add interfederation attribute query

1 files changed, 178 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
new file mode 100644
index 000000000..71d1c26d4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import edu.emory.mathcs.backport.java.util.Arrays;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AttributQueryAction implements IAction {
+
+	@SuppressWarnings("unchecked")
+	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
+			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
+	
+	@SuppressWarnings("unchecked")
+	private final static List<String> DEFAULTMANDATEATTRIBUTES = Arrays.asList(
+			new String[]{	PVPConstants.MANDATE_FULL_MANDATE_NAME, 
+							PVPConstants.MANDATE_PROF_REP_OID_NAME});
+	
+
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+	 */
+	@Override
+	public SLOInformationInterface processRequest(IRequest req,
+			HttpServletRequest httpReq, HttpServletResponse httpResp,
+			IAuthData authData) throws MOAIDException {
+		
+		if (req instanceof PVPTargetConfiguration && 
+				((PVPTargetConfiguration) req).getRequest() instanceof MOARequest && 
+				((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+			
+			AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest();			
+			
+			//load moaSession
+			String nameID = attrQuery.getSubject().getNameID().getValue();
+			
+			AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID);
+			if (session == null) {
+				Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
+				throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null);
+				
+			}
+
+			DateTime date = new DateTime();
+			
+			//generate authData
+			authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
+
+			//add default attributes in case of mandates or STORK is in use
+			List<String> attrList = addDefaultAttributes(attrQuery, authData);			
+
+			//build PVP 2.1 assertion
+			Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex());
+			
+			//build PVP 2.1 response
+			Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion);
+						
+			try {
+				SoapBinding decoder = new SoapBinding();				
+				decoder.encodeRespone(httpReq, httpResp, authResponse, null, null);
+				return null;
+				
+			} catch (MessageEncodingException e) {
+				Logger.error("Message Encoding exception", e);
+				throw new MOAIDException("pvp2.01", null, e);
+				
+			} catch (SecurityException e) {
+				Logger.error("Security exception", e);
+				throw new MOAIDException("pvp2.01", null, e);
+
+			}
+			
+		} else {
+			Logger.error("Process AttributeQueryAction but request is NOT of type AttributQuery.");
+			throw new MOAIDException("pvp2.13", null);
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+			HttpServletResponse httpResp) {
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+	 */
+	@Override
+	public String getDefaultActionName() {
+		return PVP2XProtocol.ATTRIBUTEQUERY;
+	}
+
+	private List<String> addDefaultAttributes(AttributeQuery query, IAuthData authData) {
+		
+		List<String> reqAttributs = new ArrayList<String>();
+		
+		for (Attribute attr : query.getAttributes()) {
+			reqAttributs.add(attr.getName());
+						
+		}
+		
+		//add default STORK attributes if it is a STORK authentication
+		if (authData.isForeigner() && !reqAttributs.containsAll(DEFAULTSTORKATTRIBUTES)) {
+			for (String el : DEFAULTSTORKATTRIBUTES) {
+				if (!reqAttributs.contains(el))
+					reqAttributs.add(el);
+			}
+		}
+		
+		//add default mandate attributes if it is a authentication with mandates
+		if (authData.isUseMandate() && !reqAttributs.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+			for (String el : DEFAULTMANDATEATTRIBUTES) {
+				if (!reqAttributs.contains(el))
+					reqAttributs.add(el);
+			}
+		}
+
+		return reqAttributs;
+	}
+}