move authentication protocol implementation to separate modules.

authentication protocol modules are loaded by SPI now.

1 files changed, 215 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
new file mode 100644
index 000000000..56d86df72
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -0,0 +1,215 @@
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import com.google.gson.JsonObject;
+
+import java.util.Arrays;
+
+public class OAuth20Protocol implements IModulInfo {
+	
+	public static final String NAME = OAuth20Protocol.class.getName();
+	public static final String PATH = "id_oauth20";
+	
+	public static final String AUTH_ACTION = "AUTH";
+	public static final String TOKEN_ACTION = "TOKEN";
+	
+	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+			new String[] {
+					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+					PVPConstants.BPK_NAME
+			});
+	
+	private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+	
+	static {
+		actions.put(AUTH_ACTION, new OAuth20AuthAction());
+		actions.put(TOKEN_ACTION, new OAuth20TokenAction());
+	}
+	
+	public String getName() {
+		return NAME;
+	}
+	
+	public String getPath() {
+		return PATH;
+	}
+	
+	public IAction getAction(String action) {
+		return actions.get(action);
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see
+	 * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest,
+	 * javax.servlet.http.HttpServletResponse, java.lang.String)
+	 */
+	public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action,
+			String sessionId, String transactionId) throws MOAIDException {
+		// validation is done inside creation
+		OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId);
+		Logger.debug("Created: " + res);
+		return res;
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see
+	 * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest
+	 * , javax.servlet.http.HttpServletResponse)
+	 */
+	public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+		if (!StringUtils.isEmpty(request.getParameter("action"))) {
+			if (request.getParameter("action").equals(AUTH_ACTION)) {
+				return getAction(AUTH_ACTION);
+			} else if (request.getParameter("action").equals(TOKEN_ACTION)) {
+				return getAction(TOKEN_ACTION);
+			}
+		}
+		
+		return null;// getAction(AUTH_ACTION);
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable,
+	 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+	 * at.gv.egovernment.moa.id.moduls.IRequest)
+	 */
+	public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
+			throws Throwable {
+				
+		// get error code and description
+		String errorCode;
+		String errorDescription;
+		String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() 
+				+"/" + OAuth20Constants.ERRORPAGE;
+		String moaError = null;
+		
+		ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+		
+		if (e instanceof OAuth20Exception) {
+			errorCode = ((OAuth20Exception) e).getErrorCode();
+			errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
+			moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+			
+		} else {
+			errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
+			errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
+			moaError = errorUtils.getResponseErrorCode(e);
+		}
+				
+		String paramRedirect = null;
+		String state = null;
+		boolean isAuthRequest = false;
+		if (protocolRequest != null) {
+			if (protocolRequest instanceof OAuth20AuthRequest) {
+				isAuthRequest = true;
+				
+				paramRedirect = ((OAuth20AuthRequest) protocolRequest).getRedirectUri();
+				state = ((OAuth20AuthRequest) protocolRequest).getState();
+			} else {
+				isAuthRequest = false;
+			}
+		} else {
+			String action = request.getParameter("action");
+			if (MiscUtil.isNotEmpty(action)) {
+				if (action.equals(AUTH_ACTION)) {
+					
+					paramRedirect = request.getParameter(OAuth20Constants.PARAM_REDIRECT_URI);
+					state = request.getParameter(OAuth20Constants.PARAM_STATE);
+					isAuthRequest = true;
+				}
+			} else {
+				throw new MOAIDException("oauth20.01", new Object[] {});
+			}
+		}
+		
+		// if (action.equals(AUTH_ACTION)) {
+		if (isAuthRequest) {
+			Logger.debug("Going to throw O OAuth20Exception for auth request");
+			
+			StringBuilder url = new StringBuilder();
+			
+			// check if given redirect url is ok
+			if (StringUtils.isNotEmpty(paramRedirect) && OAuth20Util.isUrl(paramRedirect)) {
+				url.append(paramRedirect);
+				
+				// otherwise throw an
+			} else {
+				throw new MOAIDException("oauth20.01", new Object[] {});
+			}
+			
+			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
+			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
+			if (MiscUtil.isNotEmpty(moaError))
+				OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+			OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
+			
+			response.setContentType("text/html");
+			response.setStatus(HttpServletResponse.SC_FOUND);
+			response.addHeader("Location", url.toString());
+			Logger.debug("REDIRECT TO: " + url.toString());
+			return true;
+			
+		} else {
+			Logger.debug("Going to throw O OAuth20Exception for token request");
+			
+			Map<String, Object> params = new HashMap<String, Object>();
+			params.put(OAuth20Constants.PARAM_ERROR, errorCode);
+			params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
+			params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+			
+			// create response
+			JsonObject jsonObject = new JsonObject();
+			OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
+			String jsonResponse = jsonObject.toString();
+			Logger.debug("JSON Response: " + jsonResponse);
+			
+			// write respone to http response
+			response.setContentType("application/json");
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			response.getOutputStream().print(jsonResponse);
+			response.getOutputStream().close();
+			
+			return true;
+		}
+		
+		// return false;
+		
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see
+	 * at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest,
+	 * javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+	 */
+	public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+		// we validate in the preProcess
+		return true;
+	}
+	
+}