Refactore eIDAS module to new Spring based protocol engine

1 files changed, 86 insertions, 42 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index b652503f8..5c2ed4148 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -22,14 +22,21 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.io.IOException;
 import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -37,6 +44,10 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.MetadataAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
@@ -44,26 +55,15 @@ import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 
 /**
- * Stork 2 Protocol Support
+ * eIDAS Protocol Support for outbound authentication
  *
- * @author bsuzic
+ * @author tlenz
  */
-public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+public class EIDASProtocol extends AbstractProtocolModulController {
 
     public static final String NAME = EIDASProtocol.class.getName();
     public static final String PATH = "eidas";
 
-    public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
-    public static final String METADATAREQUEST = "MetadataRequest";
-    
-    private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
-    static {
-        actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
-        actions.put(METADATAREQUEST, new EidasMetaDataRequest());
-        
-    }
-
     public String getName() {
         return NAME;
     }
@@ -72,20 +72,70 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
         return PATH;
     }
 
-    public IAction getAction(String action) {
-        return actions.get(action);
-    }
-
-    public EIDASProtocol() {
-        super();
-    }
-
+	//eIDAS metadata end-point
+	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
+	public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+		
+		//create pendingRequest object
+		EIDASData pendingReq = new EIDASData(req);
+		pendingReq.setModule(NAME);
+		pendingReq.setNeedAuthentication(false);
+		pendingReq.setAuthenticated(false);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+
+		EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class);
+		metadataAction.processRequest(pendingReq, 
+				req, resp, null);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				Constants.eIDAS_REVERSIONSLOG_METADATA);
+	}
+    
+	
+	//PVP2.x IDP POST-Binding end-point
+	@RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST})
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+		
+		//create pending-request object
+		EIDASData pendingReq = new EIDASData(req);
+		pendingReq.setModule(NAME);
+		
+		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+		revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+		//preProcess eIDAS request
+		preProcess(req, resp, pendingReq);
+		
+		revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+		
+		//AuthnRequest needs authentication
+		pendingReq.setNeedAuthentication(true);
+
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(eIDASAuthenticationRequest.class.getName());
+		
+		//switch to session authentication
+		performAuthentication(req, resp, pendingReq);
+	}
+    
     /*
         First request step - send it to BKU selection for user authentication. After the user credentials
         and other info are obtained, in the second step the request will be processed and the user redirected
          */
-    public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
-			String sessionId, String transactionId) throws MOAIDException {
+    public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
 
         Logger.info("received an eIDaS request");
 
@@ -104,42 +154,36 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			//validate SAML token
 			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
 
-			// memorize important stuff
-			EIDASData result = new EIDASData(request);
-
 			// - memorize remote ip
-			result.setRemoteAddress(request.getRemoteAddr());
+			pendingReq.setRemoteAddress(request.getRemoteAddr());
 			
 			// - memorize country code of target country
-			result.setTarget(samlReq.getCountry());
+			pendingReq.setGenericDataToSession(
+					Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
 			
 			// - memorize requested attributes
-			result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+			pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
 
 			// - memorize whole request
-			samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
-			result.setEidasRequest(samlReq);
+			samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			pendingReq.setEidasRequest(samlReq);
 			
 			// - memorize OA url
-			result.setOAURL(samlReq.getIssuer());
-
+			pendingReq.setOAURL(samlReq.getIssuer());
+	
 			// - memorize OA config
-			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
+			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
-				throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()});
-			result.setOnlineApplicationConfiguration(oaConfig);
+				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+			pendingReq.setOnlineApplicationConfiguration(oaConfig);
 
-			return result;
 		} catch(Exception e) {
 			Logger.error("error in preprocessing step", e);
 			throw new MOAIDException("error in preprocessing step", null);
+			
 		}
     }
 
-    public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
-        return null;
-    }
-
     public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
         return false;
     }