aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-08-02 14:48:56 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-08-02 14:48:56 +0200
commita9b9c5177217de2f99298a416a25f912944d6383 (patch)
tree6556dec0479e3eb21b23eebb3b06a704c4bd4162 /id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas
parentd63a3e5b0ae43808cddd89d62f57868278eb50eb (diff)
downloadmoa-id-spss-a9b9c5177217de2f99298a416a25f912944d6383.tar.gz
moa-id-spss-a9b9c5177217de2f99298a416a25f912944d6383.tar.bz2
moa-id-spss-a9b9c5177217de2f99298a416a25f912944d6383.zip
First untested version of refactor eIDAS module, which uses eIDAS SAMLEngine v1.1 from JoinUp
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java22
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java124
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java34
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java115
4 files changed, 174 insertions, 121 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 4dffba575..7647b4cab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -7,9 +7,9 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
@Component("EIDASData")
@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
@@ -19,10 +19,10 @@ public class EIDASData extends RequestImpl {
private static final long serialVersionUID = 8765755670214923910L;
/** The attributes requested by the eIDaS. */
- private MOAPersonalAttributeList attributes;
+ private ImmutableAttributeMap attributes;
/** The incoming eIDaS SAML2 AuthnRequest. */
- private EIDASAuthnRequest authnRequest;
+ private IAuthenticationRequest authnRequest;
/** The ip address of the requester. */
private String remoteIPAddress;
@@ -40,17 +40,17 @@ public class EIDASData extends RequestImpl {
*
* @return the requested attributes
*/
- public MOAPersonalAttributeList getEidasRequestedAttributes() {
- return (MOAPersonalAttributeList) attributes.clone();
+ public ImmutableAttributeMap getEidasRequestedAttributes() {
+ return attributes;
}
/**
* Sets the eidas requested attributes.
*
- * @param personalAttributeList the requested attributes
+ * @param immutableAttributeMap the requested attributes
*/
- public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
- attributes = personalAttributeList;
+ public void setEidasRequestedAttributes(ImmutableAttributeMap immutableAttributeMap) {
+ attributes = immutableAttributeMap;
}
/**
@@ -58,7 +58,7 @@ public class EIDASData extends RequestImpl {
*
* @return the eidas request
*/
- public EIDASAuthnRequest getEidasRequest() {
+ public IAuthenticationRequest getEidasRequest() {
return authnRequest;
}
@@ -67,7 +67,7 @@ public class EIDASData extends RequestImpl {
*
* @param request the new eidas request
*/
- public void setEidasRequest(EIDASAuthnRequest request) {
+ public void setEidasRequest(IAuthenticationRequest request) {
authnRequest = request;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index fc935e2ef..cf9414a3b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -45,10 +45,9 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -57,10 +56,12 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse.Builder;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.MetadataUtil;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@@ -82,7 +83,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
Logger.debug("Registering servlet " + getClass().getName() +
" with mappings '" + Constants.eIDAS_HTTP_ENDPOINT_METADATA +
"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST +
- "' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +"'.");
+ //"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +
+ "'.");
}
@@ -172,13 +174,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
try {
//decode SAML2 token
- byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
+ byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
//get eIDAS SAML-engine
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+ //TODO: change to configurable COUNTRY-CODE
+ String cititzenCountryCode = "AT";
//validate SAML token
- EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+ IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
// - memorize remote ip
pendingReq.setRemoteAddress(request.getRemoteAddr());
@@ -189,13 +193,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
// - memorize country code of target country
pendingReq.setGenericDataToSession(
- RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
+ RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getOriginCountryCode());
- // - memorize requested attributes
- pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+ //TODO: store level of assurance
+
+
+ // - memorize requested attributes
+ pendingReq.setEidasRequestedAttributes(samlReq.getRequestedAttributes());
- // - memorize whole request
- samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+ // - memorize whole request
pendingReq.setEidasRequest(samlReq);
//validate Destination against MOA-ID-Auth configuration
@@ -203,7 +209,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
if (MiscUtil.isEmpty(reqDestination) ||
!reqDestination.startsWith(pendingReq.getAuthURL())) {
Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
- throw new eIDASAuthnRequestValidationException("stork.01",
+ throw new EIDASAuthnRequestValidationException("stork.01",
new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
}
@@ -223,7 +229,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
if (!isValid) {
Logger.info("eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute");
- throw new eIDASAuthnRequestValidationException("stork.01",
+ throw new EIDASAuthnRequestValidationException("stork.01",
new Object[]{"eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute"});
}
@@ -236,18 +242,19 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
// - memorize OA config
IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
if (oaConfig == null)
- throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+ throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
pendingReq.setOnlineApplicationConfiguration(oaConfig);
- String spType = samlReq.getSPType();
- if (MiscUtil.isEmpty(spType)) {
- Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
- //TODO: maybe implement this if required
-
- }
-
- Logger.debug("eIDAS request has SPType:" + spType);
+ //TODO: is not supported any more ?!?
