aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2014-01-14 14:02:32 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2014-01-27 16:35:23 +0100
commit4ef34e63ce36e20529d6350e81283617a8d69b96 (patch)
treebae17dcc2a8dd5e79930d442a0daa0dcb66adcdd /id/server/idserverlib/src/main/java/at
parent7fb3ae0e4922ec76e998937b771df244574be394 (diff)
downloadmoa-id-spss-4ef34e63ce36e20529d6350e81283617a8d69b96.tar.gz
moa-id-spss-4ef34e63ce36e20529d6350e81283617a8d69b96.tar.bz2
moa-id-spss-4ef34e63ce36e20529d6350e81283617a8d69b96.zip
outgoing auth request works
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java208
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java1
5 files changed, 114 insertions, 130 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 278f93f14..b30720501 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -29,8 +29,12 @@ import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import java.io.ByteArrayInputStream;
+import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.HttpURLConnection;
+import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
@@ -50,8 +54,18 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
import org.apache.xpath.XPathAPI;
-import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObjectBuilder;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.springframework.util.xml.DomUtils;
@@ -91,6 +105,7 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
@@ -103,6 +118,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants
import at.gv.egovernment.moa.id.client.SZRGWClient;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -131,13 +147,21 @@ import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.engine.SAMLEngine;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+import eu.stork.peps.auth.engine.core.impl.QAAAttributeBuilder;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributeBuilder;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributesBuilder;
+import eu.stork.peps.exceptions.SAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.common.STORKConstants;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
-import eu.stork.vidp.messages.util.SAMLUtil;
import eu.stork.vidp.messages.util.XMLUtil;
/**
@@ -1813,58 +1837,28 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String providerName= oaParam.getFriendlyName();
String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
-
-
- QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
- //Logger.debug("QAALevel: " + qaaLevel.getValue());
-
- RequestedAttributes requestedAttributes = null;
-
- requestedAttributes = oaParam.getRequestedAttributes();
- requestedAttributes.detach();
- List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
- List<RequestedAttribute> oaReqAttributeList = null;
- oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
-
- //check if country specific attributes must be additionally requested
- if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
- //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
- Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc());
- Logger.debug("The following attributes are requested for this specific country:");
- List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());
- for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) {
- csReqAttr.detach();
- if (!STORKConstants.DEFAULT_STORK_REQUESTED_ATTRIBUTE_SET.contains(csReqAttr.getName())) {
- //this country specific attribute does not override default attribute
- if (SAMLUtil.containsAttribute(oaReqAttributeList, csReqAttr.getName())) {
- //the same attribute is requested for OA, applying hierachy
- //remove oa attribute
- oaReqAttributeList.remove(SAMLUtil.getAttribute(oaReqAttributeList, csReqAttr.getName()));
- //add country specific attribute instead
- Logger.debug("Requested Attribute (" + csReqAttr.getName() + ") is also requested by OA but we use Country Specific value instead");
- }
- oaReqAttributeList.add(csReqAttr);
- Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired());
- } else {
- Logger.debug("Country specific requested attribute: " + csReqAttr.getName() + ", isRequired: " + csReqAttr.isRequired() + " tries to overwrite default requested and required attributes, hence we skip it.");
- }
-
- }
- reqAttributeList.addAll(oaReqAttributeList);
- } else {
- //no country specific requested attributes
- reqAttributeList.addAll(oaReqAttributeList);
+
+
+
+ // prepare collection of required attributes
+ // - attributes for online application
+ List<OAStorkAttribute> attributesFromConfig = oaParam.getRequestedAttributes();
+
+ // - prepare attribute list
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+
+ // - fill container
+ for(OAStorkAttribute current : attributesFromConfig) {
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(current.getName());
+ newAttribute.setIsRequired(current.isMandatory());
+ attributeList.add(newAttribute);
}
-
- reqAttributeList = (List<RequestedAttribute>) SAMLUtil.releaseDOM(reqAttributeList);
- requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList);
-
+
if (Logger.isDebugEnabled()) {
Logger.debug("The following attributes are requested for this OA:");
- for (RequestedAttribute logReqAttr : reqAttributeList) {
- Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isRequired());
-
- }
+ for (OAStorkAttribute logReqAttr : attributesFromConfig)
+ Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory());
}
@@ -1876,38 +1870,42 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String textToBeSigned =
CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession);
-
- //generate AuthnRquest
- STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
- destination,
- acsURL,
- providerName,
- issuerValue,
- qaaLevel,
- requestedAttributes,
- spSector,
- spInstitution,
- spApplication,
- spCountry,
- textToBeSigned,
- "application/xhtml+xml");
-
+
+ //generate AuthnRquest
+ STORKAuthnRequest authnRequest = new STORKAuthnRequest();
+ authnRequest.setDestination(destination);
+ authnRequest.setAssertionConsumerServiceURL(acsURL);
+ authnRequest.setProviderName(providerName);
+ authnRequest.setIssuer(issuerValue);
+ authnRequest.setQaa(oaParam.getQaaLevel());
+ authnRequest.setSpInstitution(spInstitution);
+ authnRequest.setCountry(spCountry);
+ authnRequest.setSpApplication(spApplication);
