aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-04-16 18:42:16 +0200
committerBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-04-16 18:42:16 +0200
commitde809dbe57372fd0026765034a490287bf1b57eb (patch)
tree014a9ee3976dcbc29f5acd2c2d18ea28383aff71 /id/server/idserverlib/src
parentf170d047fd3955a0b9d219dfb8e527452f2ebe44 (diff)
downloadmoa-id-spss-de809dbe57372fd0026765034a490287bf1b57eb.tar.gz
moa-id-spss-de809dbe57372fd0026765034a490287bf1b57eb.tar.bz2
moa-id-spss-de809dbe57372fd0026765034a490287bf1b57eb.zip
extending the peps communication and response
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java261
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java212
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java42
7 files changed, 476 insertions, 47 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1d9e31674..8f0d259b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -159,6 +159,7 @@ public class AttributeCollector implements IAction {
new ConsentEvaluator().generateSTORKResponse(response, container);
return "12345"; // AssertionId
+ // TODO
} catch (ExternalAttributeRequestRequiredException e) {
// the attribute request is ongoing and requires an external service.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 5e49fe413..efa77577e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -3,23 +3,30 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
-import org.joda.time.DateTime;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.io.StringWriter;
+import java.security.NoSuchAlgorithmException;
/**
@@ -41,23 +48,23 @@ public class AuthenticationRequest implements IAction {
this.moaSession = moasession;
- if (req instanceof MOASTORKRequest) {
+ if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
this.moaStorkRequest = (MOASTORKRequest) req;
Logger.debug("Entering MOASTORKRequest");
httpResp.reset();
-
+
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
if (oaParam == null)
throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
-
+
// check if it is attribute query
if (moaStorkRequest.isAttrRequest()) {
Logger.debug("Starting AttrQueryRequest");
-
+
moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse());
}
// check if we have authentication request
@@ -70,7 +77,7 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Starting generation of SAML response");
try {
- moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(),httpReq.getRemoteAddr(), false));
+ moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false));
} catch (STORKSAMLEngineException ex) {
// TODO
}
@@ -80,7 +87,7 @@ public class AuthenticationRequest implements IAction {
}
-
+
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
// Prepare extended attributes
@@ -107,20 +114,256 @@ public class AuthenticationRequest implements IAction {
arep.setSamlId("xxxx");
arep.setStatusCode("xxxx");
- // arep.setNotBefore(new DateTime().withTimeAtStartOfDay());
- // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay());
+ // arep.setNotBefore(new DateTime().withTimeAtStartOfDay());
+ // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay());
Logger.debug("Data container prepared");
return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+ } // check if we are getting request for citizen of some other country
+ else if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
+
+ // - generate new key
+ String artifactId = null;
+ try {
+ artifactId = new SecureRandomIdentifierGenerator().generateIdentifier();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+
+ STORKAuthnRequest spAuthnRequest = ((MOASTORKRequest) req).getStorkAuthnRequest();
+ STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+
+ try {
+ storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone();
+ } catch (CloneNotSupportedException e) {
+ e.printStackTrace();
+ }
+
+ storkAuthnRequest.setIssuer("VIDP");
+ storkAuthnRequest.setAssertionConsumerServiceURL("https://vm-stork2-vidp:8443/moa-id-auth/stork2/SendPEPSAuthnRequest");
+ storkAuthnRequest.setSamlId(artifactId);
+
+ String publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ if (publicURLPrefix == null)
+ throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+
+
+ DataContainer originalRequest = new DataContainer();
+ originalRequest.setRequest((MOASTORKRequest) req);
+
+
+ // preparing redirection for the client
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML request");
+ storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest);
+
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+
+ // store original request from sp in order to be able to extract it in later iteration/response
+ try {
+ AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest);
+ Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request");
+ } catch (MOADatabaseException e) {
+ e.printStackTrace();
+ }
+
+ byte[] blob;
+ blob = storkAuthnRequest.getTokenSaml();
+
+ context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob));
+ Logger.debug("SAMLRequest original: " + new String(blob));
+
+ Logger.debug("Putting url as action: " + "https://peps-test.mju.gov.si/PEPS/ColleagueRequest");
+ context.put("action", "https://peps-test.mju.gov.si/PEPS/ColleagueRequest");
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
+ }
+ return "xxxx";// TODO
+
+ } // check if we got the response from peps, if so then process it and forward to sp
+ else if ((req instanceof MOASTORKResponse)) {
+
+ MOASTORKResponse moastorkResponse = (MOASTORKResponse) req;
+
+
+ STORKAuthnResponse authnResponse = null;
+ // check if valid authn request is contained
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+
+ try {
+ authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), httpReq.getRemoteAddr());
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+ }
+
+ Logger.info("Requesting artifactId " + authnResponse.getInResponseTo() + " from store.");
+
+ DataContainer dataContainer = null;
+
+ try {
+ dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class);
+ } catch (MOADatabaseException e) {
+ e.printStackTrace();
+ }
+
+ authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId());
+ authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL());
+
+
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine2 = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML response");
+
+ authnResponse = engine2.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, httpReq.getRemoteAddr(), false);
+
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ // preparing redirection for the client
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ byte[] blob;
+ blob = authnResponse.getTokenSaml();
+
+ context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
+ Logger.debug("SAMLResponse original: " + new String(blob));
+
+ Logger.debug("Putting assertion consumer url as action: " + dataContainer.getRequest().getAssertionConsumerServiceURL());
+ context.put("action", dataContainer.getRequest().getAssertionConsumerServiceURL());
+
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
+ }
+
+
+ return "yyyyy"; // TODO
} else {
Logger.error("Could not recognize request.");
throw new MOAIDException("stork.15", null);
}
}
+
+ public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {
+ MOASTORKRequest request = container.getRequest();
+ MOASTORKResponse response = container.getResponse();
+
+ Logger.info("generating stork response...");
+
+ try {
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+ Logger.debug("Starting generation of SAML response");
+ if (response.isAuthnResponse())
+ response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
+ else
+ response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
+
+
+ //generateSAML Token
+ Logger.info("SAML response succesfully generated!");
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Failed to generate STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ // preparing redirection for the client
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ byte[] blob;
+ if (request.isAttrRequest())
+ blob = response.getStorkAttrQueryResponse().getTokenSaml();
+ else
+ blob = response.getStorkAuthnResponse().getTokenSaml();
+
+ context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
+ Logger.debug("SAMLResponse original: " + new String(blob));
+
+ Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
+ context.put("action", request.getAssertionConsumerServiceURL());
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+ Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
+
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+ } catch (Exception e) {
+ Logger.error("Velocity error: " + e.getMessage());
+ }
+ }
+
+
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+
+ if (req instanceof MOASTORKRequest) {
+ if (((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
+ return false;
+
+ }
+ } else if (req instanceof MOASTORKResponse) {
+ return false;
+ }
+
return true;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 9ea33c8ef..a5a91fa55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -7,6 +7,7 @@ import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
/**
* Implements MOA request and stores StorkAuthn/Attr-Request related data.
@@ -36,6 +37,7 @@ public class MOASTORKRequest implements IRequest, Serializable {
/** The stork attr query request. */
private STORKAttrQueryRequest storkAttrQueryRequest;
+
/**
* Sets the sTORK authn request.
*
@@ -72,7 +74,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
return null != storkAuthnRequest;
}
-
/**
* Gets the stork authn request.
*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index 4e0f57779..7d9e20cd0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -1,28 +1,124 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.Serializable;
-
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import java.io.Serializable;
+
/**
* Implements MOA request and stores StorkAuthn/Attr-Request related data.
*
* @author bsuzic
*/
-public class MOASTORKResponse implements Serializable {
-
- /** The Constant serialVersionUID. */
- private static final long serialVersionUID = -5798803155055518747L;
-
- /** The stork authn request. */
- private STORKAuthnResponse storkAuthnResponse;
-
- /** The stork attr query request. */
+public class MOASTORKResponse implements IRequest, Serializable {
+
+ /**
+ * The Constant serialVersionUID.
+ */
+ private static final long serialVersionUID = -5798803155055518747L;
+
+ /**
+ * The stork authn request.
+ */
+ private STORKAuthnResponse storkAuthnResponse;
+
+ /**
+ * The stork attr query request.
+ */
private STORKAttrQueryResponse storkAttrQueryResponse;
-
+
+ /**
+ * The action.
+ */
+ String action = null;
+
+ /**
+ * The token
+ */
+ private byte[] storkAuthnResponseToken = null;
+
+ /**
+ * The request id.
+ */
+ private String requestID;
+
+
+ /**
+ * The module.
+ */
+ String module = null;
+
+ /**
+ * The target.
+ */
+ private String target = null;
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
+ */
+ public String requestedModule() {
+ return this.module;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
+ */
+ public String requestedAction() {
+ return action;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID()
+ */
+ public String getRequestID() {
+ return this.requestID;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget()
+ */
+ public String getTarget() {
+ return this.target;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported()
+ */
+ public boolean isSSOSupported() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth()
+ */
+ public boolean forceAuth() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String)
+ */
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String)
+ */
+ public void setRequestID(String id) {
+ this.requestID = id;
+ }
+
/**
* Sets the sTORK authn response.
*
@@ -33,6 +129,23 @@ public class MOASTORKResponse implements Serializable {
}
/**
+ * Sets the sTORK authn response token
+ *
+ * @param request the new sTORK authn response token
+ */
+ public void setSTORKAuthnResponseToken(byte[] token) {
+ this.storkAuthnResponseToken = token;
+ }
+
+ /**
+ * Gets the sTORK authn response token .
