diff options
| author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-03-03 14:03:38 +0100 | 
|---|---|---|
| committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-03-03 14:03:38 +0100 | 
| commit | 142bf6e5c229aa523e5c1363716d011df6d6af93 (patch) | |
| tree | 21f0d8faedc73799f921ea3de56e5c116c22177d /id/server/idserverlib | |
| parent | 7767c1c7fe237ec729d98d66577f8a247c622d85 (diff) | |
| download | moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.gz moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.tar.bz2 moa-id-spss-142bf6e5c229aa523e5c1363716d011df6d6af93.zip | |
attr supporT
Diffstat (limited to 'id/server/idserverlib')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 95 | ||||
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 10 | ||||
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java) | 46 | ||||
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 25 | 
4 files changed, 100 insertions, 76 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index e10c4d9d9..91326a51d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -3,91 +3,77 @@ package at.gv.egovernment.moa.id.protocols.stork2;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; -import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;  import at.gv.egovernment.moa.logging.Logger; -import edu.emory.mathcs.backport.java.util.Collections; -import eu.stork.peps.auth.commons.*; -import eu.stork.peps.auth.engine.STORKSAMLEngine; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnResponse;  import org.apache.velocity.app.VelocityEngine;  import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.xml.util.Base64; -import org.opensaml.xml.util.XMLHelper; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.*; -import java.util.HashMap; -import eu.stork.peps.auth.engine.SAMLEngine;  import org.w3c.dom.Element;  import org.w3c.dom.NamedNodeMap; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +  /** + * Second request step - after authentication of the user is done and moasession obtained, + * process request and forward the user further to PEPS and/or other entities + *   * @author bsuzic - *         Date: 12/3/13, Time: 2:08 PM   */  public class AuthenticationRequest implements IAction { -    /* -    Second request step - after authentication of the user is done and moasession obtained, -    process request and forward the user further to PEPS and/or other entities -     */      private VelocityEngine velocityEngine;      private AuthenticationSession moaSession; -    private MOASTORKAuthnRequest moaStorkAuthnRequest; +    private MOASTORKRequest moaStorkRequest;      public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {          this.moaSession = moasession; -        this.moaStorkAuthnRequest = (MOASTORKAuthnRequest)req; - -        try { -            MISMandate mandate = moasession.getMISMandate(); -            String owbpk = mandate.getOWbPK(); -            byte[] mand = mandate.getMandate(); -            String profprep = mandate.getProfRep(); -            //String textdesc = mandate.getTextualDescriptionOfOID(); -            Element mndt = moasession.getMandate(); +        this.moaStorkRequest = (MOASTORKRequest) req; + +        if (moasession.getUseMandate()) { +            try { +                MISMandate mandate = moasession.getMISMandate(); +                String owbpk = mandate.getOWbPK(); +                byte[] mand = mandate.getMandate(); +                String profprep = mandate.getProfRep(); +                //String textdesc = mandate.getTextualDescriptionOfOID(); +                Element mndt = moasession.getMandate(); + +                iterate(mndt.getAttributes()); +                Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); +            } catch (Exception x) { +                Logger.debug("There is no mandate used in transaction"); +            } +        } -            iterate(mndt.getAttributes()); -            Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); -        } catch (Exception x) {}          Logger.debug("Starting AuthenticationRequest"); -        //AuthenticationServer.getInstance().startSTORKAuthentication(httpReq, httpResp, moasession); -        Logger.debug("Http Response: " + httpResp.toString() + ", "); -        Logger.debug("Remote user: " + httpReq.getRemoteAddr()); -        Logger.debug("Moa session: " + moasession.toString() + " " + moasession.getOAURLRequested() + " " + moasession.getPublicOAURLPrefix() + " " + moasession.getAction() + " " + moasession.getIdentityLink().getName() + " " + moasession.getTarget());          httpResp.reset();          STORKAuthnResponse authnResponse = new STORKAuthnResponse(); -        authnResponse.setCountry(((MOASTORKAuthnRequest)req).getStorkAuthnRequest().getSpCountry()); - +        authnResponse.setCountry(((MOASTORKRequest) req).getStorkAuthnRequest().getSpCountry());          OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());          if (oaParam == null) -            throw new AuthenticationException("stork.12", new Object[] { moasession.getPublicOAURLPrefix() }); +            throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});          // Prepare basic AT attributes          try { -            IPersonalAttributeList moaAttrList =  moasession.getStorkAttributes(); +            IPersonalAttributeList moaAttrList = moasession.getStorkAttributes();              Logger.info("Found number of moa personal attributes: " + moasession.getStorkAttributes().size()); @@ -114,13 +100,13 @@ public class AuthenticationRequest implements IAction {          DataContainer container = new DataContainer();          // - fill in the request we extracted above -        container.setRequest(((MOASTORKAuthnRequest) req).getStorkAuthnRequest()); -         +        container.setRequest(((MOASTORKRequest) req).getStorkAuthnRequest()); +          // - fill in the partial response created above          container.setResponse(authnResponse); -         +          // - memorize the target url were we have to return the result -        container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); +        container.setTarget(((MOASTORKRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());          container.setRemoteAddress(httpReq.getRemoteAddr()); @@ -141,24 +127,25 @@ public class AuthenticationRequest implements IAction {              Logger.debug("--Attribute: "                      + attributesList.item(j).getNodeName() + " = "                      + attributesList.item(j).getNodeValue()); -        }                    } +        } +    }      public PersonalAttributeList populateAttributes() { -        IPersonalAttributeList attrLst = moaStorkAuthnRequest.getStorkAuthnRequest().getPersonalAttributeList(); -        Logger.info("Found " + attrLst.size() + " personal attributes in the request." ); +        IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); +        Logger.info("Found " + attrLst.size() + " personal attributes in the request.");          // Define attribute list to be populated          PersonalAttributeList attributeList = new PersonalAttributeList(); -        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkAuthnRequest); +        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest);          try {              for (PersonalAttribute personalAttribute : attrLst) {                  Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());                  moaAttributeProvider.populateAttribute(attributeList, personalAttribute);              } -        }  catch (Exception e) { +        } catch (Exception e) {              Logger.error("Exception, attributes: " + e.getMessage());          } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 190a0d27c..d89fb8cb2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -22,7 +22,7 @@ public class MOAAttributeProvider {      private final IdentityLink identityLink;      private static final Map<String, String> storkAttributeSimpleMapping;      private static final Map<String, String> storkAttributeFunctionMapping; -    private final MOASTORKAuthnRequest moastorkAuthnRequest; +    private final MOASTORKRequest moastorkRequest;      static {          Map<String, String> tempSimpleMap = new HashMap<String, String>(); @@ -35,9 +35,9 @@ public class MOAAttributeProvider {          storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap);      } -    public MOAAttributeProvider(IdentityLink identityLink, MOASTORKAuthnRequest moastorkAuthnRequest) { +    public MOAAttributeProvider(IdentityLink identityLink, MOASTORKRequest moastorkRequest) {          this.identityLink = identityLink; -        this.moastorkAuthnRequest = moastorkAuthnRequest; +        this.moastorkRequest = moastorkRequest;          Logger.debug("identity " + identityLink.getIdentificationType() + " " + identityLink.getIdentificationValue());      } @@ -70,9 +70,9 @@ public class MOAAttributeProvider {      }      private String geteIdentifier() { -        Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); +        Logger.debug("Using base urn for identification value: " + identityLink.getIdentificationType() + " and target country: " + moastorkRequest.getStorkAuthnRequest().getSpCountry());          try { -            return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkAuthnRequest.getStorkAuthnRequest().getSpCountry()); +            return new BPKBuilder().buildStorkbPK(identityLink.getIdentificationValue(), moastorkRequest.getStorkAuthnRequest().getSpCountry());          } catch (BuildException be) {              Logger.error("Stork eid could not be constructed; " + be.getMessage());              return null; // TODO error diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index cee64e16e..8c7fd8706 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKAuthnRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,52 +1,76 @@  package at.gv.egovernment.moa.id.protocols.stork2;  import at.gv.egovernment.moa.id.moduls.IRequest; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest;  import eu.stork.peps.auth.commons.STORKAuthnRequest; -import org.opensaml.common.xml.SAMLConstants;  /** + * Implements MOA request and stores StorkAuthnRequest related data + *   * @author bsuzic - *         Date: 12/4/13, Time: 6:31 PM   */ -public class MOASTORKAuthnRequest implements IRequest { +public class MOASTORKRequest implements IRequest {      private String requestID;      private String target = null;      String module = null;      String action = null;      private STORKAuthnRequest storkAuthnRequest; +    private STORKAttrQueryRequest storkAttrQueryRequest; +    private boolean isAttrRequest = false; +    private boolean isAuthnRequest = false;      public void setSTORKAuthnRequest(STORKAuthnRequest request) {          this.storkAuthnRequest = request; +        if (request != null) { +            isAuthnRequest = true; +        }      } +    public void setSTORKAttrRequest(STORKAttrQueryRequest request) { +        this.storkAttrQueryRequest = request; +        if (request != null) { +            isAttrRequest = true; +        } + +    } + +    public boolean isAttrRequest() { +        return this.isAttrRequest; +    } + +    public boolean isAuthnRequest() { +        return this.isAuthnRequest; +    } + +      public STORKAuthnRequest getStorkAuthnRequest() {          return this.storkAuthnRequest;      }      public String getOAURL() { -        return "https://sp:8889/SP";  // +        return storkAuthnRequest.getAssertionConsumerServiceURL();      }      public boolean isPassiv() { -        return false;  // +        return false;      }      public boolean forceAuth() { -        return false;  // +        return false;      }      public boolean isSSOSupported() { -        return false;  // +        return false;      }      public String requestedModule() { -        return this.module;  // +        return this.module;      }      public String requestedAction() { -        return action;  // +        return action;      }      public void setModule(String module) { @@ -58,7 +82,7 @@ public class MOASTORKAuthnRequest implements IRequest {      }      public String getTarget() { -        return this.target;  // +        return this.target;      }      public void setRequestID(String id) { @@ -66,6 +90,6 @@ public class MOASTORKAuthnRequest implements IRequest {      }      public String getRequestID() { -        return this.requestID;  // +        return this.requestID;      }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 042d61080..28a516d2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -5,13 +5,12 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IModulInfo;  import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;  import at.gv.egovernment.moa.logging.Logger;  import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.STORKAttrQueryRequest;  import eu.stork.peps.auth.engine.STORKSAMLEngine;  import eu.stork.peps.exceptions.STORKSAMLEngineException;  import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;  import org.opensaml.ws.transport.http.HTTPInTransport;  import org.opensaml.ws.transport.http.HTTPOutTransport;  import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -20,7 +19,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import java.util.Collections;  import java.util.HashMap;  /** @@ -81,6 +79,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext();          samlMessageContext.setInboundMessageTransport(profileReq); +/*          HTTPPostDecoder postDecoder = new HTTPPostDecoder();          postDecoder.setURIComparator(new MOAURICompare()); // TODO Abstract to use general comparator @@ -90,8 +89,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          } catch (Exception e) {              Logger.error("Error decoding STORKAuthnRequest", e);          } +*/ -        MOASTORKAuthnRequest STORK2Request = new MOASTORKAuthnRequest(); +        MOASTORKRequest STORK2Request = new MOASTORKRequest();          //extract STORK Response from HTTP Request @@ -99,7 +99,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          try {              decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLRequest"));          } catch(NullPointerException e) { -            Logger.error("Unable to retrieve STORK Response", e); +            Logger.error("Unable to retrieve STORK Request", e);              throw new MOAIDException("stork.04", null);          } @@ -107,13 +107,26 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          STORKSAMLEngine engine = STORKSAMLEngine.getInstance("incoming");          STORKAuthnRequest authnRequest = null; +        STORKAttrQueryRequest attrRequest = null; +        // check if valid authn request is contained          try {              authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);          } catch (STORKSAMLEngineException ex) {              Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() );          } + +        // check if a valid attr request is container +        try { +            attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); +        } catch (STORKSAMLEngineException ex) { +            Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage() ); +        } + + + +          Logger.error("acsu " + authnRequest.getAssertionConsumerServiceURL());          Logger.error("cc " + authnRequest.getCitizenCountryCode());          Logger.error("iss " + authnRequest.getIssuer()); @@ -121,7 +134,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {          Logger.error("spi " + authnRequest.getSpInstitution());          STORK2Request.setSTORKAuthnRequest(authnRequest); - +        STORK2Request.setSTORKAttrRequest(attrRequest);          return STORK2Request;      } | 
