move authentication protocol implementation to separate modules.

authentication protocol modules are loaded by SPI now.

1 files changed, 234 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
new file mode 100644
index 000000000..06509b333
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -0,0 +1,234 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class OAuth20AuthRequest extends OAuth20BaseRequest {
+	
+	private static final long serialVersionUID = 1L;
+	
+	private String responseType;
+	private String state;
+	private String redirectUri;
+	private String scope;
+	private String clientID;
+	private String nonce;
+	
+	/**
+	 * @return the responseType
+	 */
+	public String getResponseType() {
+		return responseType;
+	}
+	
+	/**
+	 * @param responseType
+	 *            the responseType to set
+	 */
+	public void setResponseType(String responseType) {
+		this.responseType = responseType;
+	}
+	
+	/**
+	 * @return the state
+	 */
+	public String getState() {
+		return state;
+	}
+	
+	/**
+	 * @param state
+	 *            the state to set
+	 */
+	public void setState(String state) {
+		this.state = state;
+	}
+	
+	/**
+	 * @return the redirectUri
+	 */
+	public String getRedirectUri() {
+		return redirectUri;
+	}
+	
+	/**
+	 * @param redirectUri
+	 *            the redirectUri to set
+	 */
+	public void setRedirectUri(String redirectUri) {
+		this.redirectUri = redirectUri;
+	}
+	
+	/**
+	 * @return the scope
+	 */
+	public String getScope() {
+		return scope;
+	}
+	
+	/**
+	 * @param scope
+	 *            the scope to set
+	 */
+	public void setScope(String scope) {
+		this.scope = scope;
+	}
+	
+	/**
+	 * @return the clientID
+	 */
+	public String getClientID() {
+		return clientID;
+	}
+	
+	/**
+	 * @param clientID
+	 *            the clientID to set
+	 */
+	public void setClientID(String clientID) {
+		this.clientID = clientID;
+	}
+	
+	
+	
+	/**
+	 * @return the nonce
+	 */
+	public String getNonce() {
+		return nonce;
+	}
+
+	/**
+	 * @param nonce the nonce to set
+	 */
+	public void setNonce(String nonce) {
+		this.nonce = nonce;
+	}
+
+	@Override
+	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
+		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
+		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
+		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+		this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false));
+		this.setNonce(this.getParam(request, OAuth20Constants.PARAM_NONCE, false));
+		
+		// check for response type
+		if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
+			throw new OAuth20ResponseTypeException();
+		}
+		
+		// check state for invalid characters (like < > & ; ... javascript ... to prevent xss)
+		if (!OAuth20Util.isValidStateValue(this.getState())) {
+			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
+		}
+		
+		// check if client id and redirect uri are ok
+		try {
+			// OAOAUTH20 cannot be null at this point. check was done in base request
+			OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			
+			
+			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+					|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+				throw new OAuth20AccessDeniedException();
+			}
+			
+			this.setOnlineApplicationConfiguration(oAuthConfig);
+			Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+			
+			
+		} catch (ConfigurationException e) {
+			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+	 */
+	@Override
+	public List<Attribute> getRequestedAttributes() {
+		Map<String, String> reqAttr = new HashMap<String, String>();
+		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+			reqAttr.put(el, "");
+						
+		try {
+			OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
+			
+			for (String s : scope.split(" ")) {
+				if (s.equalsIgnoreCase("profile")) {
+					for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+						reqAttr.put(el.getName(), "");
+
+				} else if (s.equalsIgnoreCase("eID")) {
+					for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+						reqAttr.put(el.getName(), "");
+					
+				} else if (s.equalsIgnoreCase("eID_gov")) {
+					for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+						reqAttr.put(el.getName(), "");
+					
+				} else if (s.equalsIgnoreCase("mandate")) {
+					for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+						reqAttr.put(el.getName(), "");
+					
+				} else if (s.equalsIgnoreCase("stork")) {
+					for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+						reqAttr.put(el.getName(), "");
+					
+				}
+			}
+			
+			return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
+			return null;
+		}
+	}
+}