+// String spType = samlReq.getSPType();
+// if (MiscUtil.isEmpty(spType)) {
+// Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
+// //TODO: maybe implement this if required
+//
+// }
+//
+// Logger.debug("eIDAS request has SPType:" + spType);
} catch (MOAIDException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
@@ -255,11 +262,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
} catch (EIDASSAMLEngineException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
- throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
} catch(Exception e) {
Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
- throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
}
}
@@ -273,43 +280,50 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
try {
- EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
- eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
-
- if (e instanceof eIDASException) {
- eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
- eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
- eIDASResp.setMessage(e.getMessage());
+ Builder eIDASRespBuilder = new AuthenticationResponse.Builder();
+ eIDASRespBuilder.issuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+
+ if (e instanceof EIDASException) {
+ eIDASRespBuilder.statusCode(((EIDASException) e).getStatusCodeFirstLevel());
+ eIDASRespBuilder.subStatusCode(((EIDASException) e).getStatusCodeSecondLevel());
+ eIDASRespBuilder.statusMessage(e.getMessage());
} else if (e instanceof MOAIDException ) {
- eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
- eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
- eIDASResp.setMessage(e.getMessage());
+ eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+ eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASRespBuilder.statusMessage(e.getMessage());
} else {
- eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
- eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
- eIDASResp.setMessage(e.getMessage());
+ eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+ eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASRespBuilder.statusMessage(e.getMessage());
}
-
-
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-
+
if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider),
- engine,
+ String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata(
+ SAMLEngineUtils.getMetadataFetcher(),
+ SAMLEngineUtils.getMetadataSigner(),
eidasReq.getEidasRequest());
- eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
- }
+ //TODO: set AssertionConsumerService is required?
+
+ }
+
+ eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
+ eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());
+
+ //build response
+ AuthenticationResponse eIDASResp = eIDASRespBuilder.build();
+
//get eIDAS SAML-engine
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
+ //build response message
+ IResponseMessage eIDASRespMsg = engine.generateResponseErrorMessage(eidasReq.getEidasRequest(),eIDASResp, eidasReq.getRemoteAddress());
- eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp,
- eidasReq.getRemoteAddress(), true);
- String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+ String token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 3fc13406c..a93dff3b3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -21,6 +21,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.Organization;
import org.springframework.beans.factory.annotation.Autowired;
@@ -39,11 +40,11 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.Contact;
import eu.eidas.auth.engine.metadata.MetadataConfigParams;
import eu.eidas.auth.engine.metadata.MetadataGenerator;
-import eu.eidas.engine.exceptions.SAMLEngineException;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
@@ -65,10 +66,10 @@ public class EidasMetaDataRequest implements IAction {
try {
String pubURLPrefix = req.getAuthURL();
- String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+ String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
- String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
- String metaData = generateMetadata(metadata_url, sp_return_url);
+ String metaData = generateMetadata(req, metadata_url, sp_return_url);
Logger.trace(metaData);
@@ -104,10 +105,10 @@ public class EidasMetaDataRequest implements IAction {
}
- public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+ public String generateMetadata(IRequest pendingReq, String metadata_url, String sp_return_url) throws EIDASSAMLEngineException, EIDASEngineException{
String metadata="invalid metadata";
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+ ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
MetadataGenerator generator = new MetadataGenerator();
MetadataConfigParams mcp=new MetadataConfigParams();
@@ -116,6 +117,9 @@ public class EidasMetaDataRequest implements IAction {
mcp.setEntityID(metadata_url);
mcp.setAssertionConsumerUrl(sp_return_url);
+ mcp.getProtocolBindingLocation().put(
+ SAMLConstants.SAML2_POST_BINDING_URI,
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST);
//TODO: make it configurable
@@ -137,11 +141,17 @@ public class EidasMetaDataRequest implements IAction {
Contact technicalContact = new Contact();
List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
- if (contacts != null && contacts.size() >= 1) {
- technicalContact.setEmail(contacts.get(0).getEmailAddresses().get(0).getAddress());
- technicalContact.setGivenName(contacts.get(0).getGivenName().getName());
- technicalContact.setSurName(contacts.get(0).getSurName().getName());
- technicalContact.setPhone(contacts.get(0).getTelephoneNumbers().get(0).getNumber());
+ if (contacts != null && contacts.size() >= 1) {
+ ContactPerson contact = contacts.get(0);
+ technicalContact.setGivenName(contact.getGivenName().getName());
+ technicalContact.setSurName(contact.getSurName().getName());
+
+ if (!contact.getEmailAddresses().isEmpty())
+ technicalContact.setEmail(contact.getEmailAddresses().get(0).getAddress());
+
+ if (!contact.getTelephoneNumbers().isEmpty())
+ technicalContact.setPhone(contact.getTelephoneNumbers().get(0).getNumber());
+
mcp.setTechnicalContact(technicalContact );
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 2beb419fb..9e29c01f3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.StringWriter;
import java.text.SimpleDateFormat;
-import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -36,13 +35,12 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
+import com.google.common.collect.ImmutableSet;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -50,12 +48,16 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASStatusCode;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
/**
@@ -80,14 +82,16 @@ public class eIDASAuthenticationRequest implements IAction {
throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
- // gather attributes
- MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+ //gather attributes
+ ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();
+
+ ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder();
- for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+ for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) {
String newValue = "";
-
+
// TODO make use of proper builder
- switch(current.getKey()) {
+ switch(attr.getFriendlyName()) {
case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
@@ -95,50 +99,75 @@ public class eIDASAuthenticationRequest implements IAction {
}
- if(MiscUtil.isEmpty(newValue))
- current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
-
- else {
- current.getValue().getValue().clear();
- current.getValue().getValue().add(newValue);
- current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+ if(MiscUtil.isEmpty(newValue)) {
+// current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+ Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+
+ } else {
+ AttributeValueMarshaller<?> attributeValueMarshaller = attr.getAttributeValueMarshaller();
+ ImmutableSet.Builder<AttributeValue<?>> builder = ImmutableSet.builder();
+
+ AttributeValue<?> attributeValue = null;
+ try {
+ attributeValue = attributeValueMarshaller.unmarshal(newValue, false);
+
+ } catch (AttributeValueMarshallingException e) {
+ throw new IllegalStateException(e);
+
+ }
+
+ //TODO: check for 'isAvailable flag'!
+
+ attrMapBuilder.put((AttributeDefinition)attr, (ImmutableSet) builder.build());
}
+
+
+
}
// construct eIDaS response
- EIDASAuthnResponse response = new EIDASAuthnResponse();
- response.setPersonalAttributeList(resultingAttributeList);
+ AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder();
- // - create metadata url
- String pubURLPrefix = req.getAuthURL();
+ responseBuilder.id(SAMLEngineUtils.generateNCName());
+ responseBuilder.inResponseTo(eidasRequest.getEidasRequest().getId());
+
+ String pubURLPrefix = req.getAuthURL();
String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
- response.setIssuer(metadata_url);
-
- response.setAssuranceLevel(authData.getEIDASQAALevel());
+ responseBuilder.issuer(metadata_url);
+
+ responseBuilder.levelOfAssurance(authData.getEIDASQAALevel());
+
+ //add attributes
+ responseBuilder.attributes(attrMapBuilder.build());
+
+ //build response
+ AuthenticationResponse response = responseBuilder.build();
String token = null;
try {
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+ ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
// encryption is done by the SamlEngine, i.e. by the module we provide in the config
// but we need to set the appropriate request issuer
- engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
-
-
- if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
- new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider),
- engine,
- eidasRequest.getEidasRequest());
- eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
-
- }
+ //engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
+
+ IResponseMessage eIDASRespMsg = engine.generateResponseMessage(eidasRequest.getEidasRequest(),
+ response, true, eidasRequest.getRemoteAddress());
+
+// if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+// String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+// new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider),
+// engine,
+// eidasRequest.getEidasRequest());
+// eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+//
+// }
- response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+// response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
- token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+ token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
} catch(Exception e) {
e.printStackTrace();