aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/module-stork
diff options
context:
space:
mode:
authorBojan Suzic <bojan.suzic@iaik.tugraz.at>2015-05-11 13:35:06 +0200
committerBojan Suzic <bojan.suzic@iaik.tugraz.at>2015-05-11 13:35:06 +0200
commit6501da184914a797babb2a2a49eb0d88fd6aacbc (patch)
tree052d04159768f3a63fd0718e45fa43c6f8b9bf09 /id/server/modules/module-stork
parent5830752a2142b9664bc46196c1a67250cbedf655 (diff)
parentc230145208b7fbe53b7bf2d6aff49a24301559eb (diff)
downloadmoa-id-spss-6501da184914a797babb2a2a49eb0d88fd6aacbc.tar.gz
moa-id-spss-6501da184914a797babb2a2a49eb0d88fd6aacbc.tar.bz2
moa-id-spss-6501da184914a797babb2a2a49eb0d88fd6aacbc.zip
Merge branch '2.2.x-Snapshot' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into 2.2.x-Snapshot
Diffstat (limited to 'id/server/modules/module-stork')
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java8
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java12
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java32
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java35
4 files changed, 54 insertions, 33 deletions
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index f8cc17b93..021ee62cf 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
@@ -63,7 +64,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
String pendingRequestID = null;
String sessionID = null;
@@ -97,11 +98,12 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
- throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+ throw new TaskExecutionException("CreateStorkAuthRequestFormTask has an interal Error.", e);
+
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
index 077bb2dee..1ae66f24e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
@@ -79,7 +80,7 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
Logger.info("moaSessionID:" + moaSessionID);
@@ -90,13 +91,13 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
handleSignResponse(executionContext, request, response);
} else {
// should not occur
- throw new IOException("should not occur");
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
}
return;
}
private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response) throws TaskExecutionException {
Logger.info("handleSignResponse started");
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
@@ -199,13 +200,14 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 3338804b4..aff69aa9c 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
@@ -83,7 +84,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
Logger.info("moaSessionID:" + moaSessionID);
@@ -95,13 +96,13 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
} else {
// should not occur
- throw new IOException("should not occur");
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
}
return;
}
private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response) throws TaskExecutionException {
Logger.info("handleSAMLResponse started");
String pendingRequestID = null;
@@ -136,7 +137,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -211,10 +212,16 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
|| STORKResponseProcessor.hasAttribute("representative", attributeList)
@@ -233,7 +240,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -246,7 +253,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// extract signed doc element and citizen signature
String citizenSignature = null;
try {
- PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+ PersonalAttribute signedDoc = attributeList.get("signedDoc");
String signatureInfo = null;
// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
if (signedDoc != null) {
@@ -259,7 +266,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// store authnResponse
// moaSession.setAuthnResponse(authnResponse);//not serializable
- moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+ moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);
String authnContextClassRef = null;
try {
@@ -335,7 +342,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
try {
- SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+ SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions()
.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
.getAuthnContextClassRef(), citizenSignature);
} catch (STORKException e) {
@@ -393,13 +400,14 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index 6e0bd19ff..6eabc0538 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
@@ -128,7 +129,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String pendingRequestID = null;
setNoCachingHeaders(response);
@@ -162,7 +163,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -297,9 +298,16 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
@@ -320,7 +328,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -336,15 +344,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
// extract signed doc element and citizen signature
try {
- if (authnResponse.getPersonalAttributeList().get("signedDoc") == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue() == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0) == null) {
+ if (attributeList.get("signedDoc") == null
+ || attributeList.get("signedDoc").getValue() == null
+ || attributeList.get("signedDoc").getValue().get(0) == null) {
Logger.info("STORK Response include NO signedDoc attribute!");
throw new STORKException("STORK Response include NO signedDoc attribute.");
}
- String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ String signatureInfo = attributeList.get("signedDoc").getValue().get(0);
Logger.debug("signatureInfo:" + signatureInfo);
@@ -498,7 +506,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.debug("Starting connecting SZR Gateway");
identityLink = STORKResponseProcessor.connectToSZRGateway(
- authnResponse.getPersonalAttributeList(),
+ attributeList,
oaParam.getFriendlyName(),
targetType,
null,
@@ -552,7 +560,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
moaSession.setIdentityLink(identityLink);
Logger.debug("Adding addtional STORK attributes to MOA session");
- moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+ moaSession.setStorkAttributes(attributeList);
Logger.debug("Add full STORK AuthnResponse to MOA session");
moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
@@ -606,13 +614,14 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {