attr supporT

author: Bojan Suzic <bojan.suzic@iaik.tugraz.at> 2014-03-03 14:03:38 +0100
committer: Bojan Suzic <bojan.suzic@iaik.tugraz.at> 2014-03-03 14:03:38 +0100
commit: 142bf6e5c229aa523e5c1363716d011df6d6af93 (patch)
tree: 21f0d8faedc73799f921ea3de56e5c116c22177d /id/server/idserverlib/src/main
parent: 7767c1c7fe237ec729d98d66577f8a247c622d85 (diff)
download: moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.gz
moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.bz2
moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.zip
4 files changed, 100 insertions, 76 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index e10c4d9d9..91326a51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
-import edu.emory.mathcs.backport.java.util.Collections;
-import eu.stork.peps.auth.commons.*;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.commons.io.IOUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
 import org.apache.velocity.app.VelocityEngine;
 import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.*;
-import java.util.HashMap;
-import eu.stork.peps.auth.engine.SAMLEngine;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 
 /**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
  * @author bsuzic
- *         Date: 12/3/13, Time: 2:08 PM
  */
 
 public class AuthenticationRequest implements IAction {
-    /*
-    Second request step - after authentication of the user is done and moasession obtained,
-    process request and forward the user further to PEPS and/or other entities
-     */
 
 
     private VelocityEngine velocityEngine;
     private AuthenticationSession moaSession;
-    private MOASTORKAuthnRequest moaStorkAuthnRequest;
+    private MOASTORKRequest moaStorkRequest;
 
 
     public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 
         this.moaSession = moasession;
-        this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req;
-
-        try {
-            MISMandate mandate = moasession.getMISMandate();
-            String owbpk = mandate.getOWbPK();
-            byte[] mand = mandate.getMandate();
-            String profprep = mandate.getProfRep();
-            //String textdesc = mandate.getTextualDescriptionOfOID();
-            Element mndt = moasession.getMandate();
+        this.moaStorkRequest = (MOASTORKRequest) req;
+
+        if (moasession.getUseMandate()) {
+            try {
+                MISMandate mandate = moasession.getMISMandate();
+                String owbpk = mandate.getOWbPK();
+                byte[] mand = mandate.getMandate();
+                String profprep = mandate.getProfRep();
+                //String textdesc = mandate.getTextualDescriptionOfOID();
+                Element mndt = moasession.getMandate();
+
+                iterate(mndt.getAttributes());
+                Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
+            } catch (Exception x) {
+                Logger.debug("There is no mandate used in transaction");
+            }
+        }
 
-            iterate(mndt.getAttributes());
-            Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand)));
-        } catch (Exception x) {}
 
         Logger.debug("Starting AuthenticationRequest");
-        //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession);
-        Logger.debug("Http Response: " + httpResp.toString() + ", ");
-        Logger.debug("Remote user: " + httpReq.getRemoteAddr());
-        Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());
         httpResp.reset();
 
         STORKAuthnResponse authnResponse = new STORKAuthnResponse();
-        authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry());
-
+        authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry());
 
 
         OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
         if (oaParam == null)
-            throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() });
+            throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
 
 
         // Prepare basic AT attributes
         try {
-            IPersonalAttributeList moaAttrList =  moasession.getStorkAttributes();
+            IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();
             Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size());
 
 
@@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction {
         DataContainer container = new DataContainer();
 
         // - fill in the request we extracted above
-        container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest());
-        
+        container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest());
+
         // - fill in the partial response created above
         container.setResponse(authnResponse);
-        
+
         // - memorize the target url were we have to return the result
-        container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+        container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
 
         container.setRemoteAddress(httpReq.getRemoteAddr());
 
@@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction {
             Logger.debug("--Attribute: "
                     + attributesList.item(j).getNodeName() + " = "
                     + attributesList.item(j).getNodeValue());
-        }                    }
+        }
+    }
 
 
     public PersonalAttributeList populateAttributes() {
 
-        IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList();
-        Logger.info("Found " + attrLst.size() + " personal attributes in the request." );
+        IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
+        Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
 
         // Define attribute list to be populated
         PersonalAttributeList attributeList = new PersonalAttributeList();
-        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest);
+        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);
 
         try {
             for (PersonalAttribute personalAttribute : attrLst) {
                 Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
                 moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
             }
-        }  catch (Exception e) {
+        } catch (Exception e) {
             Logger.error("Exception, attributes: " + e.getMessage());
         }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 190a0d27c..d89fb8cb2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -22,7 +22,7 @@ public class MOAAttributeProvider {
     private final IdentityLink identityLink;
     private static final Map<String, String> storkAttributeSimpleMapping;
     private static final Map<String, String> storkAttributeFunctionMapping;
-    private final MOASTORKAuthnRequest moastorkAuthnRequest;
+    private final MOASTORKRequest moastorkRequest;
 
     static {
         Map<String, String> tempSimpleMap = new HashMap<String, String>();
@@ -35,9 +35,9 @@ public class MOAAttributeProvider {
         storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);
     }
 
-    public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) {
+    public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) {
         this.identityLink = identityLink;
-        this.moastorkAuthnRequest = moastorkAuthnRequest;
+        this.moastorkRequest = moastorkRequest;
         Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());
     }
 