+ *
+ * @param request the new sTORK authn response
+ */
+ public byte[] getSTORKAuthnResponseToken() {
+ return this.storkAuthnResponseToken;
+ }
+ /**
* Sets the sTORK attr response.
*
* @param request the new sTORK attr response
@@ -77,17 +190,17 @@ public class MOASTORKResponse implements Serializable {
public STORKAttrQueryResponse getStorkAttrQueryResponse() {
return this.storkAttrQueryResponse;
}
-
+
/**
* Gets the personal attribute list.
*
* @return the personal attribute list
*/
public IPersonalAttributeList getPersonalAttributeList() {
- if(isAttrResponse())
- return this.storkAttrQueryResponse.getPersonalAttributeList();
- else
- return this.storkAuthnResponse.getPersonalAttributeList();
+ if (isAttrResponse())
+ return this.storkAttrQueryResponse.getPersonalAttributeList();
+ else
+ return this.storkAuthnResponse.getPersonalAttributeList();
}
/**
@@ -96,22 +209,53 @@ public class MOASTORKResponse implements Serializable {
* @param populateAttributes the new personal attribute list
*/
public void setPersonalAttributeList(PersonalAttributeList populateAttributes) {
- if(isAttrResponse())
- this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes);
- else
- this.storkAuthnResponse.setPersonalAttributeList(populateAttributes);
- }
-
- /**
- * Sets the country.
- *
- * @param spCountry the new country
- */
- public void setCountry(String spCountry) {
- if(isAttrResponse())
- this.storkAttrQueryResponse.setCountry(spCountry);
- else
- this.storkAuthnResponse.setCountry(spCountry);
- }
+ if (isAttrResponse())
+ this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes);
+ else
+ this.storkAuthnResponse.setPersonalAttributeList(populateAttributes);
+ }
+
+ /**
+ * Sets the country.
+ *
+ * @param spCountry the new country
+ */
+ public void setCountry(String spCountry) {
+ if (isAttrResponse())
+ this.storkAttrQueryResponse.setCountry(spCountry);
+ else
+ this.storkAuthnResponse.setCountry(spCountry);
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL()
+ */
+ public String getOAURL() {
+ if (isAuthnResponse())
+ return storkAuthnResponse.getAudienceRestriction();
+ else if (isAttrResponse())
+ return storkAttrQueryResponse.getAudienceRestriction();
+ else {
+ Logger.error("There is no authentication or attribute request contained in MOASTORKRequest.");
+ return null;
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv()
+ */
+ public boolean isPassiv() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String)
+ */
+ public void setAction(String action) {
+ this.action = action;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
index 0e94600db..5d13ccb45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
@@ -68,7 +68,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
- //generate AuthnRquest
+ //generate AttrQueryRequest
STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
attributeRequest.setDestination(destination);
attributeRequest.setAssertionConsumerServiceURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 3bd1686b4..077867fe0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletResponse;
*/
public class MandateRetrievalRequest implements IAction {
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
- Logger.info("Entering mandateretrievalrequest");
+ Logger.error("Entering mandateretrievalrequest");
return null; //
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 00f919c82..689aed8aa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -64,10 +64,46 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
Logger.debug("Initiating action: " + action);
MOASTORKRequest STORK2Request = new MOASTORKRequest();
+ MOASTORKResponse STORK2Response = new MOASTORKResponse();
- if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
+
+ if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
return STORK2Request;
+
+ if (request.getParameter("SAMLResponse") != null) {
+ //extract STORK Response from HTTP Request
+ byte[] decSamlToken;
+ try {
+ decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+ } catch (NullPointerException e) {
+ if (request.getRemoteHost().contains("129.27.142")) {
+ Logger.warn("Availability check by " + request.getRemoteHost() + " on URI: " + request.getRequestURI());
+ } else {
+ Logger.error("Unable to retrieve STORK Request for host: " + request.getRemoteHost() + " and URI: " + request.getRequestURI(), e);
+ }
+ throw new MOAIDException("stork.04", null);
+ }
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+
+ STORKAuthnResponse authnResponse = null;
+
+
+ // check if valid authn request is contained
+ try {
+ authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, request.getRemoteAddr());
+ } catch (STORKSAMLEngineException ex) {
+ Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+ }
+
+ STORK2Response.setSTORKAuthnResponseToken(decSamlToken);
+
+ return STORK2Response;
+
+ } else if (request.getParameter("SAMLRequest") != null) {
+
//extract STORK Response from HTTP Request
byte[] decSamlToken;
try {
@@ -87,6 +123,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORKAuthnRequest authnRequest = null;
STORKAttrQueryRequest attrRequest = null;
+
// check if valid authn request is contained
try {
authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
@@ -112,6 +149,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORK2Request.setSTORKAttrRequest(attrRequest);
return STORK2Request;
+ } else {
+ throw new MOAIDException("stork.14", null); // TODO Specify message
+ }
}
public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {