Refactore eIDAS module to new Spring based protocol engine

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2016-02-16 16:35:56 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2016-02-16 16:35:56 +0100
commit: 15391f9c7c3afa19bb5f15e4f71561be71aafb49 (patch)
tree: 66c576fcb6b60d8618fc5e52f1f11dc2b80aae79 /id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas
parent: 1b7401488933f031a68dfe929b25db86279b52d2 (diff)
download: moa-id-spss-15391f9c7c3afa19bb5f15e4f71561be71aafb49.tar.gz
moa-id-spss-15391f9c7c3afa19bb5f15e4f71561be71aafb49.tar.bz2
moa-id-spss-15391f9c7c3afa19bb5f15e4f71561be71aafb49.zip
3 files changed, 99 insertions, 45 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index b652503f8..5c2ed4148 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -22,14 +22,21 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.io.IOException;
 import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -37,6 +44,10 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.MetadataAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
@@ -44,26 +55,15 @@ import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 
 /**
- * Stork 2 Protocol Support
+ * eIDAS Protocol Support for outbound authentication
  *
- * @author bsuzic
+ * @author tlenz
  */
-public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+public class EIDASProtocol extends AbstractProtocolModulController {
 
     public static final String NAME = EIDASProtocol.class.getName();
     public static final String PATH = "eidas";
 
-    public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
-    public static final String METADATAREQUEST = "MetadataRequest";
-    
-    private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
-    static {
-        actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
-        actions.put(METADATAREQUEST, new EidasMetaDataRequest());
-        
-    }
-
     public String getName() {
         return NAME;
     }
@@ -72,20 +72,70 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
         return PATH;
     }
 
-    public IAction getAction(String action) {
-        return actions.get(action);
-    }
-
-    public EIDASProtocol() {
-        super();
-    }
-
+	//eIDAS metadata end-point
+	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
+	public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+		
+		//create pendingRequest object
+		EIDASData pendingReq = new EIDASData(req);
+		pendingReq.setModule(NAME);
+		pendingReq.setNeedAuthentication(false);
+		pendingReq.setAuthenticated(false);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+
+		EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class);
+		metadataAction.processRequest(pendingReq, 
+				req, resp, null);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				Constants.eIDAS_REVERSIONSLOG_METADATA);
+	}
+    
+	
+	//PVP2.x IDP POST-Binding end-point
+	@RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST})
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+		
+		//create pending-request object
+		EIDASData pendingReq = new EIDASData(req);
+		pendingReq.setModule(NAME);
+		
+		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+		revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+		//preProcess eIDAS request
+		preProcess(req, resp, pendingReq);
+		
+		revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+		
+		//AuthnRequest needs authentication
+		pendingReq.setNeedAuthentication(true);
+
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(eIDASAuthenticationRequest.class.getName());
+		
+		//switch to session authentication
+		performAuthentication(req, resp, pendingReq);
+	}
+    
     /*
         First request step - send it to BKU selection for user authentication. After the user credentials
         and other info are obtained, in the second step the request will be processed and the user redirected
          */
-    public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
-			String sessionId, String transactionId) throws MOAIDException {
+    public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
 
         Logger.info("received an eIDaS request");
 
@@ -104,42 +154,36 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			//validate SAML token
 			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
 
-			// memorize important stuff
-			EIDASData result = new EIDASData(request);
-
 			// - memorize remote ip
-			result.setRemoteAddress(request.getRemoteAddr());
+			pendingReq.setRemoteAddress(request.getRemoteAddr());
 			
 			// - memorize country code of target country
-			result.setTarget(samlReq.getCountry());
+			pendingReq.setGenericDataToSession(
+					Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
 			
 			// - memorize requested attributes
-			result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+			pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
 
 			// - memorize whole request
-			samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
-			result.setEidasRequest(samlReq);
+			samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			pendingReq.setEidasRequest(samlReq);
 			
 			// - memorize OA url
-			result.setOAURL(samlReq.getIssuer());
-
+			pendingReq.setOAURL(samlReq.getIssuer());
+	
 			// - memorize OA config
-			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
+			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
-				throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()});
-			result.setOnlineApplicationConfiguration(oaConfig);
+				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+			pendingReq.setOnlineApplicationConfiguration(oaConfig);
 
-			return result;
 		} catch(Exception e) {
 			Logger.error("error in preprocessing step", e);
 			throw new MOAIDException("error in preprocessing step", null);
+			
 		}
     }
 
-    public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
-        return null;
-    }
-
     public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
         return false;
     }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index c8795302f..4e34902e2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -39,6 +40,7 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
 /**
  * First version to provide some valid metadata to an asking eIDaS node
  */
+@Service("EidasMetaDataRequest")
 public class EidasMetaDataRequest implements IAction {
     private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class); 
     
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 09287e6d4..0702c34d5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -32,8 +32,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -59,11 +62,14 @@ import eu.eidas.auth.engine.metadata.MetadataUtil;
  * Second request step - after authentication of the user is done and moasession obtained,
  * process request and forward the user further to PEPS and/or other entities
  *
- * @author bsuzic
+ * @author tlenz
  */
 
-public class AuthenticationRequest implements IAction {
+@Service("eIDASAuthenticationRequest")
+public class eIDASAuthenticationRequest implements IAction {
 
+	@Autowired protected MOAReversionLogger revisionsLogger;
+	
 	@Override
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
 		EIDASData eidasRequest;
@@ -85,7 +91,7 @@ public class AuthenticationRequest implements IAction {
 			case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
 			case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
 			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
-                    eidasRequest.getTarget()); break;
+                    eidasRequest.getGenericData(Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class)); break;
 			}
 			
 			if("".equals(newValue))
@@ -129,6 +135,8 @@ public class AuthenticationRequest implements IAction {
 			e.printStackTrace();
 		}
 		
+		revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+		
 		// send the response
         try {
             VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2016-02-16 16:35:56 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2016-02-16 16:35:56 +0100
commit	15391f9c7c3afa19bb5f15e4f71561be71aafb49 (patch)
tree	66c576fcb6b60d8618fc5e52f1f11dc2b80aae79 /id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas
parent	1b7401488933f031a68dfe929b25db86279b52d2 (diff)
download	moa-id-spss-15391f9c7c3afa19bb5f15e4f71561be71aafb49.tar.gz moa-id-spss-15391f9c7c3afa19bb5f15e4f71561be71aafb49.tar.bz2 moa-id-spss-15391f9c7c3afa19bb5f15e4f71561be71aafb49.zip