diff options
author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2015-05-11 13:35:06 +0200 |
---|---|---|
committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2015-05-11 13:35:06 +0200 |
commit | 6501da184914a797babb2a2a49eb0d88fd6aacbc (patch) | |
tree | 052d04159768f3a63fd0718e45fa43c6f8b9bf09 /id/server/modules/module-stork | |
parent | 5830752a2142b9664bc46196c1a67250cbedf655 (diff) | |
parent | c230145208b7fbe53b7bf2d6aff49a24301559eb (diff) | |
download | moa-id-spss-6501da184914a797babb2a2a49eb0d88fd6aacbc.tar.gz moa-id-spss-6501da184914a797babb2a2a49eb0d88fd6aacbc.tar.bz2 moa-id-spss-6501da184914a797babb2a2a49eb0d88fd6aacbc.zip |
Merge branch '2.2.x-Snapshot' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into 2.2.x-Snapshot
Diffstat (limited to 'id/server/modules/module-stork')
4 files changed, 54 insertions, 33 deletions
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index f8cc17b93..021ee62cf 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
@@ -63,7 +64,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { @Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
String pendingRequestID = null;
String sessionID = null;
@@ -97,11 +98,12 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
- throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+ throw new TaskExecutionException("CreateStorkAuthRequestFormTask has an interal Error.", e);
+
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java index 077bb2dee..1ae66f24e 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java @@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
@@ -79,7 +80,7 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec @Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
Logger.info("moaSessionID:" + moaSessionID);
@@ -90,13 +91,13 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec handleSignResponse(executionContext, request, response);
} else {
// should not occur
- throw new IOException("should not occur");
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
}
return;
}
private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response) throws TaskExecutionException {
Logger.info("handleSignResponse started");
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
@@ -199,13 +200,14 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index 3338804b4..aff69aa9c 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
@@ -83,7 +84,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep @Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
Logger.info("moaSessionID:" + moaSessionID);
@@ -95,13 +96,13 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep } else {
// should not occur
- throw new IOException("should not occur");
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
}
return;
}
private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response) throws TaskExecutionException {
Logger.info("handleSAMLResponse started");
String pendingRequestID = null;
@@ -136,7 +137,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -211,10 +212,16 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
|| STORKResponseProcessor.hasAttribute("representative", attributeList)
@@ -233,7 +240,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -246,7 +253,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // extract signed doc element and citizen signature
String citizenSignature = null;
try {
- PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+ PersonalAttribute signedDoc = attributeList.get("signedDoc");
String signatureInfo = null;
// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
if (signedDoc != null) {
@@ -259,7 +266,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // store authnResponse
// moaSession.setAuthnResponse(authnResponse);//not serializable
- moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+ moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);
String authnContextClassRef = null;
try {
@@ -335,7 +342,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
try {
- SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+ SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions()
.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
.getAuthnContextClassRef(), citizenSignature);
} catch (STORKException e) {
@@ -393,13 +400,14 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 6e0bd19ff..6eabc0538 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
@@ -128,7 +129,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { @Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String pendingRequestID = null;
setNoCachingHeaders(response);
@@ -162,7 +163,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -297,9 +298,16 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
@@ -320,7 +328,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -336,15 +344,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // extract signed doc element and citizen signature
try {
- if (authnResponse.getPersonalAttributeList().get("signedDoc") == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue() == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0) == null) {
+ if (attributeList.get("signedDoc") == null
+ || attributeList.get("signedDoc").getValue() == null
+ || attributeList.get("signedDoc").getValue().get(0) == null) {
Logger.info("STORK Response include NO signedDoc attribute!");
throw new STORKException("STORK Response include NO signedDoc attribute.");
}
- String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ String signatureInfo = attributeList.get("signedDoc").getValue().get(0);
Logger.debug("signatureInfo:" + signatureInfo);
@@ -498,7 +506,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Starting connecting SZR Gateway");
identityLink = STORKResponseProcessor.connectToSZRGateway(
- authnResponse.getPersonalAttributeList(),
+ attributeList,
oaParam.getFriendlyName(),
targetType,
null,
@@ -552,7 +560,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { moaSession.setIdentityLink(identityLink);
Logger.debug("Adding addtional STORK attributes to MOA session");
- moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+ moaSession.setStorkAttributes(attributeList);
Logger.debug("Add full STORK AuthnResponse to MOA session");
moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
@@ -606,13 +614,14 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
|