@@ -70,9 +70,9 @@ public class MOAAttributeProvider {
     }
 
     private String geteIdentifier() {
-        Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+        Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());
         try {
-            return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry());
+            return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry());
         } catch (BuildException be) {
             Logger.error("Stork eid could not be constructed; " + be.getMessage());
             return null; // TODO error
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index cee64e16e..8c7fd8706 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -1,52 +1,76 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
 import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import org.opensaml.common.xml.SAMLConstants;
 
 /**
+ * Implements MOA request and stores StorkAuthnRequest related data
+ *
  * @author bsuzic
- *         Date: 12/4/13, Time: 6:31 PM
  */
 
-public class MOASTORKAuthnRequest implements IRequest {
+public class MOASTORKRequest implements IRequest {
     private String requestID;
     private String target = null;
     String module = null;
     String action = null;
     private STORKAuthnRequest storkAuthnRequest;
+    private STORKAttrQueryRequest storkAttrQueryRequest;
+    private boolean isAttrRequest = false;
+    private boolean isAuthnRequest = false;
 
     public void setSTORKAuthnRequest(STORKAuthnRequest request) {
         this.storkAuthnRequest = request;
+        if (request != null) {
+            isAuthnRequest = true;
+        }
     }
 
+    public void setSTORKAttrRequest(STORKAttrQueryRequest request) {
+        this.storkAttrQueryRequest = request;
+        if (request != null) {
+            isAttrRequest = true;
+        }
+
+    }
+
+    public boolean isAttrRequest() {
+        return this.isAttrRequest;
+    }
+
+    public boolean isAuthnRequest() {
+        return this.isAuthnRequest;
+    }
+
+
     public STORKAuthnRequest getStorkAuthnRequest() {
         return this.storkAuthnRequest;
     }
 
     public String getOAURL() {
 
-        return "https://sp:8889/SP";  //
+        return storkAuthnRequest.getAssertionConsumerServiceURL();
     }
 
     public boolean isPassiv() {
-        return false;  //
+        return false;
     }
 
     public boolean forceAuth() {
-        return false;  //
+        return false;
     }
 
     public boolean isSSOSupported() {
-        return false;  //
+        return false;
     }
 
     public String requestedModule() {
-        return this.module;  //
+        return this.module;
     }
 
     public String requestedAction() {
-        return action;  //
+        return action;
     }
 
     public void setModule(String module) {
@@ -58,7 +82,7 @@ public class MOASTORKAuthnRequest implements IRequest {
     }
 
     public String getTarget() {
-        return this.target;  //
+        return this.target;
     }
 
     public void setRequestID(String id) {
@@ -66,6 +90,6 @@ public class MOASTORKAuthnRequest implements IRequest {
     }
 
     public String getRequestID() {
-        return this.requestID;  //
+        return this.requestID;
     }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 042d61080..28a516d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.ws.transport.http.HTTPInTransport;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
 import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Collections;
 import java.util.HashMap;
 
 /**
@@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();
         samlMessageContext.setInboundMessageTransport(profileReq);
 
+/*
         HTTPPostDecoder postDecoder = new HTTPPostDecoder();
         postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator
 
@@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         } catch (Exception e) {
             Logger.error("Error decoding STORKAuthnRequest", e);
         }
+*/
 
-        MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest();
+        MOASTORKRequest STORK2Request = new MOASTORKRequest();
 
 
         //extract STORK Response from HTTP Request
@@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         try {
             decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest"));
         } catch(NullPointerException e) {
-            Logger.error("Unable to retrieve STORK Response", e);
+            Logger.error("Unable to retrieve STORK Request", e);
             throw new MOAIDException("stork.04", null);
         }
 
@@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");
 
         STORKAuthnRequest authnRequest = null;
+        STORKAttrQueryRequest attrRequest = null;
 
+        // check if valid authn request is contained
         try {
             authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
         } catch (STORKSAMLEngineException ex) {
             Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
         }
 
+
+        // check if a valid attr request is container
+        try {
+            attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken);
+        } catch (STORKSAMLEngineException ex) {
+            Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );
+        }
+
+
+
+
         Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());
         Logger.error("cc " + authnRequest.getCitizenCountryCode());
         Logger.error("iss " + authnRequest.getIssuer());
@@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         Logger.error("spi " + authnRequest.getSpInstitution());
 
         STORK2Request.setSTORKAuthnRequest(authnRequest);
-
+        STORK2Request.setSTORKAttrRequest(attrRequest);
 
         return STORK2Request;
     }
author	Bojan Suzic <bojan.suzic@iaik.tugraz.at>	2014-03-03 14:03:38 +0100
committer	Bojan Suzic <bojan.suzic@iaik.tugraz.at>	2014-03-03 14:03:38 +0100
commit	142bf6e5c229aa523e5c1363716d011df6d6af93 (patch)
tree	21f0d8faedc73799f921ea3de56e5c116c22177d /id/server/idserverlib/src/main
parent	7767c1c7fe237ec729d98d66577f8a247c622d85 (diff)
download	moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.gz moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.bz2 moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.zip