+ authnRequest.setSpSector(spSector);
+ authnRequest.setPersonalAttributeList(attributeList);
+
+// STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
+// destination,
+// acsURL,
+// providerName,
+// issuerValue,
+// qaaLevel,
+// spInstitution,
+// spApplication,
+// spCountry,
+// spSector,
+// requestedAttributes,
+
+// textToBeSigned,
+// "application/xhtml+xml");
+
Logger.debug("STORK AuthnRequest succesfully assembled.");
-
- //sign AuthnRequest
- String keyStorePath = storkConfig.getSignatureCreationParameter().getKeyStorePath();
- String keyStorePassword = storkConfig.getSignatureCreationParameter().getKeyStorePassword();
- String keyName = storkConfig.getSignatureCreationParameter().getKeyName();
- String keyPassword = storkConfig.getSignatureCreationParameter().getKeyPassword();
-
- Logger.debug("Starting signing process of STORK AuthnRequest.");
- Logger.trace("Using the following Keystore and Key for that:");
- Logger.trace("KeyStore: " + keyStorePath);
- Logger.trace("KeyName: " + keyName);
-
+
+ STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("CONF0");
try {
- storkAuthnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(storkAuthnRequest, keyStorePath, keyStorePassword, keyName, keyPassword);
- } catch (SAMLException e) {
+ authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
+// authnRequest = STORKAuthnRequestProcessor.signSTORKAuthnRequest(authnRequest, keyStorePath, keyStorePassword, keyName, keyPassword);
+ } catch (STORKSAMLEngineException e) {
Logger.error("Could not sign STORK SAML AuthnRequest.", e);
throw new MOAIDException("stork.00", null);
}
@@ -1916,8 +1914,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//validate AuthnRequest
try {
- STORKAuthnRequestProcessor.validateSTORKAuthnRequest(storkAuthnRequest);
- } catch (SAMLValidationException e) {
+ samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml());
+ } catch (STORKSAMLEngineException e) {
Logger.error("STORK SAML AuthnRequest not valid.", e);
throw new MOAIDException("stork.01", null);
}
@@ -1925,26 +1923,36 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest successfully internally validated.");
//send
- moasession.setStorkAuthnRequest(storkAuthnRequest);
+ moasession.setStorkAuthnRequest(authnRequest);
HttpSession httpSession = req.getSession();
httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
-
- Logger.debug("Preparing to send STORK AuthnRequest.");
-
+
+
+ Logger.info("Preparing to send STORK AuthnRequest.");
+ Logger.info("prepared STORKAuthnRequest: ");
+ Logger.info(new String(authnRequest.getTokenSaml()));
+// SAMLRequest = PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml());
+
try {
- STORKAuthnRequestProcessor.sendSTORKAuthnRequest(req, resp, storkAuthnRequest);
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/saml2-post-binding-moa.vm");
+ VelocityContext context = new VelocityContext();
+ context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()));
+ context.put("action", destination);
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ resp.getOutputStream().write(writer.toString().getBytes());
} catch (Exception e) {
Logger.error("Error sending STORK SAML AuthnRequest.", e);
httpSession.invalidate();
throw new MOAIDException("stork.02", new Object[] { destination });
}
-
- Logger.info("STORK AuthnRequest successfully sent to: " + storkAuthnRequest.getDestination());
- Logger.debug("STORKAuthnRequest sent (pretty print): ");
- Logger.debug(XMLHelper.prettyPrintXML(storkAuthnRequest.getDOM()));
- Logger.trace("STORKAuthnRequest sent (original): ");
- Logger.trace(XMLUtil.printXML(storkAuthnRequest.getDOM()));
-
+
+ Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination());
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 9aecefd43..43ba83f91 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -33,7 +33,6 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
/**
* Session data to be stored between <code>AuthenticationServer</code> API calls.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 29f567324..f44f21db9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -88,11 +88,10 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.stork.vidp.messages.common.STORKBootstrap;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
- *
+ *
* <p>Configuration data is read from an XML file, whose location is given by
* the <code>moa.id.configuration</code> system property.</p>
* <p>This class implements the Singleton pattern. The <code>reload()</code>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 3edb3cad9..60803bb8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
@@ -46,10 +47,6 @@ import at.gv.egovernment.moa.id.config.OAParameter;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.common.STORKConstants;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
/**
* Configuration parameters belonging to an online application,
@@ -78,21 +75,6 @@ public class OAAuthParameter extends OAParameter {
this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value();
}
-
- /**
- * STORK QAA Level, Default = 4
- */
- private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4);
-
- /**
- * STORK RequestedAttributes for Online Application
- * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth
- */
- private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes(
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null),
- STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null));
private String keyBoxIdentifier;
@@ -317,18 +299,15 @@ public Map<String, String> getFormCustomizaten() {
return map;
}
-/**
- * @return the qaaLevel
- */
-public QualityAuthenticationAssuranceLevel getQaaLevel() {
- return qaaLevel;
+public Integer getQaaLevel() {
+ return oa_auth.getOASTORK().getQaa();
}
/**
* @return the requestedAttributes
*/
-public RequestedAttributes getRequestedAttributes() {
- return requestedAttributes;
+public List<OAStorkAttribute> getRequestedAttributes() {
+ return oa_auth.getOASTORK().getOAAttributes();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 6a3f4cc9e..25f12af62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -22,7 +22,6 @@ import org.xml.sax.SAXException;
import eu.stork.vidp.messages.util.SAMLUtil;
import eu.stork.vidp.messages.util.XMLUtil;
-import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;