,6 +231,11 @@ public class Authenticate extends HttpServlet {
 				
 			}
 			
+			if (config.isEidasProxySimulatorEnabled()) {
+			  authReq = injectEidasMsProxyAttributes(request, authReq);
+			  
+			}
+			
 			
 			//sign authentication request
 			KeyStore keyStore = config.getPVP2KeyStore();
@@ -284,7 +305,57 @@ public class Authenticate extends HttpServlet {
 		}
 	}
 
-	/**
+
+	private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq) 
+	    throws SAXException, IOException, ParserConfigurationException, MarshallingException, UnmarshallingException {
+	  
+	  //build extension from template
+	  String xmlTemplate = IOUtils.toString(
+	      Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"), 
+	      StandardCharsets.UTF_8);
+	  	  	
+	  String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, "eidasCountry", "DE");
+    String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high");
+    String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", "test");
+    String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector);	  
+    log.debug("Formated requested attributes: " + xmlString);
+    
+    Document extension = DOMUtils.parseDocument(xmlString, false, null, null);	  
+	  
+    
+    //marshalle, inject, and unmarshalle request to set extension
+    //TODO: find better solution, be it is good enough for a first simple test
+    DocumentBuilder builder;
+    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();    
+    builder = factory.newDocumentBuilder();
+    Document document = builder.newDocument();
+    Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(authReq);
+    out.marshall(authReq, document);
+    
+    Node extElement = document.importNode(extension.getDocumentElement(), true);    
+    //document.getDocumentElement().appendChild(extElement);
+    document.getDocumentElement().insertBefore(extElement, document.getChildNodes().item(2));
+    
+    Unmarshaller in = org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(document.getDocumentElement());
+    return (AuthnRequest) in.unmarshall(document.getDocumentElement());
+        
+  }
+	
+	
+  private String getParameterOrDefault(HttpServletRequest request, String paramName, String defaultValue) {
+    String reqParam = request.getParameter(paramName);
+    if (MiscUtil.isEmpty(reqParam)) {
+      return defaultValue;
+      
+    } else {
+      return reqParam;
+      
+    }
+    
+  }
+
+
+  /**
 	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
 	 *      response)
 	 */