MOA federation with USP

- add some initial methodes
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-08-04 12:57:39 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-08-04 12:57:39 +0200
commit: 078c7784e9e278bd5fdd96465a38558776cacb04 (patch)
tree: 0fb5c8170a707ae9c498667ff012220a8b1c4fe7 /id/server/idserverlib/src/main/java/at/gv
parent: 0265338e3f2553d9f6926c930561d29a65035847 (diff)
download: moa-id-spss-078c7784e9e278bd5fdd96465a38558776cacb04.tar.gz
moa-id-spss-078c7784e9e278bd5fdd96465a38558776cacb04.tar.bz2
moa-id-spss-078c7784e9e278bd5fdd96465a38558776cacb04.zip
3 files changed, 54 insertions, 34 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 17d6898ee..ddcc6e1d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
@@ -76,6 +77,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
@@ -239,11 +241,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				attributs = reqQueryAttr;
 				
 			//IDP is a service provider IDP and request interfederated IDP to collect attributes				
-			} else {
-				
-				//TODO: check if response include attributes and map this attributes to requested attributes
-				//TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
-				
+			} else {												
 				//get PVP 2.1 attributes from protocol specific requested attributes
 				attributs = req.getRequestedAttributes();
 				
@@ -255,44 +253,52 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
 				throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
 			}
+
+			
+			//TODO: check if response include attributes and map this attributes to requested attributes
+			//TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
+			Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+			AssertionAttributeExtractor extractor = 
+					new AssertionAttributeExtractor(intfResp);			
 						
-			//build attributQuery request
-			AttributeQuery query = 
-					AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+			if (!extractor.containsAllRequiredAttributes()) {			
+				//build attributQuery request
+				AttributeQuery query = 
+						AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
 			
-			//build SOAP request				
-			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+				//build SOAP request				
+				List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
 			
-			if (xmlObjects.size() == 0) {
-				Logger.error("Receive emptry AttributeQuery response-body.");
-				throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+				if (xmlObjects.size() == 0) {
+					Logger.error("Receive emptry AttributeQuery response-body.");
+					throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
 				
-			}
+				}
 			
-			if (xmlObjects.get(0) instanceof Response) {
-				Response intfResp = (Response) xmlObjects.get(0);
+				if (xmlObjects.get(0) instanceof Response) {
+					intfResp = (Response) xmlObjects.get(0);
 				
-				//validate PVP 2.1 response
-				try {
-					SAMLVerificationEngine engine = new SAMLVerificationEngine();
-					engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+					//validate PVP 2.1 response
+					try {
+						SAMLVerificationEngine engine = new SAMLVerificationEngine();
+						engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
 				
-					SAMLVerificationEngine.validateAssertion(intfResp, false);
+						SAMLVerificationEngine.validateAssertion(intfResp, false);
 					
-				} catch (Exception e) {
-					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
-					throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
-				}
-				
-				//parse response information to authData
-				buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
-								
-			} else {
-				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
-				throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+					} catch (Exception e) {
+						Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+						throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+					}
+												
+				} else {
+					Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+					throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
 				
+				}
 			}
-										 						
+			//parse response information to authData
+			buildAuthDataFormInterfederationResponse(authdata, session, intfResp);			
+			
 		} catch (SOAPException e) {
 			throw new BuildException("builder.06", null, e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 0d34fcb87..1e38bd4ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -269,7 +269,7 @@ public class DispatcherServlet extends AuthServlet{
 							info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
 							moduleAction = info.getAction(protocolRequest.requestedAction());
 
-							//create interfederated mOASession
+							//create interfederated MOASession
 							String sessionID = 
 									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
 							req.getParameterMap().put(PARAM_SESSIONID, sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index ee0088576..9aadfdc28 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
 import java.util.List;
 
 import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnStatement;
 import org.opensaml.saml2.core.Response;
@@ -54,6 +55,19 @@ public class AssertionAttributeExtractor {
 			throw new AssertionAttributeExtractorExeption();		
 	}
 
+	public boolean containsAllRequiredAttributes() {
+		//TODO: add default attribute list
+		return containsAllRequiredAttributes(null);
+		
+	}
+	
+	public boolean containsAllRequiredAttributes(List<Attribute> attributs) {		
+		//TODO: add validation		
+		return false;
+		
+	}
+	
+	
 	public String getNameID() throws AssertionAttributeExtractorExeption {		
 		if (assertion.getSubject() != null) {
 			Subject subject = assertion.getSubject();
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-08-04 12:57:39 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-08-04 12:57:39 +0200
commit	078c7784e9e278bd5fdd96465a38558776cacb04 (patch)
tree	0fb5c8170a707ae9c498667ff012220a8b1c4fe7 /id/server/idserverlib/src/main/java/at/gv
parent	0265338e3f2553d9f6926c930561d29a65035847 (diff)
download	moa-id-spss-078c7784e9e278bd5fdd96465a38558776cacb04.tar.gz moa-id-spss-078c7784e9e278bd5fdd96465a38558776cacb04.tar.bz2 moa-id-spss-078c7784e9e278bd5fdd96465a38558776cacb04.zip